Active Directory Data Store

Active Directory data store, the actual database file, is %SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heartof Active Directory including user accounts. ActiveDirectory's database engine is the Extensible StorageEngine ( ESE ) which is based on the Jet database used byExchange 5.5 and WINS. The ESE has the capability to growto 16 terabytes which would be large enough for 10 millionobjects. Back to the real world. Only the Jet database canmaniuplate information within the AD datastore.The Active Directory ESE database, NTDS.DIT, consists ofthe following tables:Schema tablethe types of objects that can be created in the ActiveDirectory, relationships between them, and the optional andmandatory attributes on each type of object. This table isfairly static and much smaller than the data table.Link tablecontains linked attributes, which contain values referringto other objects in the Active Directory. Take the MemberOfattribute on a user object. That attribute contains valuesthat reference groups to which the user belongs. This isalso far smaller than the data table.Data tableusers, groups, application-specific data, and any otherdata stored in the Active Directory. The data table can bethought of as having rows where each row represents aninstance of an object such as a user, and columns whereeach column represents an attribute in the schema such asGivenName.From a different perspective, Active Directory has threetypes of dataSchema informationdefinitional details about objects and attributes that oneCAN store in the AD. Replicates to all domain controllers.Static in nature.Configuration informationconfiguration data about forest and trees. Replicates toall domain controllers. Static as your forest is.Domain informationobject information for a domain. Replicates to all domaincontrollers within a domain. The object portion becomespart of Global Catalog. The attribute values (the actualbulk of data) only replicates within the domain.Although GUIDs are unique, they are large. AD usesdistinguished name tag ( DNT ). DNT is a 4-byte DWORD valuewhich is incremented when a new object is created in thestore. The DNT represents the object's database row number.It is an example of a fixed column. Each object's parentrelationship is stored as a parent distinguished name tag (PDNT ). Resolution of parent-child relationships isoptimized because the DNT and PDNT are indexed fields inthe database.The size of ntds.dit will often be different sizes acrossthe domain controllers in a domain. Remember that ActiveDirectory is a multi-master independent model where updatesare occuring in each of the ADs with the changes being

