The Configuration NC is the primary repository for configuration information for a forest. Every domain controller in the forest replicates the Configuration NC, which is why it is considered forest-wide. The root of the Configuration NC is found in the Configuration container, which is a subcontainer of the forest root domain. For example, the mycorp.com forest would have a Configuration NC located at cn=configuration,dc=mycorp,dc=com.
Table 3-2 contains a list of the default top-level containers found in the Configuration NC.
Relative Distinguished Name |
Description |
---|---|
cn=DisplaySpecifiers |
Container that holds display specifier objects, which define various properties and functions of the Active Directory MMC Snap-ins. |
cn=Extended-Rights |
Container for extended rights (controlAccessRight) objects. |
cn=ForestUpdates |
Contains objects that are used to represent the state of forest and domain functional level changes. This container is new in Windows Server 2003. |
cn=LostandFoundConfig |
Container for orphaned objects. |
cn=NTDS Quotas |
Container to store quota objects, which are used to restrict the number of objects that security principals can create in a partition or container. This container is new in Windows Server 2003. |
cn=Partitions |
Contains objects for each naming context, application partition, and external reference. |
cn=Physical Locations |
Contains location objects (physicalLocation), which can be associated with other objects to denote location of the object. |
cn=Services |
Store of configuration information about services such as FRS, Exchange, and even Active Directory itself. |
cn=Sites |
Contains all of the site topology and replication objects. This includes site, subnet, siteLink, server and nTDSCconnection objects, to name a few. |
cn=WellKnown Security Principals |
Holds objects representing commonly used foreign security principals, such as Everyone, Interactive, and Authenticated Users. |