Why is there 2 files named ntds.dit.
C:\Windows\NTDS\ntds.dit and C:\Windows\System32\ntds.dit? Is there any difference between them?
Another question, are changes to AD written to edb.log are equivalent to entries stored in System32\Winevt\Logs\Security.evtx?
2 ntds.dit files in Windows Server 2008 R2 and Active Directory logging
active-directoryloggingwindows-server-2008
Related Topic
- C# – Validate a username and password against Active Directory
- What are the differences between LDAP and Active Directory
- Php – Windows SMTP Server with Server 2008 and PHP
- Node.js – Jenkins “Provide Node & npm bin/ folder to PATH” is empty
- C# – Windows Server Task Scheduler needs files to be in System32 folder
- Archived evtx files stored
Best Answer
Active Directory data is stored in the Ntds.dit ESE database file. Two copies of Ntds.dit are present in separate locations on a given domain controller: %SystemRoot%\NTDS\Ntds.dit This file stores the database that is in use on the domain controller. It contains the values for the domain and a replica of the values for the forest (the Configuration container data). %SystemRoot%\System32\Ntds.dit This file is the distribution copy of the default directory that is used when you promote a Windows 2000 – based computer to a domain controller. The availability of this file allows you to run the Active Directory Installation Wizard (Dcpromo.exe) without your having to use the Windows 2000 Server operating system CD. During the promotion process, Ntds.dit is copied from the %SystemRoot%\System32 directory into the %SystemRoot%\NTDS directory. Active Directory is then started from this new copy of the file, and replication updates the file from other domain controllers.