Tip: You can check the integrity and defragment the Active Directory database.
On a default 2008/2012 DC, the database is located here : C:\Windows\NTDS\ntds.dit
For Windows 2003 : Reboot the Domain Controller, press F8 and select “Directory Services Restore Mode”.
For Windows 2008 / 2012, you don’t need to reboot but you have to stop the “Active Directory Domain Services” service (which has dependencies : Kdc, IsmServ, DNS, DFSR).
# Detect low-level database corruption
# Reads every byte of your data file
# Reduce the database file (vs Online defrag which run every 12 hours by default and does not reduce the file size)
# Create a new compacted version of the database file in another location (ex: C:\compacted)
# Re-creates all indexes
Stop-Service -Name ntds -Force
activate instance ntds
compact to c:\compacted
Move-Item -Path 'C:\Windows\NTDS\ntds.dit' -Destination 'C:\compacted\OLD.ntds.dit' -Force
Move-Item -Path 'C:\compacted\ntds.dit' -Destination 'C:\Windows\NTDS\ntds.dit' -Force
Remove-Item -Path 'C:\Windows\NTDS\*.log' -Force
Start-Service -Name ntds
Important : An offline defragmentation performed is “Local” (affects only this DC). To defragment all DCs, you have to perform an offline defragmentation on each DC.
Indeed, if you check the database file (C:\Windows\NTDS\ntds.dit) on several DCs you will probably see that the file ntds.dit has a size different on each.
Note: In this example, I moved the original database file to C:\compacted\ntds.dit, but it is recommended to make a copy of the existing database file to a secured network drive (archive for example).