What Active Directory Partition Holds the DNS Database (Explained)?

What Active Directory Partition Holds the DNS Database (Explained). The Application Partition of Active Directory holds the DNS database.

We will be looking at all Active Directory partitions in detail, but, if you only want to find out more about the Application Partition, and how it stores the DNS database, you can skip ahead to that section.

What is Active Directory

Active Directory (AD) is a directory service developed by Microsoft for its Windows domain controlled networks. It is shipped in most Windows Server operating systems as a set of processes and services. Initially, AD was only used for centralized domain management but eventually became an umbrella title for a broad range of directory and identity based related, services.

A domain controller is a server running the Active Directory Domain Service (AD DS) role. Some of the AD DS main features include:

    • Overseeing the secure and certified installation or updating of software

When a user logs into a computer that is part of a Windows domain, the AD checks the entered username and password to determine whether the user is authorized or not and, if so, whether they are a privileged or normal user.

Active directory A sample network diagram with Active Directory hierarchical structure
Here is a sample network design demonstrating the Active Directory domain services hierarchy

AD also helps with the management and storage of information and establishes a framework to deploy other related services like:

    • Certificate Services (AD CS) – a service that performs public key infrastructure (PKI) functionality to govern the issuance of digital certificates for the protection of sensitive data, provide unique digital identities for users, devices and applications, as well as secure end to end communications.
    • Lightweight Directory Services (AD LDS) – a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory enabled applications, without the dependencies and domain related restrictions of Active Directory Domain Services (AD DS).
    • Rights Management Services (AD RMS) – is a server software for information rights management that uses encryption and a form of selective functionality denial for limiting access to restricted documents and controlling the actions authorized users can take on them.

AD stores data as objects which are single elements like users, groups, applications or devices such as a printer. Objects are normally defined as either being resources (printers and computers) or security principals (users and groups).

What is a DNS database

The AD DS uses Domain Name System (DNS) name resolution services to make it possible for clients to locate domain controllers. It also helps the domain controllers that host the directory service to communicate with each other.

A DNS database is the collection of database files, or zone files, and associated files that contain resource records for a domain and are stored on name servers. DNS database files are usually simple ASCII database files.

What Active Directory Partition Holds the DNS Database

What are Active Directory Partitions

Although the AD database is stored in one file (named Ntds.dit) while the database itself is divided into four partitions for better replication and administration. These partitions are:

    • Schema Partition.
    • Configuration Partition.
    • Domain Partition.
    • Application Partition.

Active Directory Partitions

AD partitions - Schema, cofiguration, domain, and application partitions
The four partitions of an AD database: Schema, Configuration, Domain, and Application Partitions

Let us now have a look at what Active Directory Partition Holds the DNS Database and what each AD partition is used for.

Schema Partition

The schema partition holds the classSchema and attributeSchema objects which define the types of objects that can exist in a forest and is replicated to all the domain controllers in the forest.

Some Schema Partition features:

    • It holds descriptive details and properties of all objects and attributes that can be stored in an AD.
    • It is replicated to all the domain controllers in a forest.
    • It is static in nature.

Configuration Partition

The configuration partition contains replication topology and other configuration data that must be replicated throughout the forest which means every domain controller in the forest has a replica of the same configuration partition.

Some Configuration Partition features:

    • It holds the configuration data about forests and trees like sites, interfaces and subnets.
    • It replicates to all the domain controllers in its forest.
    • It is static by nature.

Domain Partition

The domain partition contains the directory objects, such as users and computers, which are associated with the local domain.

Some Domain Partition features:

    • It holds all the object information of a domain.
    • It replicates to all domain controllers within the domain.
    • The object portion is updated in the Global Catalog for easier identification and location of objects.
    • It also stores the data of the resource and principal objects in the domain.

Application Partition

An application partition contains the hierarchy of all object types – except for security principal objects. This partition can be configured to replicate itself into any group of domain controllers in the forest.

Domain controllers that are running Windows Server 2003 or above store application data inside this AD database which is known as the Application Partition.

An application directory partition, unlike a domain partition, is not required to replicate to all the domain controllers in the domain. On the other hand, this partition can replicate to domain controllers in different domains of the forest.

Some Application Partition features:

    • It stores information about applications in the AD. And for example, when an AD integrated DNS is used there are two application partitions for DNS zones – ForestDNSZones and DomainDNSZones, which we will soon see in detail.
    • Application partition replicas can be replicated to any set of domain controllers in a forest, irrespective of domain.
    • The application partition is created by applications so they have a place to store their data. It is different from the other partitions in that an application can choose which domain controller (or controllers) it wants to store its data on.
    • The reason and advantage for the application storing the data in this partition is that it has access to the same replication and fault tolerance used by the domain controllers.

Note: Each domain has a DomainDNSZones partition, but there is only one ForestDNSZones partition in the forest.

What are ForestDNSZones

ForestDNSZones are part of a forest and all the domain controllers and DNS servers in a forest receive a replica of this partition.

They contain the details of all the DNS servers that are running on the domain controllers in the forest. DNS zones stored in the application directory partition are replicated to all DNS servers running on domain controllers in the forest.

What are DomainDNSZones

DomainDNSZones store the domain DNS zone and are unique for each domain and all domain controllers that are DNS servers in a domain receive a replica of this partition.

A DNS application directory partition exists for each domain in a forest. The DNS zones stored in an application partition are replicated to all DNS servers running on all domain controllers in the domain.

Here is a video that explains how the data is stored in Application Partitions as well as how we can have a look into it using the ADSI Edit (Active Directory Service Interface Editor) tool:

We hope the video has helped you see and understand what we have been talking about in this article.

What Active Directory Partition Holds the DNS Database Conclusion

An AD installation makes it easier to run an entire network. Your business can rely on it to make sure your processes are not interrupted by issues caused by connection, communication and authorization issues.

It, therefore, makes sense to install, configure and manage your AD correctly. The entire process – from when you set up Active Directory domain controllers to administering the whole network – should always be handled by professionals. And that is where we come in. Contact us to find out how we can work together on ensuring an optimized AD installation.

Avatar for Liku Zelleke
Liku Zelleke

Liku Zelleke is a technology blogger who has over two decades experience in the IT industry. He hasn’t looked back since the day, years ago, when he discovered he could combine that experience with his other passion: writing. Today, he writes on topics related to network configuration, optimization, and security for Cloud Infrastructure Services.

5 1 vote
Article Rating
Notify of
1 Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments


This is very informative and thank you for sharing the knowledge.

Last edited 1 year ago by Asela
Would love your thoughts, please comment.x