Active Directory (AD) is a structure used on computers and servers running the Microsoft Windows operating system (OS). AD is used to store network, domain, and user information and was originally created by Microsoft in 1996. It was first deployed on Microsoft Windows 2000. Active directories provide a number of functions to include providing information regarding objects optimized for fast access and / or retrieval. This allows administrators to setup security, push computer updates, and acts as a hierarchical structure. The structure is normally configured in three categories to include: hardware such as printers or scanners, web email servers, and objects that are the network and domain's main functions.
The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs directly over the TCP/IP stack. The information model (both for data and namespaces) of LDAP is similar to that of the X.500 OSI directory service, but with fewer features and lower resource requirements than X.500. Unlike most other Internet protocols, LDAP has an associated API that simplifies writing Internet directory service applications. The LDAP API is applicable to directory management and browser applications that do not have directory service support as their primary function. LDAP cannot create directories or specify how a directory service operates.
The AD database is stored in c:\windows\ntds\NTDS.DIT.
Windows Server 2008 has five Active directory related roles. below are the list
- Active Directory Domain Services (Identity): AD DS it provides the functionality of an identity and access (IDA) solution for enterprise networks. It also provides the mechanisms to support, manage, and configure resources in distribution network environments.
- Active Directory Lightweight Directory Services (Applications): AD LDS formerly known as Active directory application mode (ADAM), provides support for directory-enabled applications.
- Active Directory Certificate Services (Trust): AD CS to set up a certificate authority for issuing digital certificates as a part of a public key infrastructure (PKI) that binds the identity of a person, device or service to corresponding private key. Certificates can be used to authenticate users and computers, provide web-based authentication, support smart card authentication, and support application, including secure wireless n/w, vpn, Ipsec, EFS, and more.
- Active Directory Rights management Services (Integrity): AD RMS is an information-protection technology that enables you to implement persistent usage policy templates (for documents) that define allowed and unauthorized use whether online, offline, inside, or outside the firewall.
- Active Directory Federation Services (Partnership): AD FS enable an organization to extend IDA across multiple platforms, including both window and non-windows environments, and to project identity and access rights across security boundaries to trusted partners.
All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition.
The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS) forest.
This is a quote from Microsoft themselves, basically the domain controller info stored in files like your group policy stuff is replicated through this folder structure.