Introduction
Active Directory is a directory service that is used by organizations to store and manage information about their network resources, such as user accounts, computers, and other devices. It is a part of the Windows Server operating system and is used to manage and organize users, groups, and other resources on a network.
Active Directory uses a database to store information about network resources and to enable administrators to manage and access that information. The database is stored on a domain controller, which is a server that is responsible for managing authentication and authorization requests within the network.
Protect Your Data with BDRSuite
Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!
Learn More
To get an Active Directory successfully restored, you need key AD database files in order to get your restore completed. In this blog, let us see the required database files for AD restore.
Active Directory Database files and their role:
1. Ntds.dit:
The NTDS.dit is an active directory database that is used to store entire Active Directory – specific information. It contains all of the information about network resources and their associated attributes. This file is used by the system to authenticate users and authorize access to network resources. This file is typically stored in the \Windows\NTDS directory on a domain controller.
The NTDS.dit file on a particular domain controller contains all naming contexts hosted by that domain controller, including configuration and schema naming contexts. A Global Catalog server stores the partial naming context replicas in the Ntds.dit database, along with the full Domain naming context for its domain. Default Ntds.dit size from Server 2003 onwards is 12 MB and it can grow upto 16TB.
Normally this NTDS.dit file contains the following information:
a) Schema information:
Information that defines details about objects and attributes to be stored within Active Directory. This information is static by nature and the domain controller with the schema master FSMO role is responsible for this information within the whole forest.
b) Configuration information:
Contains data about forest and trees. The information gets changed by the Domain Controller holding Domain Naming Master FSMO role, when new domains enter the forest or domains exit the forest.
c) Domain information:
Contains object information for a domain and gets replicated to all domain controllers within a domain. Some portions of the domain information can be replicated between Global Catalog Servers (GC’s) within the forest.
To store this information it uses a database based on the Extensible Storage Engine (ESE) with three tables: the Schema table, the Link table and the Data table.
Schema Table :
Objects that can be created in the active directory, relationships between them and the optional and mandatory attributes on each type of objects. This table is static and much smaller than the data table.
Link table :
This table contains linked attributes, that is value referring to other objects in the active directory.
Data Table :
The data table contains users, group, application-specific data and any other data stored in the active directory.
Microsoft Exchange uses it to store its Private and Public Information Stores and even the DHCP and WINS databases use this particular database type. The Extensible Storage Engine (ESE) data storage technology was originally developed by Microsoft as a prospective upgrade for the JET Red database engine in Microsoft Access, but was never used in this role.
The ntds.dit file is approximately 400MB in size per 1000 users. The active directory also contains some support files. Here I have listed out the support files available in Active directory.
Edb.log
Edbxxxx.log
Edb.chk
Res1.log and Res2.log
Temp.edb
Schema.ini
2. Edb.log:
Edb.log is a transaction log. ESE is a form of transactional database which means any changes made to objects in Active Directory are first saved to a transaction log to provide fault tolerance. During non-peak times of CPU activity, the database engine commits the transactions into the main Ntds.dit database. This also ensures that the database can be recovered in the event of a system crash. Transaction log files used by the ESE are 10MB in size (Extensible Storage Engine is an Indexed Sequential Access Method (ISAM) data storage technology from Microsoft. ESE is the core of Microsoft Exchange Server and Active Directory).
3. Edbxxxxx.log:
These are auxiliary transaction logs used to store changes if the main Edb.log file gets full before it can be flushed to Ntds.dit. The xxxxx stands for a sequential number in hex. When the Edb.log file fills up, an Edbtemp.log file is opened. The original Edb.log file is renamed to Edb00001.log, and Edbtemp.log is renamed to Edb.log file, and the process starts over again. ESENT uses circular logging. Excess log files are deleted after they have been committed. You may see more than one Edbxxxxx.log file if a busy domain controller has many updates pending.
4. Edb.chk:
There is one checkpoint file named as Edb.chk, which is used by the transaction logging system to mark the point at which updates are transferred from the log files to Ntds.dit. As transactions are committed, the checkpoint moves forward in the Edb.chk file. If the system terminates abnormally, the pointer tells the system how far along a given set of commits had progressed before the termination. This allows for faster recovery.
5. Res1.log and Res2.log:
The above files are reserve log files, which act as placeholders. These two log files will be used once the disk space is fully utilized. If the hard drive fills to capacity just as the system is attempting to create an Edbxxxxx.log file, the space reserved by the Res log files is used. The system then puts a dire warning on the screen prompting you to take action to free up disk space quickly before Active Directory gets corrupted.
6. Temp.edb:
This is a scratch pad used to store information about huge amounts of transactions in progress and to hold pages pulled out of Ntds.dit during compaction.
7. Schema.ini:
This file is used to initialize the Ntds.dit during initial promotion of a domain controller in order to define the initial structure for the ntds.dit file. It is not used after that has been accomplished. This initialization file contains the information that is necessary for creating the default directory objects and the default security for the DIT. Although you can open this file like any other ASCII file there’s no great use: schema.ini is not used after the first Domain Controller was promoted. The Schema itself by that time is part of the Active Directory database file.
8. Netlogon.dit:
The Netlogon.dit file is a database file that contains information about domain controllers in an Active Directory domain. It is used by the Netlogon service to authenticate users and services in the domain. The file is typically stored in the \Windows\System32\Config directory on a domain controller and is important for the proper functioning of the domain. It should be backed up regularly to prevent data loss in the event of a server failure. In addition to storing information about domain controllers, the Netlogon.dit file may also contain other important data such as secure channel password information and trust relationship data.
BDRSuite by Vembu provides an efficient backup and recovery solution for Microsoft Windows. Try out a 30-days free trial here.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
5/5 - (1 vote)
