Active Directory Partitions
المحاضر : المهندسة عبير حسني
شرح Active Directory بالعربي
لمتابعة شرح شهادات مايكروسوفت بالعربي إضغط هنا
Active Directory (AD) isn’t just one big bucket of data. To handle massive amounts of information and replicate it efficiently across different servers, AD breaks its database (the Ntds.dit file) into logical chunks called partitions (or Naming Contexts).
Think of it like a filing cabinet: instead of one giant drawer, you have several labeled drawers, each containing specific types of files and governed by different rules for who gets a copy.
The 5 Core AD Partitions
Every domain controller (DC) in a forest holds at least four of these partitions.
1. Schema Partition
This is the “blueprints” for the entire forest. It defines every object class (like “User” or “Computer”) and every attribute (like “Phone Number” or “Email”) that can exist in AD.
-
Scope: Forest-wide (every DC in every domain has the exact same copy).
-
Replication: Any change here replicates to every single DC in the forest.
-
Management: Only the Schema Master FSMO role holder can write to it.
2. Configuration Partition
This contains the physical layout of your network. It stores information about sites, subnets, services, and which DCs belong to which sites.
-
Scope: Forest-wide.
-
Replication: Replicates to every DC in the forest.
-
Key Info: If you want to know which DC is in the “London” site, you look here.
3. Domain Partition
This is where the “real” work happens. It contains the actual objects you interact with daily: users, groups, computers, and OUs.
-
Scope: Domain-wide.
-
Replication: Only replicates to DCs within that specific domain.
-
Note: This is why a DC in
uk.example.comdoesn’t automatically know the passwords for users inus.example.com.
4. Application Partition
These are optional partitions created by applications (like DNS or TMG) to store their data. The most common ones are the ForestDNSZones and DomainDNSZones.
-
Scope: Configurable.
-
Benefit: They allow you to control exactly which DCs receive the data, reducing unnecessary replication traffic.
5. Global Catalog (GC)
While not a “partition” in the strictest structural sense, it’s a special partial copy of all objects in the forest.
-
Function: It holds a read-only subset of attributes (like Display Name and SamAccountName) for every object in the entire forest.
-
Purpose: Allows a user in one domain to find a user in another domain without searching every DC in the company.
Comparison Table
| Partition | Scope | What it Stores | Replication Frequency |
| Schema | Forest | Rules, Object Classes, Attributes | Rare (only on updates) |
| Configuration | Forest | Sites, Subnets, Replication Links | Moderate |
| Domain | Domain | Users, Groups, Computers, OUs | High (daily changes) |
| Application | Custom | DNS Records, App-specific data | High (DNS updates) |
للحصول على مئات الكورسات المجانية إضغط هنا
You may also like
Flexible Single Master Operations (FSMO)
5 Ways to Access the Windows Network Connections
