Active Directory Database

Active Directory Database

Active directory (AD) is a hierarchical structure created by Microsoft Windows to provide a number of network and domain services. The functions of an active directory include:

• Providing information on objects.
• Manage these objects for easy access and retrieval.
• Allows administrators to set security for the directory.

The structure of an AD is divided into two main categories:

1.  Objects

Objects fall into two broad categories; resources like printers and security principals. Security principals are objects that are assigned with security identifiers which control access and set security. Each active directory object represents a single entity (a printer, a group or a computer) and its attributes. The objects are identified by their name (ID) and attributes. The attributes associated with an object allows it to be characterized by them. Usually these settings are called as schemas. The type of schema created for a folder determines how the objects are used. For example some schemas can’t be deleted, they can only be deactivated.

2.  Forests, trees and domains

Active directories can be viewed at three different levels namely forests, trees and domains. Every object inside a common directory database is called a domain. Each domain only has the information pertaining to the object that belongs to it. A tree consists of a single or multiple domains in a name space. A forest is a collection of trees; it is the highest level structure as one can see all objects included in an active directory. To clarify this, consider the following example:

An organization has numerous users and processes. In this scenario, the entire network of end users and computers are included in forests. Within this structure lie trees that hold information on specific objects domain controllers and program system.

Active directories render an easy way to manage an enterprise’s network. An administrator can easily modify and update all end users computers with files and software by simply updating one object in a tree or a forest. Microsoft servers use these procedures to clear a person on a forest/tree and give or deny access to any user for any application. Microsoft uses trust as criteria to give or deny access. Trusts used are one way transitive.

Active directory is stored in the Ntds.dit database file. Apart from this, AD uses log files that store transactions before committing them to the DB (database) file. The AD is a self-maintained database which requires least maintenance, though it requires regular backups. Specifically, in the following mentioned conditions, the active directory needs to be managed:

• Low disk space.
• Hardware failure.
• Recovering physical space after bulk deletion.

Use defragmentation to recover the space generated from deletion. Defragmentation can be online or offline. Online defragmentation retains the space that is freed after deletion without decreasing the database size. Offline defragmentation decreases the size of the database file.

Extensible Storage Engine (ESE) is the active AD that manages all the active directory objects in the active directory database. Any data modification affects database performance, fragmentation and integrity.