Microsoft KB Archive/315131

= HOW TO: Use Ntdsutil to Manage Active Directory Files from the Command Line in Windows 2000 =

Article ID: 315131

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q315131





IN THIS TASK
SUMMARY
 * How to Start Your Computer Into Directory Services Restore Mode
 * How to Start Ntdsutil
 * How to Move the Database
 * How to Move Log Files
 * How to Recover the Database
 * How to Repair the Database
 * How to Set Paths

REFERENCES



SUMMARY
This step-by-step article describes how to manage Active Directory files from the command line and describes the main directory file. Microsoft Windows 2000 Directory Service is implemented on top of an indexed sequential access method (ISAM) table manager. This table is the same table manager that is used by Microsoft Exchange Server, the file replication service, the security configuration editor, the certificate server, Windows Internet Name Service (WINS), and other Windows 2000 components. The version of the database that Windows 2000 uses is called extensible storage engine (ESENT).

ESENT is a transacted database system that uses log files to support rollback semantics to ensure that transactions are committed to the database. Ideally, you should locate data and log files on separate drives to improve performance and to support recovery of the data if a disk fails.

The data file is called Ntds.dit. You can use the commands on the Files menu in Ntdsutil to manage the Directory Service data and log files.

ESENT provides its own tool called Esentutl.exe that you can use for certain database file management functions. Esentutl.exe is installed in the Winnt\System32 folder. Several of the Ntdsutil file management commands initiate Esentutl, which reduces the need to learn that tool's command-line arguments. If Ntdsutil initiates Esentutl, Esentutl generates a separate window that is configured with a large history so that you can scroll back to see all of the Esentutl progress indicators.

Windows 2000 Directory Service opens its files in exclusive mode. This means the files cannot be managed while the server is operating as a domain controller.

back to the top

How to Start Your Computer Into Directory Services Restore Mode

 * 1) Restart the computer.
 * 2) After the BIOS information is displayed, press F8.
 * 3) Use the down arrow to select Directory Services Restore Mode (Windows 2000 domain controllers only), and then press ENTER.
 * 4) Use the up and down arrows to select your computer, and then press ENTER.
 * 5) Log on using your administrative logon and password.

back to the top

How to Start Ntdsutil
Ntdsutil.exe is located in the Support Tools folder on the Windows 2000 CD-ROM. By default, this tool is installed in the System32 folder.
 * 1) Click Start, and then click Run.
 * 2) In the Open text box, type ntdsutil.

Type ? at the command prompt to access the help file for the tool.

back to the top

How to Move the Database
You can move the Ntds.dit data file to the new folder that is specified by the location variable. If you do so, the registry is updated so that Directory Service uses the new location when you restart the server.
 * 1) At the Ntdsutil command prompt, type files, and then press ENTER.
 * 2) At the file maintenance command prompt, type Move DB to  (where   is location of an existing folder that you have created for this purpose), and then press ENTER.

Verification is displayed.
 * 1) To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.

back to the top

How to Move Log Files
You can move the Ntds.dit data file to the new folder that is specified by the location variable. If you do so, the registry is updated so that Directory Service uses the new location when you restart the server.
 * 1) At the Ntdsutil command prompt, type files, and then press ENTER.
 * 2) At the file maintenance command prompt, type Move logs to  (where   is location of an existing folder that you have created for this purpose), and then press ENTER.

Verification is displayed.
 * 1) To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.

back to the top

How to Recover the Database
You can use Esentutl.exe to perform a soft recovery of the database. Soft recovery scans the log files and ensures that all committed transactions that exist in the log file are also reflected in the data file. The Windows 2000 Backup program truncates the log files appropriately.

Logs are used to ensure that committed transactions are not lost if your computer fails or if it experiences unexpected power loss. Transaction data is written first to a log file, and then it is written to the data file. After you restart the computer after failure, you can rerun the log to reproduce the transactions that were committed but that were not recorded to the data file.
 * 1) At the Ntdsutil command prompt, type files, and then press ENTER.
 * 2) At the file maintenance command prompt, type recover, press ENTER.

Verification is displayed.

NOTE: It is recommended that you perform a Semantic database analysis. Refer to the &quot;References&quot; section of this article for resources that describe how to perform the Semantic database analysis.
 * 1) To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.

back to the top

How to Repair the Database
WARNING: After you complete the procedure that is described in this section, Esentutl.exe performs a low-level repair of the data file. Use the repair command only on the advice of qualified service personnel, because this command can cause data loss. You can use this procedure to repair only the data that ESENT knows about. As a result, the repair operation may eliminate data that is key to the safe operation of Directory Service.
 * 1) At the Ntdsutil command prompt, type files, and then press ENTER.
 * 2) At the file maintenance command prompt, type repair, press ENTER.

Verification is displayed.

NOTE: It is recommended that you perform a Semantic database analysis. Refer to the &quot;References&quot; section of this article for resources that describe how to perform the Semantic database analysis.
 * 1) To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.

back to the top

How to Set Paths
You can use the set path command to set the path for the following items:
 * Backup: Use this parameter with the set path command to set the disk-to-disk backup target to the folder that is specified by the location variable. You can configure Directory Service to perform an online disk-to-disk backup at scheduled intervals.
 * Database: Use this parameter with the set path command to update the part of the registry that identifies the location and file name of the data file. Use this command only to rebuild a domain controller that has lost its data file and that is not being restored by means of normal restoration procedures.
 * Logs: Use this parameter with the set path command to update the part of the registry that identifies the location of the log files. Use this command only if you are rebuilding a domain controller that has lost its log files and is not being restored by means of normal restoration procedures.
 * Working Directory: Use this parameter with the set path command to set the part of the registry that identifies Directory Service's working folder to the folder that is specified by the location variable.

To run the set path command:
 * 1) At the Ntdsutil command prompt, type files, and then press ENTER.
 * 2) At the file maintenance command prompt, type set path   (where   is one of the parameters that is described in the preceding list and   is the path that you are setting for that object), and then press ENTER.

Verification is displayed.
 * 1) To exit the tool, type q at the command prompt, press ENTER, type q, and then press ENTER.

back to the top

