If you have ever wondered where is active directory information stored, continue to read as this article will try to shed light on this topic. Microsoft Windows Active Directory includes both a physical component as well as a logical one.
The physical component consists of a database file stored on domain controllers (DC) and the logical aspect of Active Directory consists of the various objects such as domains, forests, organizational units, etc. Before you learn about the logical components, it is very important to understand the physical.
Active Directory is primarily stored in a single database file stored on the DC. This database file, called ntds.dit
, along with the services running on the DC makes it possible to authenticate and authorize users and computers. This file is stored on all DCs in the %systemroot%\NTDS
folder.
The database file is replicated among all of the DCs in the domain so each one will have its own read/write replica, making each DC as “master” of the data. Since Active Directory 2000, the concept of the Primary Domain Controller (PDC) and Backup Domain Controller (BDC) is no longer applicable.
All of the DCs in the domain primarily provide the same service, which is authentication and authorization. However, there are specific roles that a DC can be assigned which are not served by all DCs in the organization. These roles are known as flexible single master operation roles or FSMO for short.
The FSMO roles are as follows: Domain Naming Master, Schema Master, Infrastructure Master, Operations Master, and RID Master. Aside from the FSMO roles, DCs can also act as a Global Catalog (GC) server. Starting with Windows 2008, the Read-Only Domain Controller (RODC) was introduced. The RODC is the equivalent, loosely speaking, to a BDC from a Windows NT 4.0 domain.
I hope that this information has provided you with a high level of understanding concerning the physical aspects of Active Directory.