Understanding the concept
There are
instances that the size of the AD database and log files cannot be accommodated
by the system drives since the size is
small(permanently) or you need to
reformat the preset hard disk because of any issues(temporarily ). If you reformat the original drive, use the same
procedure to move the files back after the reformat is complete. Ntdsutil.exe
updates the registry when you move files locally. Even if you are moving the
files only temporarily, use Ntdsutil.exe so that the registry is always
current. The registry entries that Ntdsutil.exe updates when you move the
database file is under the location
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\' and the parameters
Database backup path, Directory System Agent
(DSA) database file and DSA working
directory and for log files the parameter is Database log files path.
Important: Make sure that you have the full
latest backup and there are enough space
Moving the Active Directory Database Files
Note:
Manually determine the size of the NTDS folder under C:\windows\NTDS and make
sure that you have enough space on system drive where you would like to move
the database file and log files.
1.Open Command Prompt as an administrator: On the Start menu->click Command Prompt.
2.As the
initial stage we need to stop the AD DS services.
For Windows server 2008
onwards these services are restartable during the normal operation and it can
be achieved by a single command or stop the services from services console.
Open command prompt and type : net
stop ntds and press ENTER. Type Y
to agree to stop additional services, and then press ENTER(Refer the link to
know more : http://technet.microsoft.com/en-us/library/cc732714(v=ws.10).aspx)
For server 2003 you cannot
manually stop those services, we need to boot the server in Directory restore mode. Reboot the domain
controller, select the appropriate installation from the boot menu, and press
F8 to display the Windows 2000 Advanced Options menu. Choose Directory Services Restore Mode and press ENTER. Press ENTER again to
start the boot process. Log on using the Administrator account with the
password defined for the local Administrator account or directory service
restore account that is defined during the ADDS installation(This will
automatically stop the ADDS services and its related services).
3.At the
command prompt, type ntdsutil, and then
press ENTER.
4.At the
ntdsutil prompt, type activate instance ntds,
and then press ENTER. This will set "NTDS" or a specific AD LDS instance as the active
instance, here we have set to NTDS.
5.At the
ntdsutil prompt, type files, and then
press ENTER . This will cause NTDSUTIL to switch to the File Maintenance prompt
which will help us to manage AD DS/LDS database files.
6.To move
the database file, at the file maintenance: prompt, use the following command
and press ENTER.
move db
to<drive>:\<directory>
7.To move
the log files, type the following command, and then press ENTER:
move logs
to<drive>:\<directory>
where <drive>:\<directory>
specifies the path to the new location. If the directory does not exist,
Ntdsutil.exe creates it and if the directory path contains any spaces, the
entire path must be surrounded by quotation marks, for example, move db
to"E:\new folder".
In my case the default NTDS database and its log files are under the
location 'C:\windows\NTDS' and I would like to move the NTDS files to 'E\NTDS'.
So the command to move the database NTDS.dit become,
move db to E:\NTDS
Once the database is moved successfully you will have the message Move database is successful and the directories
are updated in the DS path information(You can observe it in the square box of
above picture). And for log files command will be,
move logs to E:\NTDS
Now you can verify the same that the log files also moved and the
success message has appeared.
8.If you
are moving the database file or log files temporarily,
you can now perform any required updates to the original drive at this time.
After you update the drive, repeat steps 3 through 9 to move the files back to
the original location and continue from step 10.
9.If you
want to move the NTDS files permanently to new location it is necessary to make
sure that we have set the necessary permission as well.
- In Windows Explorer, right-click the folder to which you have moved the database file or log files, and then click Properties(Here for me the folder is E:\NTDS).
- Click the Security tab, and then click Advanced. Verify that the permissions are set as follows:
Administrators group and SYSTEM have Full Control over the folder.
If Administrators, SYSTEM or both are not in the Name list, click Edit, and then click Add. In From this location, be sure that the name of your domain is selected, else you will not be able to locate and add these users. Type the object name as System, if necessary, and then click OK. Repeat to add Administrators and make sure both have full permission.
iii. In the Group or user names box, click any name that is not SYSTEM or Administrators and then click Remove. Repeat until the only remaining accounts are Administrators and SYSTEM and then click OK.
The Include inheritable permissions from this object’s parent check box is cleared(If this option is selected, click Edit and clear the setting, and then click OK).
If Administrators, SYSTEM or both are not in the Name list, click Edit, and then click Add. In From this location, be sure that the name of your domain is selected, else you will not be able to locate and add these users. Type the object name as System, if necessary, and then click OK. Repeat to add Administrators and make sure both have full permission.
iii. In the Group or user names box, click any name that is not SYSTEM or Administrators and then click Remove. Repeat until the only remaining accounts are Administrators and SYSTEM and then click OK.
The Include inheritable permissions from this object’s parent check box is cleared(If this option is selected, click Edit and clear the setting, and then click OK).
- No Deny permissions are selected.
10.Now at
the file maintenance prompt type integrity,
and then press ENTER(If you are not on file maintenance prompt follow step 1 to
5 to achieve this).
If the
relocation of NTDS database and log files are success you will have success
message on the command prompt.
11.Type q twice to exit the file maintenance prompt and
ntdsutil.
12.Assumes
every thing is working for you as well. Now restart the ntds services if the
server is server 2008 by the command net start
ntds at command prompt. If it is server 2003 restart the server in
normal mode.
Great! can i use DSDBUTIL to move NTDS?
ReplyDelete