Introduction to Administering the Active Directory Database Updated: March 2, 2005 Applies To: Windows Server 2003, Windows

Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Active Directory is stored in the Ntds.dit database file. In addition to this file, the directory uses log files, which store transactions prior to committing them to the database file. For best performance, store the log files and the database on separate hard drives. The Active Directory database is a self-maintained system and requires no daily maintenance, other than regular backup, during ordinary operation. However, it may need to be managed if the following conditions occur:
y y y

Low disk space Pending or current hardware failure A need to recover physical space following bulk deletion or removal of the global catalog

Monitor free disk space on the partition or partitions that store the directory database and logs. The following are the recommended parameters for free space:
y

Ntds.dit partition: The greater of 20 percent of the Ntds.dit file size or 500 megabytes (MB). Log file partition: The greater of 20 percent of the combined log files size or 500 MB. Ntds.dit and logs on the same volume: The greater of 1 gigabyte (GB) or 20 percent of the combined Ntds.dit and log files sizes.

y y

During ordinary operation, the customer will delete objects from Active Directory. When an object is deleted, it results in white space (or unused space) being created in the database. On a regular basis, the database will consolidate this white space through a process called defragmentation, and this white space will be reused when new objects are added (without adding any size to the file itself). This automatic online defragmentation redistributes and retains white space for use by the database, but does not release it to the file system. Therefore, the database size does not shrink, even though objects might be deleted. In cases where the data is decreased significantly, such as when the global catalog is removed from a domain controller, white space is not automatically returned to the file system. Although this condition does not affect database operation, it does result in large amounts of white space in the database. You can use offline defragmentation to decrease the size of the database file by returning white space from the database file to the file system.

Managing the Active Directory database also allows you to upgrade or replace the disk on which the database or log files are stored or to move the files to a different location, either permanently or temporarily. Prior to performing any procedures that affect the directory database, be sure that you have a current system state backup. For information about performing system state backup, see Back up system state. To manage the database file itself, you must take the domain controller offline by restarting in Directory Services Restore Mode, and then use Ntdsutil.exe to manage the file. Note NTFS disk compression is not supported for the database and log files.

Introduction to Administering the Active Directory Database Updated: March 2, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Active Directory is stored in the Ntds.dit database file. In addition to this file, the directory uses log files, which store transactions prior to committing them to the database file. For best performance, store the log files and the database on separate hard drives. The Active Directory database is a self-maintained system and requires no daily maintenance, other than regular backup, during ordinary operation. However, it may need to be managed if the following conditions occur:
y y y

Low disk space Pending or current hardware failure A need to recover physical space following bulk deletion or removal of the global catalog

Monitor free disk space on the partition or partitions that store the directory database and logs. The following are the recommended parameters for free space:
y

Ntds.dit partition: The greater of 20 percent of the Ntds.dit file size or 500 megabytes (MB). Log file partition: The greater of 20 percent of the combined log files size or 500 MB.

Ntds.dit and logs on the same volume: The greater of 1 gigabyte (GB) or 20 percent of the combined Ntds.dit and log files sizes.

During ordinary operation, the customer will delete objects from Active Directory. When an object is deleted, it results in white space (or unused space) being created in the database. On a regular basis, the database will consolidate this white space through a process called defragmentation, and this white space will be reused when new objects are added (without adding any size to the file itself). This automatic online defragmentation redistributes and retains white space for use by the database, but does not release it to the file system. Therefore, the database size does not shrink, even though objects might be deleted. In cases where the data is decreased significantly, such as when the global catalog is removed from a domain controller, white space is not automatically returned to the file system. Although this condition does not affect database operation, it does result in large amounts of white space in the database. You can use offline defragmentation to decrease the size of the database file by returning white space from the database file to the file system. Managing the Active Directory database also allows you to upgrade or replace the disk on which the database or log files are stored or to move the files to a different location, either permanently or temporarily. Prior to performing any procedures that affect the directory database, be sure that you have a current system state backup. For information about performing system state backup, see Back up system state. To manage the database file itself, you must take the domain controller offline by restarting in Directory Services Restore Mode, and then use Ntdsutil.exe to manage the file. Note NTFS disk compression is not supported for the database and log files.

The Active Directory database is logically separated into directory partitions:

y y y y

Schema partition Configuration partition Domain partition Application partition

Each partition is a unit of replication and each partition has its own replication topology. Replication occurs between directory partition replicas. Minimum two directory partitions are common among all domain controllers in the same forest: the schema and configuration

partitions. Additionally, all domain controllers that are in the same domain share a common domain partition.

Schema Partition
Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. It contains definitions of all objects and attributes that can be created in the directory, and the rules for creating and manipulating them. Schema information is replicated to all domain controllers in the attribute definitions.

Configuration Partition
There is only one configuration partition per forest. Second on all domain controllers in a forest, the configuration partition contains information about the forest-wide active directory structure including what domains and sites exist, which domain controllers exist in each forest, and which services are available. Configuration information is replicated to all domain controllers in a forest.

Domain Partition
Many domain partitions can exist per forest. Domain partitions are stored on each domain controller in a given domain. A domain partition contains information about users, groups, computers, and organizational units. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values.

Application Partition
Application partitions store information about applications in Active Directory. Each application determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication to specific application partitions, users can designate which domain controllers in a forest host specific application partitions. Unlike a domain partition, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog. As an example of application partition, if a Domain Name System (DNS) that is integrated with Active Directory is used, there are two application partitions for DNS zones ForestDNSZones and DomainDNSZones:

ForestDNSZones is part of a forest. All domain controllers and DNS servers in a forest receive a replica of this partition. A forest-wide application partition stores the forest zone data. DomainDNSZones are unique for each domain. All domain controllers that are DNS servers in that domain receive a replica of this partition. The application partitions store the domain DNS zone in the DomainDNSZones<domain name>.

Each domain has a DomainDNSZones partition, but there is only one ForestDNSZones partition. No DNS data is replicated to the global catalog server.