What database Active directory contains?
- 5 Answers
- 21711 Views
- HP, IBM, Infosys, Infotech, Symantec, I also Faced
- E-Mail Answers
Answer Posted / ashok
Active Directory data store, the actual database file, is %
SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heart
of Active Directory including user accounts. Active
Directory's database engine is the Extensible Storage
Engine ( ESE ) which is based on the Jet database used by
Exchange 5.5 and WINS. The ESE has the capability to grow
to 16 terabytes which would be large enough for 10 million
objects. Back to the real world. Only the Jet database can
maniuplate information within the AD datastore.
The Active Directory ESE database, NTDS.DIT, consists of
the following tables:
Schema table
the types of objects that can be created in the Active
Directory, relationships between them, and the optional and
mandatory attributes on each type of object. This table is
fairly static and much smaller than the data table.
Link table
contains linked attributes, which contain values referring
to other objects in the Active Directory. Take the MemberOf
attribute on a user object. That attribute contains values
that reference groups to which the user belongs. This is
also far smaller than the data table.
Data table
users, groups, application-specific data, and any other
data stored in the Active Directory. The data table can be
thought of as having rows where each row represents an
instance of an object such as a user, and columns where
each column represents an attribute in the schema such as
GivenName.
From a different perspective, Active Directory has three
types of data
Schema information
definitional details about objects and attributes that one
CAN store in the AD. Replicates to all domain controllers.
Static in nature.
Configuration information
configuration data about forest and trees. Replicates to
all domain controllers. Static as your forest is.
Domain information
object information for a domain. Replicates to all domain
controllers within a domain. The object portion becomes
part of Global Catalog. The attribute values (the actual
bulk of data) only replicates within the domain.
Although GUIDs are unique, they are large. AD uses
distinguished name tag ( DNT ). DNT is a 4-byte DWORD value
which is incremented when a new object is created in the
store. The DNT represents the object's database row number.
It is an example of a fixed column. Each object's parent
relationship is stored as a parent distinguished name tag (
PDNT ). Resolution of parent-child relationships is
optimized because the DNT and PDNT are indexed fields in
the database.
The size of ntds.dit will often be different sizes across
the domain controllers in a domain. Remember that Active
Directory is a multi-master independent model where updates
are occuring in each of the ADs with the changes being
replicated over time to the other domain controllers. The
changed data is replicated between domain controllers, not
the database, so there is no guarantee that the files are
going to be the same size across all domain controllers.
Active Directory routinely performs online database
defragmentation, but this is limited to the disposal of
tombstoned objects. The database file cannot be compacted
while Active Directory is mounted. An ntds.dit file that
has been defragmented offline ( compacted ), can be much
smaller than the ntds.dit file on its peers. To defrag
ntds.dit offline
| Is This Answer Correct ? | 24 Yes | 1 No |
Post New Answer View All Answers
How does network security work?
What is adware?
What is frame relay, in which layer it comes
What is the difference between a virus and malware?
Explain what are all the technical steps involved when the data transmission from server via router?
explain what is meant by port blocking within lan?
What are the different type of networking / internetworking devices
What does cia stand for in security management?
What is difference between baseband and broadband transmission
What is the difference between ripv1 & ripv2?
explain how do we do authentication with message digest(md5)? (Usually md is used for finding tampering of data)
What are the types of phishing attacks?
What are worms?
Can you give me some ransomware variants?
What is terminal emulation, in which layer it comes
