Configuration Naming Context
The Configuration NC
is the primary repository for configuration information for a forest and is replicated to every domain controller in the forest. The root of the Configuration NC is found in the Configuration container, which is a sub-container of the forest root domain. For example, the mycorp.com forest would have a Configuration NC located at cn=configuration,dc=mycorp,dc=com.
Figure contains a list of the default top-level containers found in the Configuration NC.
Default top-level containers of the Configuration NC
Relative distinguished name
Container that holds display specifier objects, which define various properties and functions of the Active Directory MMC Snap-ins.
Container for extended rights (controlAccessRight) objects.
Contains objects that are used to represent the state of forest and domain functional level changes. This container is new in Windows Server 2003.
Container for orphaned objects.
Container to store quota objects, which are used to restrict the number of objects that security principals can create in a partition or container. This container is new in Windows Server 2003.
Contains objects for each naming context, application partition, and external reference.
Contains location objects (physicalLocation), which can be associated with other objects to denote location of the object.
Store of configuration information about services such as FRS, Exchange, and even Active Directory itself.
Contains all of the site topology and replication objects. This includes site, subnet, siteLink, server, and ntdSConnection objects, to name a few.
cn=WellKnown Security Principals
Holds objects representing commonly used foreign security principals, such as Everyone, Interactive, and Authenticated Users.