What are Active Directory Domain Services naming contexts
The individual sub components of the Active Directory Domain Services (AD DS) replication architecture and naming contexts (NCs) are discussed here.
Windows Active Directory is full of definitions and acronyms. Like we have in other sections of Computerguru.net we have grouped definitions together so they compliment each other and help to better understand a general concept.
What are Active Directory Domain Services naming contexts?
Active Directory Domain Services (AD DS) naming contexts (NCs), also called partitions, are a contiguous sub-tree of the directory that is a unit of replication.
In the Active Directory each domain controller always holds at least three NC replicas: 1) Schema, 2) Configuration, and 3) Domain naming context
1) The schema naming context defines types of objects and attributes of those objects that can be created stored in the AD DS, and as well as the rules for creating and manipulating them.
Schema information is replicated to all domain controllers in the forest. Unlike other NCs, the schema NC is only writeable on the domain controller holding the Schema Master role.
2) The configuration naming context is the container in Active Directory that specifies the configuration of the forest. Specifies such things as partitions, sites, servers, display specifiers, services, physical locations, well-known security principals, and forest updates.
All enterprise domain controllers need this information to make operational decisions so it is replicated to every domain controller in the forest.
3) Domain naming contexts contain the actual objects in the directory such as users, groups, computers, and organizational units. A full domain naming context replica contains a writeable replica of all information in the domain including all objects and their attributes.
A domain controller (DC) holds a full replica of its domain naming context. A partial domain naming context replica contains a read-only subset of the information in the domain, all objects, but only selected attributes. These attributes are collectively known as the Partial Attribute Set (PAS).
What is a forest?
The term forest describes a collection of Active Directory trees that share a Configuration container and Schema and are connected through trusts. The forest acts as a security boundary for an organization and defines the scope of authority for administrators.
What is the Global Catalog?
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest.
The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
Notes and disclaimers
Our goal is not be be a complete course on Active Directory Domain Services, but to sort through some definitions and acronyms in a logical manner to help in understanding the main topics.
Most of the concepts are defined using Window Server 2003 or Windows Server 2008 definitions. The overall concept of active directory has not changed much since Windows Server 2000, but some of the specific terms have changed with each update. In Microsoft Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008, the directory service is named Active Directory Domain Services (AD DS).
See the links below to Microsoft's website for additional information.
Active Directory Replication Technologies
How Active Directory Replication Works
Graphic: A generic diagram of a 'tree' or 'hierarchical' computer network