Compartilhar via


Data Store Tools and Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

In this section

  • Data Store Tools

  • Data Store Registry Entries

  • Data Store Group Policy Settings

  • Data Store WMI Classes

  • Network Ports Used by the Data Store

This section contains information about the tools, registry entries, Group Policy settings, Windows Management Instrumentation (WMI) classes, and network ports that are associated with the data store.

Note

In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to Active Directory, but the information is also applicable to Active Directory Domain Services.

Data Store Tools

The following tools are associated with the data store.

Adsiedit.msc: ADSI Edit

Category

This tool ships with Support Tools for Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

ADSI Edit is a Microsoft Management Console (MMC) tool that you can use to view and modify directory objects.

To find more information about ADSI Edit, see Support Tools Help in Tools and Settings Collection.

Csvde.exe: Csvde

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Csvde to import and export data from Active Directory by using files that store data in the comma-separated value (CSV) file format standard. Csvde also supports batch operations that are based on CSV.

To find more information about Csvde, see “Command-Line References” in Tools and Settings Collection.

Dsadd.exe: Dsadd

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsadd to add specific types of objects to the directory.

To find more information about Dsadd, see “Command-Line References” in Tools and Settings Collection.

Dsget.exe: Dsget

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsget to display the selected properties of a specific object in the directory.

To find more information about Dsget, see “Command-Line References” in Tools and Settings Collection.

Dsmod.exe: Dsmod

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsmod to modify an existing object of a specific type in the directory.

To find more information about Dsmod, see “Command-Line References” in Tools and Settings Collection.

Dsmove.exe: Dsmove

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsmove to move a single object, within a domain, from its current location in the directory to a new location. You can also use Dsmove to rename a single object without moving it in the directory tree.

To find more information about Dsmove, see “Command-Line References” in Tools and Settings Collection.

Dsquery.exe: Dsquery

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsquery to query Active Directory according to specified criteria.

To find more information about Dsquery, see “Command-Line References” in Tools and Settings Collection.

Dsrm.exe: Dsrm

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Dsrm to delete an object of a specific type, or any general object, from the directory.

To find more information about Dsrm, see “Command-Line References” in Tools and Settings Collection.

Ldifde.exe: Ldifde

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

You can use Ldifde to create, modify, and delete directory objects on domain controllers. You can also use Ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services.

To find more information about Ldifde, see “Command-Line References” in Tools and Settings Collection.

Ldp.exe: Ldp

Category

This tool ships with Support Tools for Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Servers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows Server 2003, Web Edition

Computers running:

  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

Ldp is a Lightweight Directory Access Protocol (LDAP) graphical user interface (GUI) tool that you can use to perform operations such as connect, bind, search, modify, add, and delete against any LDAP-compatible directory, such as Active Directory. You can also use Ldp to view objects that are stored in Active Directory, along with their metadata, for example, security descriptors and replication metadata.

You can use the online dbdump feature in Ldp to view values that are stored in the database while the domain controller is running. You can trigger dbdump by modifying the dumpDatabase attribute on the rootDSE.

To find more information about Ldp, see “Support Tools Help” in Tools and Settings Collection.

Ntdsutil.exe: Ntdsutil

Category

This tool ships with Windows Server 2003.

Version compatibility
Can Be Run From Can Be Run Against

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

You can use Ntdsutil to perform Active Directory database maintenance, manage and control single master operations, and remove metadata left behind by domain controllers that are removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.

To find more information about Ntdsutil, see “Command-Line References” in Tools and Settings Collection.

Data Store Registry Entries

The following registry entries are associated with the data store.

The registry entries under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics control the logging level for the component or process that is specified in the entry name. The value for each entry is set to an integer from and including 0 (no logging) through 5 (most verbose logging).

The registry entries under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters control or contain information about the configuration of the data store.

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics.

3 ExDS Interface Events

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that result from communication between Active Directory and Microsoft Exchange clients.

4 MAPI Interface Events

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that result from communication between Active Directory and Microsoft Exchange clients.

6 Garbage Collection

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are generated when objects that are marked for deletion are actually deleted.

7 Internal Configuration

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of internal operations.

8 Directory Access

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of read and write operations to directory objects from all sources.

9 Internal Processing

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to internal directory service operations.

11 Initialization/Termination

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are generated by starting and stopping Active Directory.

12 Service Control

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of Active Directory service events.

13 Name Resolution

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are generated by the resolution of addresses and Active Directory names.

14 Backup

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to backing up Active Directory. Specifically, controls the logging of events that occur when Extensible Storage Engine (ESE) database records are read or written during backup.

16 LDAP Interface Events

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to LDAP.

18 Global Catalog

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to the global catalog.

22 DS RPC Client

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to communication between Directory System Agents (DSAs). Examples of such communication include replication and the forwarding of look-ups to a global catalog. Examples of logged events include remote procedure call (RPC) errors, canceled calls, Domain Name System (DNS) resolution failures, and service principal name (SPN)–related operations.

23 DS RPC Server

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to a DSA acting as an RPC server. A DSA acts as an RPC server, for example, during outbound replication, replication setup operations, cross-domain moves, and membership queries or when a client makes a look-up call.

24 DS Schema

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls the logging of events that are related to schema errors and operations. Such errors and operations include schema additions, deletions, modifications, look-up errors, look-up failures, and caching errors.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.

Configuration NC

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Contains the distinguished name of the configuration directory partition.

Database Backup Path

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Determines the directory that is used as the target directory when online backups of the directory database are performed.

Database Log Files Path

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Determines the directory path that is used to store Active Directory log files.

Database Logging/Recovery

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Controls a Microsoft Jet database engine parameter called JET_paramRecovery that determines whether database operations are logged.

DS Drive Mappings

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Used to track local drive mapping names, so that the database file can be located if drive mappings are modified.

DSA Database File

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Determines the file that is used by the domain controller for storing Active Directory objects.

DSA Working Directory

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Determines the working directory of Active Directory.

Hierarchy Table Recalculation Interval (minutes)

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Determines how frequently the hierarchy table for the directory database is built. The hierarchy table is used only by the Messaging API (MAPI) interface.

Ldapserverintegrity

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Determines whether connection integrity is required (by means of checksum-signed packets) for LDAP connections.

Machine DN Name

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Contains the distinguished name of the computer on which the domain controller is running.

Root Domain

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Contains the distinguished name of the root domain of the Active Directory forest to which the domain controller is connected.

Schema Version

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Contains the schema version for which a particular operating system is configured.

System Schema Version

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Version

Domain controllers running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Contains the version of the schema at the time that a backup is taken. This value is used to prevent an incompatible schema version from being restored from backup.

Data Store Group Policy Settings

The following table lists and describes the Group Policy settings that are associated with the data store.

Group Policy Settings Associated with the Data Store

Group Policy Setting Description

Audit Directory Services Access

When it is enabled, this Group Policy setting causes successful and failed directory access events to be logged in the Directory Service event log.

Data Store WMI Classes

The following table lists and describes the WMI classes that are associated with the data store.

WMI Classes Associated with the Data Store

Class Name Namespace Version Compatibility

rootDSE

root\directory\LDAP

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

DS_LDAP_Class_Containment

root\directory\LDAP

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

DS_LDAP_Instance_Containment

root\directory\LDAP

Domain controllers running:

  • Windows Server 2003, Standard Edition

  • Windows Server 2003, Enterprise Edition

  • Windows Server 2003, Datacenter Edition

  • Windows 2000 Server

  • Windows 2000 Advanced Server

  • Windows 2000 Datacenter Server

For more information about these WMI classes, see “Mapping Active Directory to WMI” in the WMI SDK documentation on MSDN.

Network Ports Used by the Data Store

The network ports that are used by the data store are listed in the following table.

Port Assignments for the Data Store

Service Name UDP TCP

LDAP

None

389

LDAP SSL

None

636

RPC Endpoint Mapper

135

135

Global Catalog LDAP

None

3268

Global Catalog LDAP SSL

None

3269