Active Directory Structure and Storage Technologies
Domains can be structured in a forest to provide data and service autonomy and to optimize replication with a given region. This separation of logical and physical structures improves manageability and reduces administrative costs because the logical structure is not affected by changes in the physical structure.
The logical structure also makes it possible to control access to data. This means that you can use the logical structure to compartmentalize data so that you can control access to it by controlling access to the various compartments.
The data that is stored in Active Directory can come from many diverse sources. With so many different data sources and so many different types of data, Active Directory must employ some type of standardized storage mechanism so that it can maintain the integrity of the data that it stores.
In Active Directory, objects are used to store information in the directory, and all objects are defined in the schema. The object definitions contain information, such as data type and syntax, that the directory uses to ensure that the stored data is valid. No data can be stored in the directory unless the objects that are used to store the data are first defined in the schema.
The default schema contains all the object definitions that Active Directory needs to function; however, you can also add object definitions to the schema.
While the directory is exposed to you through a logical structure that consists of elements such as domains and forests, the directory itself is implemented through a physical structure that consists of a database that is stored on all domain controllers in a forest.
The Active Directory data store handles all access to the database. The data store consists of both services and physical files. These services and physical files make the directory available, and they manage the processes of reading and writing the data inside the database that exists on the hard disk of each domain controller.