Windows 2000 active directory replaced Windows NT 4. 0 Security Account Manager Database, providing not only increased functionality and scalability, but also enhanced security through more-granular levels of permissions, sophisticated encryption, and two-way, resilient authentication protocol (with Kerberos).
With the Windows 2003 platform, Microsoft takes full advantage of these features by allowing more flexibility in the way Active Directory information is partitioned and replicated. Starting with Windows 2000, Active Directory has been divided into three ‘logical’ partitions (physically residing in the NTD S. DIT file on each domain controller) — domain, configuration, and schema.
The domain partitions store information specific to each domain (accessible primarily via Active Directory users and computers) and shared among all domain controllers in the same domain (partially replicated to all Global Catalogs in the forest).
The configuration partition contains forest-wide information (accessible primarily via Active Directory sites and services) and is shared among all domain controllers in the forest. The schema partition consists of definitions of all objects and their properties that can exist in the other two partitions; it is also shared forest-wide. This mechanism for partitioning Active Directory data has been extended in Windows 2003 domains by the introduction of the application partition. Several features differentiate it from its three older counterparts: Most importantly, application partitions are intended for custom, Windows 2003 Active-Directory-aware applications. Although they are typically created by such applications, you can also experiment with application partitions using the NTDSUTIL command line utility.
The Active Directory is the service of catalogues included in system Server Windows 2000. It expands opportunities of catalogues existing before services on base Windows and adds completely new opportunities. The service of catalogues the Active Directory provides safety, distribution and an opportunity of splitting into sections. It is designed for installation in system of any size - from a ...
For example, you can create your custom application partition with the following steps: After typing NTDSUTIL at the command prompt, you will be presented with prompt. Start by typing domain management. (Typing? lists available commands. ) To proceed, you must establish a connection to one of existing domain controllers. This is done from the connection context, which is accessed by typing connection at the domain management prompt. Next, type in connect to server dc name, where dc name is the name of the domain controller to which you intend to connect.
You can also provide alternate credentials if you do not want to use the same account you are logged on as. Once a connection is established, type quit to return to domain management context. Type create nc partition name dc name where partition name and dc name are, respectively, the names of the application partition and the domain controller hosting it. The application directory partition is expressed in the fully qualified notation.
For example, an application partition called app-one. server watch. com would take the form dc = app-one, dc = server watch, dc = com. You can also create additional replicas of the partition created on another domain controller with the add nc partition name dc name command, substituting the name of this domain controller in place of dc name. Note that removing replicas is equally straightforward with the remove nc partition name dc name command. Existing partitions (including non-application partitions) can be listed with the list command available from the domain management context of the NTDSUTIL tool.
The scope of an application partition can be customized (i. e. , the scope is not limited to entire forest or entire domain).
... installing a Message Queuing server with routing enabled on a non? domain controller, you must have permission to create the applicable server object that represents ... the applications that failed.Target Must Be as Large as the Original Backup Drive You must perform the restore operation on partitions that ...
This is concluded based on the process described above; creating application partitions with NTDSUTIL requires designating individual domain controllers that will store its replica. This lowers the amount of replication traffic, while still preserving fault tolerance and load balancing (with at least two replicas present).
Replication is also minimized because application partitions are not replicated to Global Catalogs.
Just as with other partitions, replication is managed automatically by the Knowledge Consistency Checker process. Active Directory can contain multiple instances of active directory partitions. The naming is arbitrary, although it does impact the location of the partition in the DNS name space and security descriptor reference domain used to determine the domain whose administrative groups will have permissions to manage the partition. For example, an application partition called app-one. server watch. com references the security descriptor of the server watch.
com domain (hence, its administrators, by default, will be able to manage it).
Application partitions cannot contain security principals (users, computers, or groups).
Even though you cannot view the content of application partitions with ADSI Edit (which is typically used to gain read / write access to the other three types of partitions), you can use the LDP utility for this purpose. Both tools are part of the Windows Support Tools included with the installation CD..