SUMMARY
This step-by-step article describes how to manage Active Directory files from the command line and describes the main directory file. Microsoft Windows 2000 Directory Service is implemented on top of an indexed sequential access method (ISAM) table manager. This table is the same table manager that is used by Microsoft Exchange Server, the file replication service, the security configuration editor, the certificate server, Windows Internet Name Service (WINS), and other Windows 2000 components. The version of the database that Windows 2000 uses is called extensible storage engine (ESENT).
ESENT is a transacted database system that uses log files to support rollback semantics to ensure that transactions are committed to the database. Ideally, you should locate data and log files on separate drives to improve performance and to support recovery of the data if a disk fails.
The data file is called Ntds.dit. You can use the commands on the
Files menu in Ntdsutil to manage the Directory Service data and log files.
ESENT provides its own tool called Esentutl.exe that you can use for certain database file management functions. Esentutl.exe is installed in the Winnt\System32 folder. Several of the Ntdsutil file management commands initiate Esentutl, which reduces the need to learn that tool's command-line arguments. If Ntdsutil initiates Esentutl, Esentutl generates a separate window that is configured with a large history so that you can scroll back to see all of the Esentutl progress indicators.
Windows 2000 Directory Service opens its files in exclusive mode. This means the files cannot be managed while the server is operating as a domain controller.
back to the top
How to Start Your Computer Into Directory Services Restore Mode
- Restart the computer.
- After the BIOS information is displayed, press F8.
- Use the down arrow to select Directory Services Restore Mode (Windows 2000 domain controllers only), and then press ENTER.
- Use the up and down arrows to select your computer, and then press ENTER.
- Log on using your administrative logon and password.
back to the top
How to Start Ntdsutil
Ntdsutil.exe is located in the Support Tools folder on the Windows 2000 CD-ROM. By default, this tool is installed in the System32 folder.
- Click Start, and then click Run.
- In the Open text box, type ntdsutil.
Type ? at the command prompt to access the help file for the tool.
back to the top
How to Move the Database
You can move the Ntds.dit data file to the new folder that is specified by the location variable. If you do so, the registry is updated so that Directory Service uses the new location when you restart the server.
- At the Ntdsutil command prompt, type files, and then press ENTER.
- At the file maintenance command prompt, type Move DB to Folder_location (where Folder_location is location of an existing folder that you have created for this purpose), and then press ENTER.
Verification is displayed. - To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.
back to the top
How to Move Log Files
You can move the Ntds.dit data file to the new folder that is specified by the location variable. If you do so, the registry is updated so that Directory Service uses the new location when you restart the server.
- At the Ntdsutil command prompt, type files, and then press ENTER.
- At the file maintenance command prompt, type Move logs to Folder_location (where Folder_location is location of an existing folder that you have created for this purpose), and then press ENTER.
Verification is displayed. - To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.
back to the top
How to Recover the Database
You can use Esentutl.exe to perform a soft recovery of the database. Soft recovery scans the log files and ensures that all committed transactions that exist in the log file are also reflected in the data file. The Windows 2000 Backup program truncates the log files appropriately.
Logs are used to ensure that committed transactions are not lost if your computer fails or if it experiences unexpected power loss. Transaction data is written first to a log file, and then it is written to the data file. After you restart the computer after failure, you can rerun the log to reproduce the transactions that were committed but that were not recorded to the data file.
- At the Ntdsutil command prompt, type files, and then press ENTER.
- At the file maintenance command prompt, type recover, press ENTER.
Verification is displayed.
NOTE: It is recommended that you perform a Semantic database analysis. Refer to the "References" section of this article for resources that describe how to perform the Semantic database analysis. - To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.
back to the top
How to Repair the Database
WARNING: After you complete the procedure that is described in this section, Esentutl.exe performs a low-level repair of the data file. Use the
repair command only on the advice of qualified service personnel, because this command can cause data loss. You can use this procedure to repair only the data that ESENT knows about. As a result, the repair operation may eliminate data that is key to the safe operation of Directory Service.
- At the Ntdsutil command prompt, type files, and then press ENTER.
- At the file maintenance command prompt, type repair, press ENTER.
Verification is displayed.
NOTE: It is recommended that you perform a Semantic database analysis. Refer to the "References" section of this article for resources that describe how to perform the Semantic database analysis. - To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.
back to the top
How to Set Paths
You can use the
set path command to set the path for the following items:
- Backup: Use this parameter with the set path command to set the disk-to-disk backup target to the folder that is specified by the location variable. You can configure Directory Service to perform an online disk-to-disk backup at scheduled intervals.
- Database: Use this parameter with the set path command to update the part of the registry that identifies the location and file name of the data file. Use this command only to rebuild a domain controller that has lost its data file and that is not being restored by means of normal restoration procedures.
- Logs: Use this parameter with the set path command to update the part of the registry that identifies the location of the log files. Use this command only if you are rebuilding a domain controller that has lost its log files and is not being restored by means of normal restoration procedures.
- Working Directory: Use this parameter with the set path command to set the part of the registry that identifies Directory Service's working folder to the folder that is specified by the location variable.
To run the
set path command:
- At the Ntdsutil command prompt, type files, and then press ENTER.
- At the file maintenance command prompt, type set path objectlocation (where object is one of the parameters that is described in the preceding list and location is the path that you are setting for that object), and then press ENTER.
Verification is displayed. - To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.
back to the top
REFERENCES
For additional information about how to perform a Semantic database analysis, click the article number below
to view the article in the Microsoft Knowledge Base:
315136 HOW TO: Complete a Semantic Database Analysis for the Active Directory Database by Using Ntdsutil.exe
For additional information about how to automate Ntdsutil.exe, click the article number below
to view the article in the Microsoft Knowledge Base:
243267 How to Automate Ntdsutil.exe Using a Script