Directory Partitions
The Active Directory database is logically separated into directory partitions:
- Schema partition
- Configuration partition
- Domain partition
- Application partition
Each partition is a unit of replication and each partition has its own replication topology. Replication occurs between directory partition replicas. Minimum two directory partitions are common among all domain controllers in the same forest: the schema and configuration partitions. Additionally, all domain controllers that are in the same domain share a common domain partition.
Schema Partition
Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. It contains definitions of all objects and attributes that can be created in the directory, and the rules for creating and manipulating them. Schema information is replicated to all domain controllers in the attribute definitions.
Configuration Partition
There is only one configuration partition per forest. Second on all domain controllers in a forest, the configuration partition contains information about the forest-wide active directory structure including what domains and sites exist, which domain controllers exist in each forest, and which services are available. Configuration information is replicated to all domain controllers in a forest.
Domain Partition
Many domain partitions can exist per forest. Domain partitions are stored on each domain controller in a given domain. A domain partition contains information about users, groups, computers, and organizational units. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values.
Application Partition
Application partitions store information about applications in Active Directory. Each application determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication to specific application partitions, users can designate which domain controllers in a forest host specific application partitions. Unlike a domain partition, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog.
As an example of application partition, if a Domain Name System (DNS) that is integrated with Active Directory is used, there are two application partitions for DNS zones – ForestDNSZones and DomainDNSZones:
- ForestDNSZones is part of a forest. All domain controllers and DNS servers in a forest receive a replica of this partition. A forest-wide application partition stores the forest zone data.
- DomainDNSZones are unique for each domain. All domain controllers that are DNS servers in that domain receive a replica of this partition. The application partitions store the domain DNS zone in the DomainDNSZones<domain name>.
Each domain has a DomainDNSZones partition, but there is only one ForestDNSZones partition. No DNS data is replicated to the global catalog server.
|
|
Comments (7)
Leave a Reply
- Physical Structure of Active Directory
In comparison to the logical structure, which performs administrative tasks, the Active Directory physical structure checks when and where logon and replication traffic occurs. The physical structure of Active Directory contains all the physical subnets present in your network like domain controllers and replication between domain controllers. The physical structure of Active Directory: Domain Controllers: [...]...
- Replication Topology in Active Directory
Replication Topology is the route by which replication data travels throughout a network. Replication occurs between two domain controllers at a time. Over time, replication synchronizes information in Active Directory for an entire forest of domain controllers. To create a replication topology active directory must determine which domain controller's replicate data with other domain controllers. [...]...
- Tree and Forest in Active Directory
The Domain is the core unit of logical structure in Active Directory. All objects that share a common directory database and trust relationship with other domain and security policies are known as Domains. Each domain stores information only about the objects that belong to that domain. All security polices and settings, such as administrative rights, [...]...
- Global Catalog in Active Directory
Domains and Forests can also share resources available in active directory. These resources are searched by Global Catalog across domains and forests and this search is transparent to user. For example, if you make a search for all of the printers in a forest, this search goes to global catalog server for its query and [...]...
- Active Directory Operations Masters
When a change is made to a domain, the change is replicated across all of the domain controllers in the domain. Some changes, such as those made to the schema, are replicated across all of the domains in the forest. This replication is called multimaster replication. But few changes are practically not possible to perform [...]...
For which version of Windows serveur does apply this post? What is the date of publication?
Some very usefull information is missing
Originally posted by osef: “For which version of Windows serveur does apply this post? What is the date of publication?
Some very usefull information is missing”
It was published in February 2nd 2009.
These are the Good notes about
Directory Partitions
This are superb explaination and i have become very clear conceptually.
Very well explanation easy to understand.
Thanks a lot. But should the last phrase look like “No DNS data is replicated to the global catalog” (word “server” omitted) ? It then takes rather different sense.
great notes, couldnt have seid it better myself