Friday, July 13, 2007

Directory Services Restore Mode

Today, I am hearing from our AD Engineers, getting involved into failed domain controller due to DIT database reached in size 4GIG, and DC goes down. When you start Windows Server 2003 in Directory Services Restore Mode, the local Administrator account is authenticated by the local Security Accounts Manager (SAM) database. Therefore, logging on requires that you use the local administrator password, not an Active Directory domain password. This password is set during Active Directory installation when you provide the password for Directory Services Restore Mode. Follow the link below to move the DIT database to another location.

Administrative credentials

To perform this procedure, you must provide the Administrator password for Directory Services Restore Mode.

To restart the domain controller in Directory Services Restore Mode locally

  • Restart the domain controller.
  • When the screen for selecting an operating system appears, press F8.
  • On the Windows Advanced Options menu, select Directory Services Restore Mode.
  • When you are prompted, log on as the local administrator

The following conditions require moving database files:

• Hardware maintenance: If the physical disk on which the database or log files are stored requires upgrading or maintenance, the database files must be moved, either temporarily or permanently.

• Low disk space: When free disk space is low on the logical drive that stores the database file (Ntds.dit), the log files, or both, first verify that no other files are causing the problem. If the database file or log files are the cause of the growth, then provide more disk space by taking one of the following actions:

• Expand the partition on the disk that currently stores the database file, the log files, or both. This procedure does not change the path to the files and does not require updating the registry.

• Use Ntdsutil.exe to move the database file, the log files, or both to a larger existing partition. If you are not using Ntdsutil.exe when moving files to a different partition, you will need to manually update the registry.

If the path to the database file or log files will change as a result of moving the files, be sure that you:

• Use Ntdsutil.exe to move the files (rather than copying them) so that the registry is updated with the new path. Even if you are moving the files only temporarily, use Ntdsutil.exe to move files locally so that the registry remains current.

• Perform a system state backup as soon as the move is complete so that the restore procedure uses the correct path.

• Verify that the correct permissions are applied on the destination folder following the move. Revise permissions to those that are required to protect the database files, if needed.


 

The registry entries that Ntdsutil.exe updates when you move the database file are as follows:

In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\

Parameters:

• Database backup path

• Digital Signature Algorithm (DSA) database file

• DSA working directory


 

Relocating Active Directory Database Files

Best

Oz ozugurlu

1 comment:

Bob said...

Oz,

You have to check this out bro. This kid is awesome.

http://www.youtube.com/watch?v=KurrUEY9qq4

BTW, this is Bob from EMC.