The Physical Structure of Active Directory

Friday, October 28, 2011

If you have ever wondered where is active directory information stored, continue to read as this article will try to shed light on this topic. Microsoft Windows Active Directory includes both a physical component as well as a logical one. The physical component consists of a database file stored on domain controllers (DC) and the logical aspect of Active Directory consists of the various objects such as domains, forests, organizational units, etc… Before you learn about the logical components, it is very important to understand the physical.

Active Directory is primarily stored in a single database file stored on the DC. This database file, called ntds.dit, along with the services running on the DC make it possible to authenticate and authorize users and computers. This file is stored on all DCs in the %systemroot%\NTDS folder. The database file is replicated among all of the DCs in the domain so each one will have its own read/write replica, making each DC as “master” of the data. Since Active Directory 2000, the concept of the Primary Domain Controller (PDC) and Backup Domain Controller (BDC) is no longer applicable.

All of the DCs in the domain primarily provide the same service, which is authentication and authorization. However, there are specific roles that a DC can be assigned which are not served by all DCs in the organization. These roles are known as flexible single master operation roles, or FSMO for short. The FSMO roles are as follows: Domain Naming Master, Schema Master, Infrastructure Master, Operations Master, and RID Master. Aside from the FSMO roles, DCs can also act as a Global Catalog (GC) server. Starting with Windows 2008, the Read-Only Domain Controller (RODC) was introduced. The RODC is the equivalent, loosly speaking, to a BDC from a Windows NT 4.0 domain.

I hope that this information has provided you with a high level of understanding concerning the physical aspects of Active Directory. Feel free to browse through the rest of the articles on this site as we’ll dive deeper into these specific topics.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed