Distinguished Name/directory partions
Every object in Active Directory has a distinguished name (DN) that uniquely identifies the object and contains sufficient information for a client to retrieve the object from the directory. The DN includes the name of the domain that holds the object, as well as the complete path through the container hierarchy to the object.
For example, the following DN identifies the user object Scott Cooper in the microsoft.com domain:
CN=Scott Cooper,OU=Promotions,OU=Marketing,DC=Microsoft,DC=Com
In the DN, three LDAP abbreviations, CN, OU, and DC, are used for the naming attribute. CN indicates the object’s common name, OU indicates the organizational unit name, and DC indicates the domain component name. DNs must be unique, because Active Directory does not allow duplicate DNs.
The information stored in the directory (in the Ntds.dit file) is logically partitioned into four categories. Each of these information categories is referred to as a directory partition.
A directory partition is also referred to as a naming context. These directory partitions
are the units of replication. The directory contains the following partitions:
■ Schema partition This partition defines the objects that can be created in the directory and the attributes those objects can have. This data is common to all domains in a forest and is replicated to all domain controllers in a forest.
■ Configuration partition This partition describes the logical structure of the deployment, including data such as domain structure or replication topology. This
1-22 Chapter 1 Introduction to Active Directory
data is common to all domains in a forest and is replicated to all domain controllers
in a forest.
■ Domain partition This partition describes all of the objects in a domain. This data is domain-specific and is not replicated to any other domains. However, the data is replicated to every domain controller in that domain.
■ Application Directory partition This partition stores dynamic application-specific data in Active Directory without significantly affecting network performance by enabling you to control the scope of replication and the placement of replicas. The application directory partition can contain any type of object except security principals (users, groups, and computers). Data can be explicitly rerouted to administrator-specified domain controllers within a forest in order to prevent unnecessary replication traffic, or it can be set to replicate everything to all domain controllers in the same fashion as the schema, configuration, and domain partitions.(这是Windows 2003中新增的Partition,与AD集成的DNS可以被配置为使用Application Directory partition)
A domain controller stores and replicates:
■ The schema partition data for a forest.
■ The configuration partition data for all domains in a forest.
■ The domain partition data (all directory objects and properties) for its domain. This data is replicated to additional domain controllers in the domain.
For the purpose of finding information, a partial replica containing commonly used attributes of all objects in the domain is replicated to the global catalog.
A global catalog stores and replicates:
■ The schema partition data for a forest
■ The configuration partition data for all domains in a forest
■ A partial replica containing commonly used attributes for all directory objects in the forest (replicated between global catalog servers only)
■ A full replica containing all attributes for all directory objects in the domain in which the global catalog is located
For example, the following DN identifies the user object Scott Cooper in the microsoft.com domain:
CN=Scott Cooper,OU=Promotions,OU=Marketing,DC=Microsoft,DC=Com
In the DN, three LDAP abbreviations, CN, OU, and DC, are used for the naming attribute. CN indicates the object’s common name, OU indicates the organizational unit name, and DC indicates the domain component name. DNs must be unique, because Active Directory does not allow duplicate DNs.
The information stored in the directory (in the Ntds.dit file) is logically partitioned into four categories. Each of these information categories is referred to as a directory partition.
A directory partition is also referred to as a naming context. These directory partitions
are the units of replication. The directory contains the following partitions:
■ Schema partition This partition defines the objects that can be created in the directory and the attributes those objects can have. This data is common to all domains in a forest and is replicated to all domain controllers in a forest.
■ Configuration partition This partition describes the logical structure of the deployment, including data such as domain structure or replication topology. This
1-22 Chapter 1 Introduction to Active Directory
data is common to all domains in a forest and is replicated to all domain controllers
in a forest.
■ Domain partition This partition describes all of the objects in a domain. This data is domain-specific and is not replicated to any other domains. However, the data is replicated to every domain controller in that domain.
■ Application Directory partition This partition stores dynamic application-specific data in Active Directory without significantly affecting network performance by enabling you to control the scope of replication and the placement of replicas. The application directory partition can contain any type of object except security principals (users, groups, and computers). Data can be explicitly rerouted to administrator-specified domain controllers within a forest in order to prevent unnecessary replication traffic, or it can be set to replicate everything to all domain controllers in the same fashion as the schema, configuration, and domain partitions.(这是Windows 2003中新增的Partition,与AD集成的DNS可以被配置为使用Application Directory partition)
A domain controller stores and replicates:
■ The schema partition data for a forest.
■ The configuration partition data for all domains in a forest.
■ The domain partition data (all directory objects and properties) for its domain. This data is replicated to additional domain controllers in the domain.
For the purpose of finding information, a partial replica containing commonly used attributes of all objects in the domain is replicated to the global catalog.
A global catalog stores and replicates:
■ The schema partition data for a forest
■ The configuration partition data for all domains in a forest
■ A partial replica containing commonly used attributes for all directory objects in the forest (replicated between global catalog servers only)
■ A full replica containing all attributes for all directory objects in the domain in which the global catalog is located
