Active Directory Diagnostics, Troubleshooting, and Recovery |
The database layer provides an object view of database information by applying schema semantics to database records, thereby isolating the upper layers of the directory service from the underlying database system. The database layer is an internal interface that is not exposed to users. No database access calls are made directly to the Extensible Storage Engine; instead, all database access is routed through the database layer.
Active Directory provides a hierarchical namespace. Each object is uniquely identified in the database by its individual naming attribute, called the relative distinguished name (also known as the RDN). The relative distinguished name and the chain of successive parent object names make up the object's distinguished name (also known as the DN). The database stores the relative distinguished name for each object, as well as a reference to the parent object. The database layer follows these parent references and concatenates the successive relative distinguished names to form distinguished names.
Note
Active Directory relative distinguished names are unique within a particular parent; that is, Active Directory does not permit two objects with the same relative distinguished name under the same parent container. The distinguished name identifies one object only and is unique (that is, no other object in the directory has its name).
A major function of the database layer is to translate each distinguished name into an integer structure called the distinguished name tag, which is used for all internal accesses. The database layer guarantees the uniqueness of the distinguished name tag for each database record.
All data that describes an object is held as a set of attributes, which are stored as columns in the database. The database layer is responsible for the creation, retrieval, and deletion of individual records, attributes within records, and values within attributes. To carry out these functions, the database layer uses the schema cache (an in-memory structure in the DSA) to get information about the attributes that it needs.
For more information about the schema cache, see "Active Directory Schema" in this book. For more information about distinguished names and relative distinguished names, see "Active Directory Logical Structure" in this book.