Defragmenting an Active Directory Database
Like its predecessors, Windows Server 2008 keeps the Active Directory healthy by periodically performing an automated defragmentation. Although this defragmentation works, it does not compact the database. Periodically performing an offline defragmentation is a great way to get some of your domain controller’s disk space back. In fact, I have seen real life situations in which an Active Directory database shrunk to 1/6th of its original size after an offline defragmentation.
Performing an Offline Defragmentation
Before you attempt an offline defragmentation, I strongly recommend making a full, system state backup of the domain controller. I have never had an offline defragmentation go belly up on me, but since there is at least a potential for database corruption to occur, I recommend starting with a backup.
Once you have created a backup of your domain controller, the next thing that you should do is to make note of the existing Active Directory database’s size. By default, the Active Directory database is located at C:\Windows\NTDS, although the DCPROMO process does allow you to choose a different location. The name of the actual database file is NTDS.DIT. A freshly installed Active Directory database on a Windows Server 2008 domain controller is about 12 MB in size, but the database can grow to be several GB in size, depending on the amount of data that is stored in the Active Directory.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Once you have noted the database’s size, you will have to create a directory that you can use as a temporary repository for a copy of the Active Directory database. When you perform an offline defragmentation, Windows does not alter the original Active Directory database. Instead it creates a defragmented copy database. I recommend creating a folder named TEMP beneath the \Windows\NTDS folder.
The next step in the process is to stop the Active Directory Domain Service. Unlike previous versions of Windows, Windows Server 2008 offers the ability to start and stop the Active Directory just as you would any other service. Depending on how your server is configured, there may be dependency services that Windows will also have to shut down.
When the Active Directory Domain Service finishes shutting down, open a Command Prompt window, and enter the NTDSUTIL command. The command prompt will now display an NTDSUTIL prompt. Now enter the following command:
Activate Instance NTDS
At this point, NTDSUTIL will display a message stating that activate instance has been set to “NTDS”. Now enter the Files command. This will cause NTDSUTIL to switch to the File Maintenance prompt. You should now enter the Info command. This will cause NTDSUTIL to display information about the size and location of the Active Directory database, as shown in Figure A.
Figure A You should double check the database size against the size that you recorded earlier.
You should make sure that the information that is displayed coincides with the size that you recorded earlier. Otherwise, some corruption may exist. Assuming that everything looks good, you can launch the defragmentation process by entering the following command:
Compact to c:\Windows\NTDS\temp
The command shown above assumes that you have created a folder named Temp beneath the c:\windows\ntds folder.
The amount of time that the defragmentation process will take varies depending on the speed of your server, and on the size of the Active Directory database. You can see what a successful defragmentation looks like in Figure B.
Figure B This is what a successful defragmentation looks like.
When the process completes, enter the Q command at the NTDSUTIL prompt to close NTDSUTIL. Next, verify that Windows has created a copy of the Active Directory database in the C:\Windows\NTDS\Temp folder. This copy is the defragmented version of the database. To use it, you must either delete or rename the original database (the one in C:\Windows\NTDS), and then copy the defragmented database from C:\Windows\NTDS\Temp to C:\Windows\NTDS. You must also either rename or delete the log files located in the C:\Windows\NTDS folder.
You can now restart the Active Directory. The easiest way to do this is to simply start the Active Directory Domain Service that you shut down earlier. If a bunch of dependency services were also shut down too though, it may be easier to just reboot the server.
In this article, I have shown you how to perform an offline defragmentation of the Active Directory database. It is important to remember though, that you should always perform a full, system state backup prior to attempting this procedure.
Got a question? Post it on our Active Directory Forums!