active directory

Active Directory Database File Compaction and Defragmentation

Active Directory is a non-relational database and its size increasing over time, the database takes more and more disk space. If you remove the objects from Active Directory, the size of database file will not be changed, but the free space (white space) can be used to store new objects in that case. As any other database, Active Directory database must be periodically maintain to reduce data fragmentation, speed up search and increase LDAP-query performance.

There are two defragment types of Active Directory database:

  • Online defragmentation – performed automatically every 12 hours. In this case, Active Directory service on a domain controller continues to work. The data in file is reorganized, free blocks are released, but the file size is not reduced.
  • Offline defragmentation – performed only manually by Active Directory Administrator, but ADDS service on a DC is not available at this time. This type of defragmentation can significantly reduce AD database file size and slightly increase AD query performance.

Let’s take a look on how to perform offline defragmentation of the AD database on a domain controller with Windows Server 2012 R2.

The Active Directory database is stored in ntds.dit file (by default it is located in the folder C:\Windows \NTDS). Let’s check current size of the existing ntds.dit file. In this case, its size is about 120 MB.

READ ALSO  How to add Google calendar account to your Calendar app in Windows 10

ntds dit

Tip. Before you begin offline defragmentation, it is recommended to perform a full backup of ntds.dit database. You can do that using a standard Windows Server Backup (system state backup) or third-party utilities.

Before proceeding to the maintenance of Active Directory database file, you must stop AD DS domain service on current domain controller. To do this, open the Services console (Services.mmc), locate Active Directory Domain Services, right click on it and select Stop.


  1. Also you can stop ADDS using command: net stop NTDS
  2. To stop ADDS service on a domain controller with Windows Server 2003 or lower, you must restart the DC and boot into Directory Services Restore Mode using F8 key

active directory services

After that system warns you that when you will stop the AD Domain Services, the following dependent services will be stopped too:

  • Kerberos Key Distribution Center
  • Intersite Messaging
  • DNS Server
  • DFS Replication

active directory stop services

Next you need to open a Command prompt (or PowerShell) console as an Administrator.

For Active Directory maintenance use Ntdsutil.exe utility. To run it, type command:


ntdsutil powershell

Then you need to select current AD database instance and switch to the file mode, type this:

activate instance NTDS

The following command starts database compression process. As an argument of command you need to specify the folder path (in our example,  C:\Temp\NTDS-DB), in which the compressed copy of the database will be saved.

Compact to c:\temp\ntds-db

defragmentation powershell

After that AD database defragmentation process starts. Its duration depends on the database size. In our example, defragmentation was performed in one minute.

READ ALSO  Windows Server 2008 - "Printer Driver Is Not Installed On This Computer..."

ntds dit compaction

When process is completed, сheck the current size of AD database, as you can see ntds.dit file size was reduced from 120 to 35 Mb, almost in 3.5 times!

ntds DB

Now you can replace old fragmented ntds.dit to its defragmented version and delete old AD log files from folder C:\Windows\NTDS\:

Copy c:\Temp\NTDS\ntds.dit c:\windows\ntds
Del C:\Windows\ntds\*.log

ntds log

It is highly recommended to check the resulting ntds.dit file integrity, for this purpose type the following commands in the ntdsutil session:

file maintenance

If the integrity check will give an error, it is recommended to try to fix errors using that same ntdsutil utility (semantic database analysis with fixup), or restore a previous version of the file from backup.

To finish ntdsutil session, type “q” and “quit”.

It remains to run the AD DS service and check errors in the Directory Service log using Event View:

net start ntds

ntds start

Tip. Keep in mind that defragmentation and compression of Active Directory database should be performed on all domain controllers, because file ntds.dit is physically independent on each domain controller and is not replicated between DC.

You may also like:

Active Directory auditing: No simple road to succe... Auditing Active Directory almost always finds place at the top of the administrator’s to-do list. There are a number of pressing needs that make audit...
Join Domain and Login over a VPN Connection This is a short tutorial on how to join a computer to a domain over a VPN connection. This was very useful for us this weekend. We had to reformat a c...
How to hide specific OU in Active Directory The first thing you see while opening Active Directory Users and Computers (ADUC) snap-in is AD containers (Organization Unit, OU), in which user acco...
How to Install and Configure IIS Web Server with P... This guide will show you how to deploy your own IIS Web server, and enable it to run PHP on Windows 8 / Windows Server 2012. Thereafter this platform ...
How to fix language bar problem in Windows Server ... Not so long ago, one of our readers asked us how to fix a problem with his language bar when using RDP session. It doesn’t switch the keyboard layout ...