Problem solve Get help with specific problems with your technologies, process and projects.

Keep Active Directory neat and tidy

How to properly defrag your Windows 2000 Active Directory for maximum performance.

Like NFTS, DNS and every other data storage mechanism within Windows 2000, the Active Directory database becomes untidy over time. As records are added, modified, deleted, re-categorized, re-grouped, pruned and grafted the AD database becomes fragmented, non-contiguous and less efficient.

The Windows 2000 Active Directory database is stored primarily in the ntds.dit file located in the %systemroot%NTDS folder by default. This file is the core of your domain. Without it your network won't exist anymore. As it becomes bloated over time, your network's performance and ability to process authentications and transactions quickly degrades severely.

While Windows 2000 has several built-in mechanisms to help maintain the health of this mission-critical database, it isn't foolproof and doesn't address every issue. The key to keeping the database in good shape is regular defragmentation. Just as with storage devices, defragmentation will speed operations, remove or mark errors and create contiguous free space. Every 12 hours, Windows 2000 automatically performs an online defragmentation process. However, because this occurs while the database is still in active use, only parts of it are properly housecleaned. The end result of this automatic defragmentation is the reclamation of free space within the database file, but the database file is not reduced in size.

But there is hope. An offline defragmentation will both clean up the AD database's internal mess and reduce the file size, offering direct results in improved performance and stability.

The complete steps to performing an offline defragmentation are contained in the Microsoft Knowledge Base document Q232122, "Performing Offline Defragmentation of the Active Directory Database." Basically, you'll reboot into Directory Services Restore Mode using F8, then use the NTDSutil to perform the defragmentation process.

I'd like to stress one very important point from this document: Always back up your system before and after the operation to ensure you can restore your system in the event of a catastrophic failure.

Another important item to remember is that this process works for the ntds.dit file on a single domain controller. To compact the database on every domain controller, you'll have to perform this operation on each DC in turn. With that said, I don't recommend doing this on all servers simultaneously. Instead, take one DC down to perform the operation. Then wait a day or two before performing the operation on the next DC. The delay between operations will give the domain time to re-establish the equilibrium of its AD database updates.

James Michael Stewart is a researcher and writer for Lanwrights, Inc.

Editor's Note: This article originally appeared on

Dig Deeper on Microsoft Active Directory Design and Administration

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.