Active Directory Utilities

Active Directory's directory services maintenance utility (ntdsutil.exe) is one such effective command line tool that is primarily used for providing management facilities for the AD. Maintenance of Active Directory database along with the proper management and hold of single master operations, creation of application directory partitions, elimination of metadata left by domain controllers, SAM management, retuning of DSRM password, transferring FSMO role to a domain controller and many additional tasks can be conducted by making a proper use of directory services maintenance utility. This menu-driven tool has been developed for interactive use. Though, it can also be run by taking help of scripting commands.

Some of the most frequent jobs that can be conducted by utilizing ntdsutil.exe have been summarized below:

1. Authoritative restore: In an authoritative restore, definite data that has been marked as current is protected from getting overwritten throughout the replication process. During an authoritative restore procedure, all the changes that were made to repair and retrieve an object, which occur after creating the backup, are lost. Ntdsutil.exe is used to carry out an authoritative restore in tandem with system utilities of Windows Server 2003.
2. Configurable Settings: Manages and controls configurable settings.
3. Domain Management: Used for creating Naming Contexts and adding replicas to the Application Directory Partition of DNS.
4. Files: This functionality is offered merely on booting the server into Directory Restore Mode. It just plays a role of examining the integrity of NTDS.DIT and moving all related databases.
5. Roles (FSMO maintenance): Used for mapping the single operations master to the equivalent domain controller. For this function, ntdsutil.exe must be utilized together with NetDom or Active Directory snap-ins.
6. Reset DSRM password: Using this utility, it gets lot easier to reset the password of directory service recover mode.
7. Security Account Management: Meant for checking up the duplicate SIDs, especially during metadata cleanup.

Active Directory utilities are available with Windows server 2008 and Windows server 2008 R2, provided the AD DS and AD LDS server role are installed. Ntdsutil.exe is obtainable upon installing Active Directory Domain Services Tools, which are part of RSAT (Remote server Administration Tools).

Mentioned below are the steps that are necessary for running the command line utility ntdsutil.exe:

• Click Start> right click Command Prompt> Run as administrator
• In the elevated command prompt run ntdsutil.exe.

Reader, always remember in situation where only AD LSD server role is installed and not AD DS server role, Active Directory utilities such as dsdbutil.exe and dsmgmt.exe must be utilized in place of ntdsutil.exe for conducting the same required jobs.