What is a domain and a domain controller?
The computer machines that function as servers in the domain can either be a member server or a DC. A member server belongs to a particular domain, but it does not authenticate the users of that domain. There is no data about the entire AD network installed in it. DC on the other hand are servers responsible for allowing access to domain resources. It contains information on all user accounts, authenticates users, and enforces security policies for a domain.
A DC has three directory partitions within itself. They are as follows:
- Domain partition: This partition contains users, computers, groups and other objects for a local domain. Each domain controller will have full replica of the domain partition.
- Schema partition: The type of objects and attributes that can be created in a domain is completely controlled by the schema. Nevertheless, the schema is extensible. It supports the creation of new types of objects and attributes.
- Configuration partition: The configuration partition contains the replication topology and other configuration information that needs to be replicated across the forest. Every domain controller will have the same replica of schema and configuration partition.
This sort of partitioning is done to make the process of AD replication easier. Replication is an important process in AD. To learn more about what AD replication is, you can read this article.