Active Directory Database Management

An Authoritative restore is accomplished by booting into Directory Services Restore Mode and then restoring System State using the backup tool. Without rebooting, the ntdsutil.exe tool must be run. From ntdsutil, the commands below should be issued:

  1. At the prompt, type authoritative restore
  2. Then type restore subtree distinguished_name_of_object . For example: cn=Dan DiNicolo,ou=admins,DC=2000Trainers,DC=com
  3. Type quit and again quit
  4. Restart the domain controller as normally.

Outside of backup up and restoring the Active Directory database, you should know how to move and defragment the database as well. For both, you must be in Directory Services Restore Mode, and ntdsutil.exe is used for each.

To move the Active Directory database to a new location, run ntdsutil, type files , and then issue the move DB to :\ command. Restart the domain controller as normal.

To defragment the AD database (often referred to as an offline defragmentation – it rearranges data on the physical disk) run ntdsutil and type files , and then issue the compact to :\ command. This will create a defragmented version of the file in the new location. Quit ntdsutil and then copy the new version over the old version and restart the domain controller as normal.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.