Overview of Active Directory files

Reading Time: 3 minutes

Although Active Directory can be considered as a heavenly product by administrators and is likely to be referred to as "the hand of god" by users it is actually stored on physical drives. Nothing new-age about that, so let's look at the files that make up our Active Directories…



A Microsoft Windows Server Domain Controller stores its Active Directory database in a single file called ntds.dit, which contains:

  • Schema information
    Schema information is information that defines details about objects and attributes that CAN be stored within the Active Directory. This information is static by nature and the Domain Controller with the Schema Master FSMO role is responsible for this information within the whole forest.
  • Configuration information
    The configuration information contains data about forest and trees. The information gets changed by the Domain Controller holding the Domain Naming Master FSMO role when new domains enter the forest or domains exit the forest.
  • Domain information
    The domain information contains object information for a domain and it gets replicated to all domain controllers within a domain. Some portions of the domain information can be replicated between Global Catalog Servers (GC's) within the forest.

To store this information it uses a database based on the Extensible Storage Engine (ESE) with three tables: the Schema table, the Link table and the Data table.

To many administrators for Windows shops the Extensible Storage Engine (ESE) is a familiar face. Microsoft Exchange uses it to store its Private and Public Information Stores and even the DHCP and WINS databases use this particular database type. The Extensible Storage Engine (ESE) data storage technology was originally developed by Microsoft as a prospective upgrade for the JET Red database engine in Microsoft Access, but was never used in this role.

The ntds.dit file is approximately 400MB in size per 1000 users. For more accurate values look here.



This is a transaction log. ESE is a form of transactional database which means any changes made to objects in Active Directory are first saved to a transaction log to provide fault tolerance. When the server deems the time is right the database engine commits the transactions into the Ntds.dit database. This also ensures that the database can be recovered in the event of a system crash. Entries that have not been committed to Ntds.dit are kept in memory to improve performance. Transaction log files used by ESENT are 10MB in size. (for Exchange Server 5.5, 2000 and 2003 the size is 5 MB, for Exchange Server 2007 the transaction log file size is 1 MB)


These are extra transaction logs used to store changes if the main Edb.log file gets full before it can be flushed to Ntds.dit. The xxxxx stands for a sequential number in hex. When the Edb.log file fills up, an Edbtemp.log file is opened. The original Edb.log file is renamed to Edb00001.log, and Edbtemp.log is renamed to Edb.log file, and the process starts over again. ESENT uses circular logging. Excess log files are deleted after they have been committed. You may see more than one Edbxxxxx.log file if a busy domain controller has many updates pending.


This is a checkpoint file. It is used to mark the progress of transaction logs being written to the database. As transactions are committed, the checkpoint moves forward in the Edb.chk file. If the system terminates abnormally, the pointer tells the system how far along a given set of commits had progressed before the termination. This allows for faster recovery.


Res1.log and Res2.log

These are reserve log files and act as placeholders. They prevent updates from being lost due to insufficient disk space. If the hard drive fills to capacity just as the system is attempting to create an Edbxxxxx.log file, the space reserved by the Res log files is used.



This is a scratch pad used to store information about in-progress large transactions and to hold pages pulled out of Ntds.dit during maintenance operations.



This file is used to initialize the Ntds.dit during the initial promotion of a domain controller to define the initial structure for the ntds.dit file. The Schema.ini initialization file contains the information that is necessary for creating the default directory objects and the default security for the DIT. Although you can open this file like any other ASCII file there's not much use: schema.ini is not used after the first Domain Controller was promoted. The Schema itself by that time is part of the Active Directory database file.


Further reading

Windowsnetworking.com on Active Directory database file NTDS.DIT
Windowsnetworking.com on Optimize Active Directory Disk Performance
How do I defragment the Active Directory to make it smaller in size?
Active Directory Answers: How to Defrag NTDS.DIT
Extensible Storage Engine (From Wikipedia, the free encyclopedia)
Understanding Active Directory Services
Managing Domain Controllers
Active Directory Data Storage
Growth Estimates for Active Directory Users and Organizational Units

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.