Active DirectoryMicrosoft TechnologiesWindows Server

Active Directory Database Optimization

Like any other database active directory database also get fragmented as its write and retrieve data from the database. It will also grow on size without clearing unused hard drive space. Well in small organization you will not feel much different but when it comes to large infrastructures it’s become issue. It needs to have regular optimization of active directory database to have better performances.

How we can do it?

In windows OS we uses the defragment tool to optimize the computer hard drive. There is similar procedure we can use to defrag active directory database.

There are two type of defragmentation use with active directory database. 

Online Defragmentation

With windows serer 2000 Microsoft introduced this method. It is runs in certain intervals (default is every 12 hours) automatically to defrag active directory database. It is part of active directory garbage collection process. It will optimize the data storage and reclaims the space for new active directory objects. But this will not reduce the size of the active directory database. The important thing is it not required to bring any service offline to do this.

Offline Defragmentation

As the name says to do this process we need stop the active directory service. To do this system will create compact version of the existing active directory database in different location. Once process is created the new defragmented database it will copy the compact version in to the original location.  Stats says it can shrink database in to 1/6th of its original size after offline fragmentation.

To do this we uses command line utility called “ntdsutil”. This is the same tool we can use to check for the active directory errors.

Tips

1)    Before do offline defragmentation you need to plan the impact properly. Since Ad service will go down you need to measure how it will affect company operations. The time it will take depends on the size of the AD database and the how bad it fragmented.
2)    It is always best to take system state backup prior to the process.

Let’s see how we can do this.

1)    First you need to log in to the primary domain controller as Domain admin or Enterprise Admin.
2)    Go to Server Manager > Tools > Services

opt1

3)    In Services.mmc right click on “Active Directory Domain Services” and click “Stop”

opt2

4)    Then it will ask if it’s okay to stop the associated services. Click yes to continue.

opt3

5)    Once services stops, right click on Start button and click “Command Prompt (Admin)

opt4

6)    Type “ntdsutil” and enter

opt5

7)    In prompt type “activate instance NTDS” and press enter

opt6

8)    Then type “files” and press enter

opt7

9)    At the file maintenance we need specify the location where NTDS compact database will save. For demo I created folder C:\CompactDB and will use it. So need to type “compact to C:\CompactDB” and press enter
10)    Then it will perform the defragment. The time it will take depends on the size of the database.

opt8

11)    When process completes type “q” and “quit” to exit from the utility.

To complete the process as screen says copy the defragmented database from C:\CompactDB\ntds.dit to C:\Windows\NTDS\ntds.dit

Also we need to remove the log files as it says. After that we have successfully defrag the AD database.

Now go to Services.mmc right click on “Active Directory Domain Services” and click “Start”.

If you have any question regarding the article feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *