Powershell Tip #60: Check integrity and defragment offline the Active Directory database (NTDS.DIT)

By | November 10, 2015

Tip: You can check the integrity and defragment the Active Directory database.

On a default 2008/2012 DC, the database is located here : C:\Windows\NTDS\ntds.dit


For Windows 2003 : Reboot the Domain Controller, press F8 and select “Directory Services Restore Mode”.

For Windows 2008 / 2012, you don’t need to reboot but you have to stop the “Active Directory Domain Services” service (which has dependencies : Kdc, IsmServ, DNS, DFSR).


# Detect low-level database corruption
# Reads every byte of your data file

Offline defrag

# Reduce the database file (vs Online defrag which run every 12 hours by default and does not reduce the file size)
# Create a new compacted version of the database file in another location (ex: C:\compacted)
# Re-creates all indexes

Important : An offline defragmentation performed is “Local” (affects only this DC). To defragment all DCs, you have to perform an offline defragmentation on each DC.

Indeed, if you check the database file (C:\Windows\NTDS\ntds.dit) on several DCs you will probably see that the file ntds.dit has a size different on each.


Note: In this example, I moved the original database file to C:\compacted\ntds.dit, but it is recommended to make a copy of the existing database file to a secured network drive (archive for example).


Leave a Reply

Your email address will not be published.