When I talk to administrators, network engineers about the active directory issues, errors most of the time they know how to install an active directory and how to work with in active directory environment but when I ask about terms like AD database, SYSVOL, System state most of the time I get wrong answer or incomplete answer. Most of the time engineers will not care about these until they go in to disaster recovery process of crashed active directory environment. But if you do not know the use of these and value of these you will not be able to properly plan for disaster recovery in AD environment. I have seen people who had spent thousands of dollars on backup solutions and still couldn’t recover AD in disaster as they didn’t properly backup AD with required components.
Active Directory Database
As soon as people here “database” they think about software like Microsoft SQL, MySQL, Oracle etc. because we used to deploy a “database server” first and then add the “databases” to it. But here it’s quite different. Active directory database uses the “Extensible Storage Engine (ESE)” which is an indexed and sequential access method (ISAM) database. It is uses record-oriented database architecture which provides extremely fast access to records. ESE indexes the data in the database file. This database file can grow up to 16 terabyte and hold over 2 billion records.
The default active directory database file location is C:\Windows\NTDS. This file location can easily change during the active directory installation. As a best practice it is always good if it can be save in different hard disk partition rather than operating system partition.
Let’s look in to the files in the folder and use of them.
Ntds.dit – This is the physical active directory database file. This is where all the active directory data stored. It holds domain info, schema info and configuration info. Mainly it contain 3 tables.
1) Link table
2) Data table
3) Security Depositor table
Edb.log – in here we can see the few log files starts with edb*. Each of them are 10mb or less in size. It is the transaction log maintain by system to store the directory transaction before write in to the database file.
Edb.chk – it is the file to keep track of data transaction committed in to database from log files (Edb*.log).
Temp.edb – This is used during the active directory database maintenance to hold data and also to store info about large in-progress AD data transactions.
Res1.log and Res2.log – Even we can’t see it in this example this is a file type which will store log entries if edb.log file full.
SYSVOL is a shared folder which contains files which is common for the domain. This share will be created automatically when set up the DC. The default file location is C:\Windows\SYSVOL but it can be change during the DC setup.
Let’s see what sort of data sysvol folder will have.
Group Policies – Group policies will use to manage user and computers based on company requirements. It can be to control computer application, security, network behaviors etc. Those will apply to computer accounts when those are restarted and connect to the domain. User policies will apply when they log in to domain computers.
Login Scripts – It also used to store login scripts for the domain users. Those are load when users log in to domain computer. It can be batch file, PowerShell script or vbscript.
Staging folders – This is used to sync data and files between domain controllers.
File system junctions – an isolated location in hard disk which refers to the data located in different partition, or different storage device.
All most all backup solution allows you to backup “system states” in windows environment. When I ask some engineers “how you backup dc?” most of them says you need to backup system state. But how many of you know what exactly system state have?
It includes the following list of files and data.
Active Directory DC Database file (ntds.dit)
SYSVOL folder and its files
DLL cache folder
COM+ and WMI info
Cluster service info
Windows Resource Protection system files
So if you looking to backup domain controller you need to back up the system state. The size of the system state backup depend of the size of the above files and folders.
In this article I was trying to explain what active directory database, sysvol and system state terms means. If you have any question feel free to contact me on email@example.com