Windows Server Troubleshooting - Active Directory

Click here to start saving with ING DIRECT!

Home | Methodology | Architecture | Tools | Memory | Processor | Registry | File System | Network | Active Directory | Contents

Get the Book

Major Topics
Other Topics
File System
Active Directory
More Detail
Garbage Collection
Distinguished Name
Restore the AD
Log Files
Global Catalog

eXpert Genealogy

Memory from

2003-2006 Team Approach Limited
All rights reserved

The Active Directory is the database which stores administration information for a Windows enterprise network. The most common records accessed in the AD database are the user objects, but other records include computer objects and shared resources like printer objects. The AD database is critical for the operation of a Windows network because it is central to security system and to the users ability to locate resources in the network.

It is intended that this database runs on a network without the need for database expertise from a database administrator. The AD database is complicated by two important characteristics;

  • Distributed - to provide efficient access in a wide area network
    • Information need not be stored in one place. The database is partitioned into domains so that European user information can be stored only in European servers and American user information can be stored only in American servers.
  • Replicated - to provide fault tolerance for the failure of a domain controller
    • Enterprise and Domain information can be duplicated on as many servers as necessary to provide reliability.

Windows includes a number of utilities to assist in troubleshooting problems with the Active Directory.

AD Components

A domain is a collection of servers, computers, users and other objects. Each domain contains one or more DC Domain Controllers that contain the AD database. All domain controllers in a domain get a copy of this database through a process known as replication. Windows NT only allowed database updates on one domain controller identified as the PDC Primary Domain Controller. The Active Directory supports updates on any domain controller and copies the updates to all other domain controllers through a process known as multimaster replication.

The components of the AD database are visible in the ADSIEdit support tool. Each component is replicated separately and is known as a naming context. Each domain controller stores its own domain directory, the schema, and the configuration naming contexts.

  • Each domain has a domain directory to store administrative information for users, computers, printers, etc.
  • The schema defines each object type and their attributes. Each object definition is an object class. Objects created in the directory are an instance of the object class.
  • The configuration data defines domains, domain controllers, trusts, sites, replication topology, etc.

The AD database is stored under %systemroot% in a file called NTDS.DIT. DIT stands for Directory Information Tree.

Global Catalog

The Active Directory is the collection of all of the domain directories (partitions) that are stored on different domain controllers. The GC Global Catalog combines the important attributes of all of the objects in all of the domain directories. That is to say, the global catalog contains a partial replica of all objects with the Active Directory.

The Global Catalog is used to resolve universal group membership and UPNs and therefore is required at user logon.

The first DC created automatically contains a GC. Use the Active Directory Sites and Services console to define additional GCs. Each site should have a global catalog server.

Schema Management

The schema can be can be viewed and changed with the MMC Schema Management snap-in. By default, this snap-in is not available until it is registered with the command
Under normal circumstances, there is no reason to change the schema with the MMC snap-in. The default schema installed with Windows is appropriate and sufficient for the vast majority of networks. The installation program for Exchange automatically updates the schema to support Exchange. The schema should only be changed to support software that is designed to store information in the AD. The software installation setup program should automatically update the schema if necessary. The MMC snap-in should only make changes to correct setup errors.

Be cautious about making any schema changes, because schema changes must be replicated to every domain controller in the enterprise.

FSMO Flexible Single Master Operation

Multimaster replication is used to replicate the main domain database. This means that there is no central point of failure. The Active Directory provides normal functionality even if a domain controller is offline.

There are five special operations that are handled by a single master which holds the FSMO Flexible Single Master Operation role. These FSMO roles Two role are for the entire enterprise and the other three roles must be provided in each domain.

  • Forest-wide for the entire enterprise
    • Schema master handles schema changes
    • Domain naming master checks names when creating new domains
  • Domain-wide within each domain
    • RID pool master manages the allocation of domain SID numbers to ensure that they are unique.
    • PDC emulator emulates an NT 4 Primary Domain Controller
    • Infrastructure master, maintains cross-domain links

Creating a New AD Forest

There are a number of initialization operations that are performed when creating a new Active Directory forest and domain.

The first domain in the forest is the root domain
The first DC in a forest
  • Creates the schema and configuration name contexts
  • Is a Global Catalog server
  • Becomes the schema master and the domain naming master
  • Create the Default-First-Site-Name site
  • Create the DEFAULTIPSITELINK inter-site link
The first DC in a domain
  • Creates the domain naming context
  • Becomes the PDC Emulator, Infrastructure, and RID masters
  • Creates trust relationship
  • Creates domain group policy object
  • Registers the domain in the configuration name context

AD Architecture

The Active Directory is accessible through different formats.

  • LDAP is a network protocol
  • ADSI is an application programming interface
  • Domain controllers replicate information to other domain controllers
  • SAM provides compatible access to NT domain controllers
  • MAPI Messaging Application Programming Interface provides e-mail client access

The AD components are shown in the following diagram.

LDAP/ADSI   Replication   NT SAM   Outlook
DSA Directory System Agent presents view of tree heirarchy
Database Abstration Layer stores data in tables
Extensible Storage Engine allocates storage to objects
NTFS database file NTDS.DIT

The Active Directory is stored in a file called %SystemRoot%\NTDS\NTDS.DIT. Data integrity is maintained by recording updates into transaction and checkpoint logs. These log files are in %SystemRoot%\NTDS and are called edb.log and edb.chk. In addition, there are two space reservation files called res1.log and res2.log.

AD Fragmentation

Database activity with the Active Directory causes fragmentation. Defragmentation is automatically scheduled. Although the automatic defragmentation is probably sufficient, it can be manually started with NTDSUTIL. As the Active Directory grows, more disk space will be automatically added to NTDS.DIT. If you delete information from the Active Directory, the NTDS.DIT stays the same size. System logic assumes that the space will be needed for the Active Directory in the future.  The automatic defragmentation does not recover disk space within NTDS.DIT.

If a large amount of information with the Active Directory is deleted, you can recover the unused disk space by performing an offline defragmentation. This requires that the server be restarted in Directory Service Restore mode and then NTDSUTIL can be used to initiate a defragmentation. In this mode unused disk space will re recovered and the NTDS.DIT file will be smaller.