This post will go over tuning up your Active Directory Database. I will specifically going over Active Directory in a Windows 2008 Server environment.
Why would you want to do this?
- Running regular maintenance on the Active Directory Database recaptures disk space, makes the database file more efficient (faster) and checks for any weirdness.
- When stuff gets deleted out of your active directory database, the file does not get any smaller.
*NOTE* – These items will be done using “NTDSUTIL” under the “Files” context. Three items this post will go over will be “Compact”, “Integrity” as well as “Semantic" Database Analysis”.
Getting ready to type the commands
Go and Open command prompt.
- Type. “ntdsutil”.
- Type “Activate Instance NTDS”
How to Defrag / Compact the Active Directory Database
* NOTE * You can’t compact the actual Active Directory Database! You will have to compact it to another location. Then copy the new file over the old version manually. This is the #1 concept issue I see people have. Most of the time they think just by running the command the database is defragged. Unfortunately this is not the case.
- You need to “STOP” the “NTDS Service” before binding to the Active Directory database".
- Go to “Administrator Tools” and select “Services”.
- Right click “Active Directory Domain Services” and tell it to “Stop”. Windows will prompt you to tell you there are other services that will be stopped as well.
- Go back to the command prompt that you opened at the beginning of the how to video. You might get an error about not being able to stop it. This is because replication is going on. You will just have to try stopping it again in a few seconds until it stops.
- Type “Files”. IF you didn’t stop the NTDS Service in step 3 you will be alerted here with an error.
- Type “compact to C:\” or where ever you want to create a copy of the compacted Active Directory Database.
- Verify that a copy copy of the Active Directory Database file has been created @ “C:\ntds.dit”
- Type “Quit” and “Quit”. This will get you back to the command prompt.
- Type: copy “C:\ntds.dit” “C:\Windows\NTDS\ntds.dit”
- Type: del “C:\Windows\NTDS\*.log”
How to Check the Active Directory Database Integrity
* NOTE * – After compacting the database you should always check the Integrity of the database. If you don’t still have the command prompt window go back to “Getting ready to type the commands section”.
- Type “Files”
- Type “Integrity”
- This will make sure there is no issues with the with the compacting of the Active Directory Database
- Once this command completes there will be a message recommending to you to run the “Semantic database consistency” check as well.
How to run the Semantic Database Consistency util
Still in the NTDS util run:
- Type "quit” to go up one level in the NTDSutil instance structure.
- Type “semantic database analysis”
- Type “Verbose on”
- Type “Go Fixup”
Remember to restart “Active Directory Domain Services”. All those services that were also stopped during the process of stopping the service will also be started.