Directory Partitions in Active Directory
The Active Directory
database is logically separated into directory partitions:
ü
Schema partition
ü
Configuration partition
ü
Domain partition
ü
Application partition
Each partition is a
unit of replication, and each partition has its own replication topology.
Replication occurs between replicas of directory partition. Minimum two
directory partitions are common among all domain controllers in the same
forest: the schema and configuration partitions. All domain controllers which
are in the same domain, in addition, share a common domain partition.
Ø Schema
Partition :
Only one schema partition exists per forest.
The schema partition is stored on all domain controllers in a forest. The
schema partition contains definitions of all objects and attributes that you
can create in the directory, and the rules for creating and manipulating them.
Schema information is replicated to all domain controllers in the attribute
definitions.
Ø Configuration
Partition : There is
only one configuration partition per forest. Second on all domain controllers
in a forest, the configuration partition contains information about the
forest-wide active directory structure including what domains and sites exist,
which domain controllers exist in each forest, and which services are
available. Configuration information is replicated to all domain controllers in
a forest.
Ø Domain
Partition : Many
domain partitions can exist per forest. Domain partitions are stored on each
domain controller in a given domain. A domain partition contains information
about users, groups, computers and organizational units. The domain partition
is replicated to all domain controllers of that domain. All objects in every
domain partition in a forest are stored in the global catalog with only a
subset of their attribute values.
Ø Application
Partition : Application
partitions store information about application in Active Directory. Each
application determines how it stores, categorizes, and uses application
specific information. To prevent unnecessary replication to specific
application partitions, you can designate which domain controllers in a forest
host specific application partitions. Unlike a domain partitions, an
application partition cannot store security principal objects, such as user
accounts. In addition, the data in an application partition is not stored in
the global catalog.
As an example of
application partition, if you use a Domain Name System (DNS) that is integrated
with Active Directory you have two application partitions for DNS zones --
ForestDNSZones and DomainDNSZones:
·
ForestDNSZones is part
of a forest. All domain controllers and DNS servers in a forest receive a
replica of this partition. A forest-wide application partition stores the
forest zone data.
·
DomainDNSZones is unique
for each domain. All domain controllers that are DNS servers in that domain
receive a replica of this partition. The application partitions store the
domain DNS zone in the DomainDNSZones. Each
domain has a DomainDNSZones partition, but there is only one ForestDNSZones
partition. No DNS data is replicated to the global catalog server.
No comments:
Post a Comment