Wednesday, 23 April 2014

How to move the Directory database and Log files to another drive

Understanding the concept

There are instances that the size of the AD database and log files cannot be accommodated by the  system drives since the size is small(permanently) or you need to reformat the preset hard disk because of any issues(temporarily ). If you reformat the original drive, use the same procedure to move the files back after the reformat is complete. Ntdsutil.exe updates the registry when you move files locally. Even if you are moving the files only temporarily, use Ntdsutil.exe so that the registry is always current. The registry entries that Ntdsutil.exe updates when you move the database file is under the location 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\' and the parameters Database backup path, Directory System Agent (DSA) database file and DSA working directory and for log files the parameter is Database log files path.

Important: Make sure that you have the full latest backup and there are enough space

Moving the Active Directory Database Files

Note: Manually determine the size of the NTDS folder under C:\windows\NTDS and make sure that you have enough space on system drive where you would like to move the database file and log files.

1.Open Command Prompt as an administrator: On the Start menu->click Command Prompt.
2.As the initial stage we need to stop the AD DS services.
For Windows server 2008 onwards these services are restartable during the normal operation and it can be achieved by a single command or stop the services from services console.
Open command prompt and type : net stop ntds and press ENTER. Type Y to agree to stop additional services, and then press ENTER(Refer the link to know more : http://technet.microsoft.com/en-us/library/cc732714(v=ws.10).aspx)


For server 2003 you cannot manually stop those services, we need to boot the server in Directory restore mode. Reboot the domain controller, select the appropriate installation from the boot menu, and press F8 to display the Windows 2000 Advanced Options menu. Choose Directory Services Restore Mode and press ENTER. Press ENTER again to start the boot process. Log on using the Administrator account with the password defined for the local Administrator account or directory service restore account that is defined during the ADDS installation(This will automatically stop the ADDS services and its related services).
3.At the command prompt, type ntdsutil, and then press ENTER.
4.At the ntdsutil prompt, type activate instance ntds, and then press ENTER. This will set "NTDS" or a specific AD                LDS instance as the active instance, here we have set to NTDS.
5.At the ntdsutil prompt, type files, and then press ENTER . This will cause NTDSUTIL to switch to the File Maintenance prompt which will help us to manage AD DS/LDS database files.
6.To move the database file, at the file maintenance: prompt, use the following command and press ENTER.
move db to<drive>:\<directory>
7.To move the log files, type the following command, and then press ENTER:
move logs to<drive>:\<directory>
where <drive>:\<directory> specifies the path to the new location. If the directory does not exist, Ntdsutil.exe creates it and if the directory path contains any spaces, the entire path must be surrounded by quotation marks, for example, move db to"E:\new folder".

In my case the default NTDS database and its log files are under the location 'C:\windows\NTDS' and I would like to move the NTDS files to 'E\NTDS'. So the command to move the database NTDS.dit become,
move db to E:\NTDS


Once the database is moved successfully you will have the message Move database is successful and the directories are updated in the DS path information(You can observe it in the square box of above picture). And for log files command will be,
move logs to E:\NTDS


Now you can verify the same that the log files also moved and the success message has appeared.
8.If you are moving the database file or log files temporarily, you can now perform any required updates to the original drive at this time. After you update the drive, repeat steps 3 through 9 to move the files back to the original location and continue from step 10.
9.If you want to move the NTDS files permanently to new location it is necessary to make sure that we have set the necessary permission as well.
  1. In Windows Explorer, right-click the folder to which you have moved the database file or log files, and then click Properties(Here for me the folder is E:\NTDS).
  1. Click the Security tab, and then click Advanced. Verify that the permissions are set as follows:
                   Administrators group and SYSTEM have Full Control over the folder.
                   If AdministratorsSYSTEM or both are not in the Name list, click Edit, and then click AddIn From this location, be                              sure that the name of your domain is selected, else you will not be able to locate and add these users. Type the object                       name as System, if necessary, and then click OK. Repeat to add Administrators and make sure both have full                                 permission.
                 iii.  In the Group or user names box, click any name that is not SYSTEM or Administrators and then click Remove. Repeat until the only remaining accounts are Administrators and SYSTEM and then click OK.
      The Include inheritable permissions from this object’s parent check box is cleared(If this option is selected, click Edit and clear the setting, and then click OK).
  1. No Deny permissions are selected.
10.Now at the file maintenance prompt type integrity, and then press ENTER(If you are not on file maintenance prompt follow step 1 to 5 to achieve this).
If the relocation of NTDS database and log files are success you will have success message on the command prompt.


11.Type q twice to exit the file maintenance prompt and ntdsutil.
12.Assumes every thing is working for you as well. Now restart the ntds services if the server is server 2008 by the command net start ntds at command prompt. If it is server 2003 restart the server in normal mode.

1 comment: