Microsoft Active Directory as a whole is huge. There are many interconnected mechanisms run in order to let AD do what it does. There are many things in Active Directory which runs in background and we rarely come across it. Active Directory Partitions are one of them.
AD Partitions basically arrange and segregate the data as per their use and working. There are mainly four partitions, out of which three are are core and one has introduced later. All the partitions are replicated with every Domain Controllers within the Forest/Domain. Let’s have a look:
- Schema Partition: In our previous post, we have discuss that Active Directory Schema is blueprint of AD, which is combination of Class and Attribute. The same Schema related objects (classSchema, attributeSchema) are stored in Schema Partition. This partition is replicated to every Domain Controller in the entire forest.
- Configuration Partition: This partition stores all configuration related data for Active Directory, such as Replication, Topologies, Sites and other settings. This partition is also replicated to every DC in the entire forest.
- Domain Partition: This partition contains the actual objects, such as Users, Groups, Computers etc. Whatever objects we can see in Active Directory Users and Computers, everything is stored in this partition. This partition replicates with every partition within the local domain, but not in the other domains in the forest. Means if a forest DevOpsAge has two domains – India.DevOpsAge.local and US.DevOpsAge.local, both domains will have their own Domain Partitions. All DCs of India.DevOpsAge.local will have same information but it will not replicate with any DC of US.DevOpsAge.local.
- Application Partition: This partition was introduced with Windows Server 2003. This stores data related to various Services, such as DNS, LDAP etc. If your DNS is Active Directory Integrated, there will be two logical sub-partitions inside that:
- DomainDNSZones: Stores all DNS data for specific Domain. In AD Integrated DNS, this data replicates in all the domain controllers within the local domain.
- ForestDNSZones: Stores all DNS data for the entire Forest. In AD-Integrated DNS, the data replicates in the all domain controllers in all domains within that forest.
Apart for these partitions, there are one special Active Directory Partition called Global Catalog Partition. This stores all the information about available Global Catalogs (DCs) within the forest. However this is not much used.
In next post, we will practically see how to access different Active Directory Partitions. Cheers!