Occasionally, we are hit with an issue and we need to boot the Domain Controller in Restore mode or we just need to perform a defragmentation on the NTDS database.

In this article, I’ll walk you through the process of using the bcdedit command to perform a defrag on a NTDS database.

Defragment NTDS Database

Before we start the defragmentation of the NTDS database, let’s go ahead and put the domain controller in Restore Mode. We do that by the opening an administrator command prompt and typing the following command:

bcdedit /set safeboot dsrepair

Next, we restart the server into a safe mode kind of state and then we continue to perform the database defragmentation.

But before you restart, if you are running at least Windows Server 2012 R2 or 2016, you can do all of this without having to restart the server into DSRM mode.

All you need to do is to go to the Services Console and stop the Active Directory Domain Services service. Then, you can continue to defragmenting the database.

So after you’ve done the above and have either restarted into DSRM, where you need to log in with the local user account and not the domain one (done by putting the server name followed by a backslash and then the Administrator user name), or you have stopped the ADDS service, you can  go to command prompt again and fire up the ntdsutil command.

You can then activate the NTDS instance by typing activate instance ntds and hitting Enter.

Next, type the command files, which will bring you into the file maintenance mode.

Then we run the compact command: compact to C:\. This creates a new ntds.dit file in the C:\ root.

Now that we’re done, we are going to copy the new compressed DIT file and overwrite the current one by opening command prompt and running the copy command as stated in the output.

copy "C:\ntds.dit" "C:\Windows\NTDS\ntds.dit"

del C:\Windows\NTDS\*.log

Now we can either restart the server or start back up the ADDS services, whichever method you had chosen in the first place. Enjoy!