What is Active Directory Schema, Trust, and Partitions or Naming Context?

Active Directory Schema

Schema is a combination of Active Directory and is a collection of object classes and attributes. The active directory services use objects as a data storage unit either it is user, computer, printer, or a folder and what objects will be created in our Active directory are defined in Active directory schema which acts as a master document.

Which means if a user or printer can be created then it is defined in the schema and what would be their attributes such as first name last name login hours, all these are defined in schema. Attributes can be divided into two parts such as required attributes as without logon name a user cannot exist.

But you can leave empty last name, designation, etc these are the optional attributes. When any data or query comes to Active Directory related to objects then AD consuls this with schema and if the schema has a definition for that subject means it can be created and what would be its attributes and according to the defined attributes in schema the object is created.

Also Read about

How to do DHCP server role installation and configuration?

What is Windows Server Active Directory and its uses and benefits?

Features of Active Directory and its LogicalStructure

Active Directory Trust

Suppose we have a forest engineer.com and the forest has multiple child domains. Trust is a way in which users of one domain can use the resources of other domains like printers, computers, or other resources. So there should be a Trust relationship between two domains if they want to communicate with each other. 

Some trust relationships are created automatically but some are created by the administrators. Trust relationships allows administrators from a particular domain to grant access to their domain's resources for users in other domains. These trust relationship can be made between multiple forests and even with the older versions of Microsoft server 2003 or 2000. The trusts that AD creates are of various types such as

ü  Parent-Child Trust (Transitive Trust, Two way)
ü  Tree Root Trust (Transitive Trust, Two way)
ü  Shortcut Trust (Non-Transitive Trust, One way)
ü  External Trust (Non-Transitive Trust, One way)- Among two different organizations
ü  Cross Forest Trust (Transitive, Two way)
ü  Realm Trust (Non-Transitive Trust, One way) -Among Microsoft and Unix.

The above fig shows the best explanation of Trust relationship.

Suppose in  figure A have a trust on B and B have a trust relationship on C then C automatically have a trust on A so this type of relationship is called Transitive Trust. The trust relationship between forests require one thing that both the forests should have the functional level 2003 or 2008 or higher.

Active Directory Partitions or Naming Context

  Active Directory part ions or naming context divides the active directory in multiple partitions. These are also known as Active directory naming contexts (NCs). To enhance the efficiency of the AD, ntds. dit file is divided into some parts or partitions and every domain controller will have the details of these partitions means the domain controllers which have a copy of ntds.dit (Divided in three partitions) file in which AD is stored.
    The first partition is known as The Schema Partition or Schema NC which contains the rules and definitions that are used for the creation and modification of object classes and attributes within the AD and this partition  information is replicated on every domain controller in the forest so that by following the same attributes they can create the same objects.

  The second partition is known as The Configuration Partition or Configuration NC which Contains the information regarding to the physical topology of the network, as well as other configuration data that must be replicated throughout the forest.

  The third partition is known as The Domain Partition or Domain NC which consists of users, computers, and other resources information for a particular AD domain and this information is replicated within the domain controller on all the domains.

  And beginning from window server 2003 AD also includes a fourth type of partition type which is known as Application partition. Application partition or Application NCs provide the fine control to the administrator in the network and help the administrator that where the information will be flow or replicate in a domain or forest which results in greater flexibility and better control over replication performance.

Post a Comment