Active Directory : Behind the Directory
Hi Friends, As you know Active Directory is the main database for Centralized Administration of Enterprise Environment, i want to share something with you about this extra-ordinary directory service.
- Active Directory will be installed on a stand alone Windows Server 2000/2003/2008 operating systems when we run dcpromo command. It is an integrated module which resides hidden until we run dcpromo.
- Active Directory stores all most all information about an enterprise. Which includes user accounts, computer accounts, user groups, group policies, shared folders, network printers, etc. All this information is stored in the Active Directory Database. The files associated with the Active Directory database are located under C:\Windows\NTDS and the files are as follows…
Active Directory Files
This is the main file for Active Directory. All the AD information will be stored in this file.
When a change is triggered to AD database, first the information will be written to this file, and the same will be then written to ntds.dit. The AD performance depends on how fast the updates will be transferred from edb.log to ntds.dit
res1.log & res2.log
Initial size of these files will be 10MB each, used as reserved space for AD updates, in case of Low disk space issues the same files will be used to save the AD updates.
The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit) during shutdown. A "shutdown" statement is written to the edb.chk file when we shutdown the AD server. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD will use the edb.log file to update the AD database.
temp.edb This is a scratch pad used to store information about in-progress transactions and to hold pages pulled out of Ntds.dit during compaction.
The file extension .DIT stands for Directory Information Tree.
The file extension .CHK stands for Check Point file.
- If the DNS is Active Directory Integrated, its data is also stored with AD Database.
- Using System State option in NTBACKUP we can take the back up of Active Directory.
- When we promote the secondary domain controller and when we do that all this data from these files will be replicated to its database.
- Active Directory uses Kerberos Authentication.
- LDAP(Light Weight Directory Access Protocol) is the Protocol used to query the Network Directories like Active Directory. It uses port number TCP 389 to query AD.
- In Windows 2008 Active Directory comes as a Service, to avoid reboot dependency.
- AD Users and Computers, AD Sites and Services & AD Domains and Trusts are the three consoles which are used to maintain AD database in GUI.