Tip: You can check the integrity and defragment the Active Directory database.
On a default 2008/2012 DC, the database is located here : C:\Windows\NTDS\ntds.dit
For Windows 2003 : Reboot the Domain Controller, press F8 and select “Directory Services Restore Mode”.
For Windows 2008 / 2012, you don’t need to reboot but you have to stop the “Active Directory Domain Services” service (which has dependencies : Kdc, IsmServ, DNS, DFSR).
Integrity
# Detect low-level database corruption
# Reads every byte of your data file
Offline defrag
# Reduce the database file (vs Online defrag which run every 12 hours by default and does not reduce the file size)
# Create a new compacted version of the database file in another location (ex: C:\compacted)
# Re-creates all indexes
|
1 2 3 4 5 6 7 8 9 10 |
Stop-Service -Name ntds -Force ntdsutil activate instance ntds files integrity compact to c:\compacted Move-Item -Path 'C:\Windows\NTDS\ntds.dit' -Destination 'C:\compacted\OLD.ntds.dit' -Force Move-Item -Path 'C:\compacted\ntds.dit' -Destination 'C:\Windows\NTDS\ntds.dit' -Force Remove-Item -Path 'C:\Windows\NTDS\*.log' -Force Start-Service -Name ntds |
Important : An offline defragmentation performed is “Local” (affects only this DC). To defragment all DCs, you have to perform an offline defragmentation on each DC.
Indeed, if you check the database file (C:\Windows\NTDS\ntds.dit) on several DCs you will probably see that the file ntds.dit has a size different on each.
Note: In this example, I moved the original database file to C:\compacted\ntds.dit, but it is recommended to make a copy of the existing database file to a secured network drive (archive for example).
