Active Directory Database

Whatever objects and services configured are stored in AD database.

AD database is saved in a file called NTDS.DIT and file location on any server is given below,


NTDS.DIT - New Technology Directory Services. Directory Information Tree


Logical Partitions of NTDS.DIT file

NTDS.DIT file is logically divided into four partitions.

1. Schema partition

2. Configuration partition

3. Domain partition

4. Application partition


It is a set of rules schema defines AD, it is of 2 parts classes & attributes.

The ad is constructed with the help of classes and attributes.


1. Schema:

Logical partition in AD database and is a “template” for AD database.

Forms the database structures in which data is stored.



Protected by ACL (Access Control Lists)

• Directory Access Control List (DACL)    

• System Access Control List (SACL)

One schema for AD forest.

An object class is a component of Active Directory schema which defines the “type” for an object or in other words it defines the set of mandatory and optional attributes an object can have.

A piece of information about the object is called attribute.


2. Configuration Partition:

It is aLogical partition in AD database.

“map” of AD implementation

Contains information used for replication logon searches.

DomainsNot getting what domains?

It talks about Trust relationships between 2 domains.    

♦ In Active Directory, when two domains trust each other or a trust relationship exists between the domains, the users and computers in one domain can access resources residing in the other domain.

Sites& site links

Subnets configuration information.

♦ In active directory based infrastructure setup, “Domain” represents the logical topology while “Sites and Subnets” represent the physical topology.

Domain controller locations.


3. Domain Partition:

It is collections of users, computers, groups etc.

Represents the units of replication.

Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain.

DCs do not replicate domain partition information for other domains

♦This point and its above points seem confusing to me.


4. Application Partition:

It is a newly added partition in win2003. It can be added or removed.

It can be replicated only to the specified DCs.

Useful when we are using AD integrated services like DNS, TAPI services...


Tel me about Active Directory Database and list the Active Directory Database files? 





Res1.log and Res2.log

All AD changes didn’t write directly to NTDS.DIT database file first writes to EDB.Log and from the log file to the database, EDB.Che used to track the database update from the log file, to know what changes are copied to database file.


NTDS.DIT: NTDS.DIT is the AD database and store all AD objects, Default location is the %system root%\nrds\nrds.dit, Active Directory database engine is the extensible storage engine which us based on the Jet database


EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log where num is the increasing number starting from 1, like EDB1.Log


EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to database file this indicate the starting point from which data is to be recovered from the log file in case if failure


Res1.log and Res2.log: Res is reserved transaction log file which provides the transaction log file enough time to shutdown if the disk didn’t have enough space


Topics Summary