Windows Server optimize

Learn about Active Directory partitions in Windows Server 2003


Windows Server 2003 supports many enhancements over previous implementations, resulting in administrators potentially accomplishing more with less while keeping things streamlined. For example, Windows Server 2003's Active Directory (AD), a staple in the Windows 2000 Server domain infrastructure, allows for faster replication times and improved use of inter-site bandwidth for integrated applications.

An integrated application stores and retrieves information from the directory itself. Domain Name System (DNS) is a prime example of an AD-integrated application. In Windows 2000 Server, integrated applications replicate to every domain controller as a part of AD. It's not unusual to experience replication lag due to the large amount of additional information transmitted. Windows Server 2003 improves the AD process with the introduction of application directory partitions (ADPs). These partitions contain directory information, which users can replicate to domain controllers as necessary, reducing the overall amount of replicated data.

When integrated DNS replication does occur in Windows Server 2003, results go only to other servers hosting an ADP for DNS and not to all domain controllers. This cuts down on the amount of data transferred, especially across WAN links.

It is important to remember that ADPs cannot replicate to global catalog (GC) servers. Users can create the partition on a GC server, but it will not replicate from another domain controller to the GC. This is to remove the likelihood of creating inconsistent information in the GC.

If an integrated application passes a request to AD via a GC port -- that is, one on which the GC server is listening for domain requests -- the query will return no results. In order to keep the data in a consistent state, these requests are separate from GC requests.

Most of the integrated application items happen behind the scenes, but they can make your network run more smoothly, saving you precious bandwidth among remote sites in the process.

Miss a column?

Check out the Windows Server 2003 archive, and catch up on the most recent tips from this newsletter.

Stay on top of the latest WS2K3 tips and tricks with our free Windows Server 2003 newsletter, delivered each Wednesday. Automatically sign up today!

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

5 comments
laman
laman

The concept of application directory partition on AD is badly presented.

keith196333
keith196333

currently i have a SBS 2003 and as cisco fire wall have can i set up a vpn connection to allow users from home to connect to the LAN and be authenticated by DC access their resources as normal as if they were onsite.

raaleman
raaleman

Keith, From what I understand, if the users are set up on AD and the computers are joined to the domain, then all you would have to do is configure their access on the firewall. Once they are authenticated through VPN, it would be as if they were in the office. Hopefully, I did not misunderstand your question.

rclark
rclark

Sorry, but you lost me with the AD integrated app. If DNS is integrated and DC2 is a Global Catalog server, you are saying that changes to DNS would not replicate to the server[even if that server was attached to the same collision domain]?

Pieter
Pieter

Anything is possible Keith. I cant reallly say where you have to configure the VPN setting because you weren't really specific and which program are you intending to usefor accessing the network?