Nc Partition Name Dc Name Command example essay topic
This mechanism for partitioning Active Directory data has been extended in Windows 2003 domains by the introduction of the application partition. Several features differentiate it from its three older counterparts: Most importantly, application partitions are intended for custom, Windows 2003 Active-Directory-aware applications. Although they are typically created by such applications, you can also experiment with application partitions using the NTDSUTIL command line utility. For example, you can create your custom application partition with the following steps: After typing NTDSUTIL at the command prompt, you will be presented with prompt. Start by typing domain management.
(Typing? lists available commands.) To proceed, you must establish a connection to one of existing domain controllers. This is done from the connection context, which is accessed by typing connection at the domain management prompt. Next, type in connect to server dc name, where dc name is the name of the domain controller to which you intend to connect. You can also provide alternate credentials if you do not want to use the same account you are logged on as.
Once a connection is established, type quit to return to domain management context. Type create nc partition name dc name where partition name and dc name are, respectively, the names of the application partition and the domain controller hosting it. The application directory partition is expressed in the fully qualified notation. For example, an application partition called app-one. server watch. com would take the form dc = app-one, dc = server watch, dc = com. You can also create additional replicas of the partition created on another domain controller with the add nc partition name dc name command, substituting the name of this domain controller in place of dc name. Note that removing replicas is equally straightforward with the remove nc partition name dc name command.
Existing partitions (including non-application partitions) can be listed with the list command available from the domain management context of the NTDSUTIL tool. The scope of an application partition can be customized (i. e., the scope is not limited to entire forest or entire domain). This is concluded based on the process described above; creating application partitions with NTDSUTIL requires designating individual domain controllers that will store its replica. This lowers the amount of replication traffic, while still preserving fault tolerance and load balancing (with at least two replicas present).
Replication is also minimized because application partitions are not replicated to Global Catalogs. Just as with other partitions, replication is managed automatically by the Knowledge Consistency Checker process. Active Directory can contain multiple instances of active directory partitions. The naming is arbitrary, although it does impact the location of the partition in the DNS name space and security descriptor reference domain used to determine the domain whose administrative groups will have permissions to manage the partition. For example, an application partition called app-one. server watch. com references the security descriptor of the server watch. com domain (hence, its administrators, by default, will be able to manage it). Application partitions cannot contain security principals (users, computers, or groups).
Even though you cannot view the content of application partitions with ADSI Edit (which is typically used to gain read / write access to the other three types of partitions), you can use the LDP utility for this purpose. Both tools are part of the Windows Support Tools included with the installation CD..