NTDSutil commands 1

Before you begin working with Ntdsutil, get to know the key AD database files - edb.log, ntds.dit, res1.log, res2.log, and edb.chk&emdash;all of which reside in \%systemroot%\ntds on a domain controller (DC) by default.

During AD installation, Dcpromo lets you specify alternative locations for these log files and database files. The best practice for a Win2K DC is to install the OS files, transaction logs, and database files on separate spindles. The most common approach is to install the files on separate mirrored drives (i.e., RAID 1). . . .

Typing NTDSUTIL ? will provide basic help information as shown below.

NtdsUtil performs database maintenance of the Active Directory store, management and control of the Flexible Single Master Operations (FSMO), and cleaning up of metadata left behind by abandoned domain controllers, those which are removed from the network without being uninstalled.

This is an interactive tool. Type "help" at the prompt for more information.

? - Show this help information

Authoritative restore - Authoritatively restore the DIT database

Configurable Settings - Manage configurable settings

Domain management - Prepare for new domain creation

Files - Manage NTDS database files

Help - Show this help information

LDAP policies - Manage LDAP protocol policies

Metadata cleanup - Clean up objects of decommissioned servers

Popups %s - (en/dis)able popups with "on" or "off"

Quit - Quit the utility

Roles - Manage NTDS role owner tokens

Security account management - Manage Security Account Database - Duplicate SID Cleanup

Semantic database analysis - Semantic Checker

Set DSRM Password - Reset directory service restore mode administrator account password