Now, as we are conversant with at least about Active Directory let us peep into the core part of the database file. The database file is Active Directory is called NTDS.DIT.
A small logical story behind the name too…
Since, the database is hierarchical and represented as a tree structure in which the vertices are the directory entries and the connecting lines the parent-child relationships between the entries, thus the extension is as .DIT (Directory Information Tree) and NTDS stands for New Technology Directory Services.
Physical Structure of NTDS.DIT
Physically the file NTDS.DIT is introduced to the outer world via 2 .DLL files called Esent.dll and Ntdsa.dll. The outer world talks to the database via some Interfaces which are like LDAP, SAM, MAPI Clients and REPL.
The structure can be broken into three parts but it would be easier to understand the same if we go in a top – down approach.
1) ESE (Esent.dll) – Extensible Storage Engine: The bottom most layer and also called the heart of NTDS.dit , responsible for managing the table of records that make up the database.
Some Interesting Facts: ESE is also known as JET (Joint Engine Technology) Blue Database. It can hold up 16 TB of data. And, it works on the same Binary Tree functionality. Do you know there is another JET Database called JET Red on which Ms – Access works?
2) The next layer or the middle layer is actually a sub – layer of Ntdsa.dll is called as Database Layer: It is an API (Application Program Interface) that serves in between the database and other applications. Actually, it prevents the applications to talk directly to the database. You can say a security feature.
3) The top layer and the other sub layer of Ntdsa.dll called as Directory System Agent: It’s main function is to provide interface to the directory clients. Like LDAP interacts for search operation. MAPI client like Ms – Outlook queries the Domain Controller for authentication etc. SAM and REPL stand for Security Account Manager and Replication and would be discussed later. There are some important functions for this layer too like maintaining object attributes (commonly known as Schema), Object identity etc.
Apart form these layers there are some .log files and .chk files also but I think not a good time to discuss them in details as of now. They are mainly for transactional log files and check point files.
Now let us have a glance at the figure how it looks like:
The NTDS.dit has two main tables for storing its objects called the data table and the link table. In Windows Server 2003 a third main table was added called SD table or Security Descriptor table.
Data Table: It can be considered as a matrix like structure where the rows store the different objects and columns have the attribute or characteristics.
Example:
Name | Hair Colour | Hieght | Build |
Munna Bhai | Brown | Tall | Heavy |
Circuit | Black | Medium | Medium |
