Move the directory database and log files to a local drive

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Move the files to a temporary destination if you need to reformat the original location, or to a permanent location if you have additional disk space. Moving the files can be performed locally by using Ntdsutil.exe or remotely (temporarily) by using a file copy.

If you need to reformat the partition that currently stores the database file, the log files, or both, then you must move the files temporarily while you reformat the original drive. After you reformat the drive, use the same procedure to move the files back. Even if you are moving the files only temporarily, use Ntdsutil.exe so that the registry is always current.

Administrative Credentials

To perform this procedure, you must provide the Directory Services Restore Mode password for the local administrator account.

To move the directory database and log files to a local drive

  1. In Directory Services Restore Mode, open a command prompt and change directories to the current location of the directory database file (Ntds.dit) or the log files, whichever you are moving.

  2. Run the dir command and make a note of the current size and location of the Ntds.dit file.

  3. At the command prompt, type ntdsutil and then press ENTER.

  4. At the ntdsutil: prompt, type files and then press ENTER.

  5. To move the database file, at the file maintenance: prompt, use the following commands:

    • To move the Ntds.dit file, type:

      move db to drive:\directory

    • To move the log files, type:

      move logs to drive:\directory

    where Drive:\directory specifies the path to the new location. If the directory does not exist, then Ntdsutil.exe creates it.

    Note

    If the directory path contains any spaces, the entire path must be surrounded by quotation marks (for example, move db to "g:\new folder").

  6. After the move completes, at the file maintenance: prompt, type quit and press ENTER. Type quit again and press ENTER to quit Ntdsutil.exe.

  7. Change to the destination directory and then run the dir command to confirm the presence of the files. If you have moved the database file, then check the size of the Ntds.dit file against the file size you noted in step 2 to be sure that you are focused on the correct file.

  8. If you are moving the database file or log files permanently, go to step 9.

    If you are moving the database file or log files temporarily, you can now perform any required updates to the original drive. After you update the drive, repeat steps 1 through 7 to move the files back to the original location.

    If the path to the database file or log files has not changed, go to step 10.

  9. If the path to the database file or log files has changed from the original location, check permissions on the database folder or logs folder while still in Directory Services Restore Mode, as follows:

    1. In Windows Explorer, right-click the folder to which you have moved the database file or log files, and then click Properties.

    2. Click the Security tab, and verify that the permissions are:

      Administrators group has Allow Full Control.

      System has Allow Full Control.

      Inheritable permissions are not allowed (checkbox is cleared).

      No Deny permissions are selected.

    3. If the permissions in step 9b are in effect, then go to step 10. If permissions other than those described in step 9b are in effect, then perform steps 9d through 9k.

    4. If Allow inheritable permissions from parent to propagate to this object is selected, click to clear it.

    5. When prompted, click Copy to copy previously inherited permissions to this object.

    6. If Administrators or SYSTEM, or both, are not in the Name list, click Add.

    7. On the Select Users or Groups page, in the Look in: box, be sure the name of the local computer is selected.

    8. In the Name list, click System if needed, and then click Add. Repeat to add Administrators, if needed, and then click OK.

    9. On the Security tab, click System and then in the Allow column, click Full Control. Repeat for Administrators.

    10. In the Name box, click any name that is not SYSTEM or Administrators, and then click Remove. Repeat until the only remaining accounts are Administrators and SYSTEM, and then click OK.

      Note

      Some accounts might appear in the form of security identifiers (SIDs). Remove any such accounts.

    11. Click OK to close Properties.

  10. At the command prompt, type ntdsutil and then press ENTER.

  11. At the ntdsutil: prompt, type files and then press ENTER.

  12. At the file maintenance: prompt, type integrity and then press ENTER.

    If the integrity check fails, perform semantic database analysis with a fixup record.

  13. If the integrity check succeeds, type quit and press ENTER to quit the file maintenance: prompt. Type quit again and press ENTER to quit Ntdsutil.exe.

  14. Restart the domain controller normally. If you are performing this procedure remotely over a Terminal Services connection, be sure that you have modified the Boot.ini file for normal restarting before you restart the domain controller.

    If errors appear when you restart the domain controller:

    1. Restart the domain controller in Directory Services Restore Mode.

    2. Check the errors in Event Viewer.

    If the following events are logged in Event Viewer on restarting the domain controller, address the events as follows:

    • Event ID 1046. “The Active Directory database engine caused an exception with the following parameters.” In this case, Active Directory cannot recover from this error and you must restore from backup media.

    • Event ID 1168. “Internal error: An Active Directory error has occurred.” In this case, information is missing from the registry and you must restore from backup media.