Dsdbutil
Applies To: Windows Server 2003 R2
Provides management facilities for Active Directory Application Mode (ADAM). This tool is intended for use by experienced administrators.
Note
Some dsdbutil commands can be used only against ADAM instances that are not currently running.
The syntax for each command is listed below.
activate instance
authoritative restore
change service account
files
LDAP port
list instances
popups
quit
semantic database analysis
set DSRM Password
SSL port
Specifies the ADAM instance to be managed. At the dsdbutil: prompt, type the command using the syntax below. You cannot activate an ADAM instance if that ADAM instance is currently running.
activate instance instancename
- Instancename
Specifies the name of an ADAM instance to be managed.
Restores an ADAM instance to a specific point in time by marking objects in ADAM as being authoritative with respect to their replication partners. At the authoritative restore: prompt, type any of the parameters listed under "Syntax."
{restore database|**restore database verinc **%d|restore subtree %s|restore subtree %s verinc %d|restore object %s|restore object %s verinc %d}
- restore database
Marks all of Adamntds.dit (all directory partitions that are held by the ADAM instance) as authoritative. The schema cannot be authoritatively restored.
- restore database verinc %d
Marks all of Adamntds.dit (all directory partitions that are held by the ADAM instance) as authoritative, and increments the version number as follows. If verinc is not provided, the version number is increased by the age (in days) of the object being restored, multiplied by 100,000. If verinc is provided, the version number is increased by the age (in days) of the object being restored, multiplied by %d. Use this option only to authoritatively restore over a previous, incorrect, authoritative restore, such as an authoritative restore completed using a backup that contains incorrect data.
- %d
A numeric variable, such as the replication delay time period.
- restore subtree %s
Marks the subtree and all children of the subtree as being authoritative. The subtree is defined by using the full distinguished name of the object.
- restore subtree %s verinc %d
Marks the subtree and all children of the subtree as being authoritative, and increments the version number as follows. If verinc is not provided, the version number is increased by the age (in days) of the object being restored, multiplied by 100,000. If verinc is provided, the version number is increased by the age (in days) of the object being restored, multiplied by %d. The subtree is defined by using the full distinguished name of the object. Use this option only to authoritatively restore over a previous, incorrect, authoritative restore, such as an authoritative restore completed using a backup that contains incorrect data.
- restore object %s
Marks the object as being authoritative. The object is specified by using the full distinguished name of the object.
- restore object %s verinc %d
Marks the object as being authoritative, and increments the version number as follows. If verinc is not provided, the version number is increased by the age (in days) of the object being restored, multiplied by 100,000. If verinc is provided, the version number is increased by the age (in days) of the object being restored, multiplied by %d. The object is specified by using the full distinguished name of the object. Use this option only to authoritatively restore over a previous, incorrect, authoritative restore, such as an authoritative restore completed using a backup that contains incorrect data.
- %s
An alphanumeric variable, such as the name of an ADAM instance.
- Quit
Takes you back to the previous menu, or exits the utility.
- ? or help
Displays help at the command prompt.
Sets the service account for the ADAM instance. At the dsdbutil: prompt, type the command using the syntax listed below.
change service account account password
- account
The account to be used as the new ADAM service account.
- password
The password for the account to be used as the new ADAM service account.
Provides commands for managing directory service data and log files. The data file is called Adamntds.dit. At the files: prompt, type any of the parameters listed under "Syntax."
{compact to %s|header| info|integrity|move DB to %s|move logs to %s|recover|set path backup %s|set path db %s|set path logs %s|set path working dir %s
- compact to %s (where %s identifies an empty target directory)
Compacts the existing data file, and writes the compacted file to the specified directory. The directory can be remote; that is, it can be mapped by means of the net use command or by similar means. After compaction is complete, archive the old data file, and move the newly compacted file back to the original location of the data file.
- header
Writes the header of the Adamntds.dit data file to the screen. This command can help you analyze database problems.
- info
Analyzes and reports the free space for the disks that are installed in the system, reads the registry, and then reports the sizes of the data and log files. The directory service maintains the registry, which identifies the location of the data files, log files, and directory service working directory.
- integrity
Performs an integrity check on the data file, which can detect any kind of low-level database corruption. It reads every byte of the data file; therefore, it can take a long time to process large databases. Note that you should always run recover before performing an integrity check.
- move DB to %s (where %s identifies a target directory)
Moves the Adamntds.dit data file to the new directory that is specified by %s, and updates the registry so that, upon service restart, the directory service uses the new location.
- move logs to %s (where %s identifies a target directory)
Moves the directory service log files to the new directory that is specified by %s, and updates the registry so that, upon service restart, the directory service uses the new location.
- recover
Performs a soft recovery of the database. Soft recovery scans the log files and ensures that all committed transactions in the log files are also reflected in the data file. The ntbackup program truncates the log files appropriately. Logs are used to ensure that committed transactions are not lost if the system fails or if there is an unexpected power loss. Essentially, transaction data is written first to a log file and then to the data file. When you restart after failure, you can rerun the log to reproduce the transactions that are committed but that have not been written to the data file.
- set path backup %s (where %s identifies a target directory)
Sets the disk-to-disk backup target to the directory that is specified by %s. The directory service can be configured to perform an online, disk-to-disk backup at scheduled intervals.
- set path db %s (where %s identifies a target directory)
Updates the part of the registry that identifies the location and file name of the data file. Use this command only to rebuild an ADAM instance that has lost its data file and that is not being restored by means of normal restoration procedures.
- set path logs %s (where %s identifies a target directory)
Updates the part of the registry that identifies the location of the log files. Use this command only to rebuild an ADAM instance that has lost its log files and that is not being restored by means of normal restoration procedures.
- set path working dir %s (where %s identifies a target directory)
Sets the part of the registry that identifies the directory service's working directory to the directory that is specified by %s.
- %s
An alphanumeric variable, such as a domain or ADAM instance name.
- quit
Takes you back to the previous menu, or exits the utility.
- ? or help
Displays help at the command prompt.
Warning
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Note
Active Directory Application Mode is implemented on top of an indexed sequential access method (ISAM) table manager. This is the same table manager that is used by Microsoft Exchange Server, the file replication service, the security configuration editor, the certificate server, Windows Internet Name Service (WINS), and other Windows components. The version of the database that Windows Server 2003 uses is called extensible storage engine (ESENT). ESENT is a transacted database system that uses log files to support rollback semantics to ensure that transactions are committed to the database. Ideally, data and log files should be located on separate drives to improve performance and support recovery of the data if a disk fails.
Sets the Lightweight Directory Access Protocol (LDAP) communications port for the ADAM instance. At the dsdbutil: prompt, type the command using the syntax listed below.
LDAP port portnumber
- portnumber
Specifies the new communications port number to be used for LDAP on the ADAM instance.
Lists information about the ADAM instances installed on the current computer. To run this command, type list instances at the dsdbutil: prompt. This command does not require or accept any parameters.
Enables or disables interactive pop-up messages. To enable interactive pop-up messages, at the dsdbutil: prompt, type popups on. To disable pop-up messages, at the dsdbutil: prompt, type popups off.
Closes the dsdbutil command-line tool.
Analyzes data with respect to ADAM semantics. At the semantic database analysis: prompt, type any of the parameters listed under "Syntax."
{get %d|go|verbose %s}
- get %d
Retrieves the record number %d from Ntds.dit.
- go
Starts the semantic analysis of Ntds.dit. A report is generated and written to a file named Dsdit.dmp.n in the current directory, where n is an integer that is incremented each time that you carry out the command.
- verbose %s
Toggles verbose mode on or off.
- %d
A numeric variable, such as a replication delay time period.
- %s
An alphanumeric variable, such as a domain or ADAM instance name.
- quit
Takes you back to the previous menu, or exits the utility.
- ? or help
Displays help at the command prompt.
Unlike the file management commands described earlier, which test the integrity of the database with respect to ESENT database semantics, the semantic analysis analyzes data with respect to ADAM semantics. It generates reports on the number of records present, including deleted and phantom records.
Note
End users should not use this command except, when Microsoft requests them to use it as an aid in fault diagnosis.
This command does not apply to ADAM.
Sets the Secure Sockets Layer (SSL) communications port for the ADAM instance. At the dsdbutil: prompt, type the command using the syntax listed below.
SSL port portnumber
- portnumber
Specifies the new communications port number to be used for SSL on the ADAM instance.
If the variable has spaces in it, enclose it in parentheses, instead of in quotation marks, as follows:
connect to server (xxx yyy)
Format | Meaning |
---|---|
Italic |
Information that the user must supply |
Bold |
Elements that the user must type exactly as shown |
Ellipsis (...) |
Parameter that can be repeated several times in a command line |
Between brackets ([]) |
Optional items |
Between braces ({}); choices separated by pipe (|). Example: {even|odd} |
Set of choices from which the user must choose only one |
Courier font |
Code or program output |