Information Technology Reference
In-Depth Information
As you might expect, you must be a member of the Enterprise Admins or Domain
Admins group to be able to create application data partitions. Alternatively, you can be
delegated the appropriate permissions to create new partitions.
Now that you have a good idea of the basic ways in which you can create application
data partitions, let's look at how replicas (copies of application data partition information)
are handled.
Managing Replicas
A
replica
is a copy of any data stored within Active Directory. Unlike the basic information
that is stored in Active Directory, application partitions cannot contain security princi-
pals. Also, not all domain controllers automatically contain copies of the data stored in an
application data partition. System administrators can define which domain controllers host
copies of the application data. This is an important feature because, if replicas are used
effectively, administrators can find a good balance between replication traffic and data
consistency. For example, suppose that three of your organization's 30 locations require
up-to-date accounting-related information. You might choose to replicate the data only to
domain controllers located in the places that require the data. Limiting replication of this
data reduces network traffic.
Replication
is the process by which replicas are kept up-to-date. Application data can
be stored and updated on designated servers in the same way basic Active Directory
information (such as users and groups) is synchronized between domain controllers.
Application data partition replicas are managed using the
Knowledge Consistency Checker
(KCC)
, which ensures that the designated domain controllers receive updated replica
information. Additionally, the KCC uses all Active Directory sites and connection objects
(covered in Chapter 5) that you create to determine the best method to handle replication.
Removing Replicas
When you perform a
demotion
on a domain controller, that server can no longer host an
application data partition. If a domain controller contains a replica of application data
partition information, you must remove the replica from the domain controller before you
demote it. If a domain controller is the machine that hosts a replica of the application data
partition, then the entire application data partition is removed and will be permanently
lost. Generally, you want to do this only after you're absolutely sure that your organization
no longer needs access to the data stored in the application data partition.
Using
ntdsutil
to Manage Application Data Partitions
The primary method by which system administrators create and manage application data
partitions is through the
ntdsutil
command-line tool. You can launch this tool simply
by entering
ntdsutil
at a command prompt. The
ntdsutil
command is both interactive
and context sensitive. That is, once you launch the utility, you'll see an
ntdsutil
command
prompt. At this prompt, you can enter various commands that set your context within the
application. For example, if you enter the
domain management
command, you'll be able to
Search WWH ::
Custom Search