Create and Delete AD DS Partition with NTDSUTIL.EXE

AD DS partition Windows Server serves as a platform for building and deploying infrastructure within the corporate environment. This infrastructure deployment usually consists of applications, networks, user accounts, and web services. In this article, we shall learn Create and Delete AD DS Partition with NTDSUTIL.EXE. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS). Please see how to create, configure and apply Group Policy Objects on Windows Servers , and how to Install Windows Admin Center on Windows 10 & 11.

The NtdsUtil.exe tool not only allows you to create a custom AD DS partition but also enables you to perform several other AD DS-related management tasks actively. These tasks include NTDS database maintenance, creating snapshots, relocating database files, and offline defragmentation.

Caution: NTDSUTIL tool is a high level tool and is intended for use by experienced administrators. This steps applies to 2012, 2016, 2019 and 2022 versions.

Here is an excellent guide on Laps in Windows: How to Reset Directory Services Restore Mode (DSRM) Password.

What is NTDS?

Microsoft Windows Server uses NTDS (Windows NT Directory Services) as the directory service for storing data generated by Active Directory Domain Services (AD DS). Every Domain Controller in the domain saves the AD DS database in a file.

The AD DS database is stored in the ntds.dit file located in the NTDS folder of the system root, usually C:\Windows\NTDS. AD DS partition uses a concept known as multi-master replication to ensure that the datastore is consistent on all DCs. The AD DS refers to this process of ensuring data consistency and accuracy across all DCs as replication.

You see from the screenshot above that the AD DS database is just one file named NTDS.dit. NTDS.dit holds multiple partitions (config, schema, domain, app), each with unique data. Replication occurs within each partition’s topology.

Why do We Need a Custom AD DS Partition?

The reason why it is necessary to create an AD DS partition is some applications might need to store their data in the AD DS database. The idea of creating a custom AD DS partition usually occurs if there is a plan by an organization to develop an in-house suite of business applications.

Please see how to Manage Azure Virtual Machines with Windows Admin Center and Serial Console, and how to install and configure Active Directory Domain Services on Windows Server 2022

Creating AD DS Custom Partition using NTDSUTIL.exe Tool

We are going to go through the short steps of creating and deleting the AD DS custom partition through the following:

1: Run the command prompt (cmd) with elevated permission by Right-clicking it and clicking “Run as Administrator”.

In the Command Prompt Window, type ntdsutil.exe

2: You can also assess the Ntdsutil tool through the Run command dialog box by pressing Windows Key + R, the Run dialog box shows up type ntdsutil.exe

Now we are right in the NSDTUTIL.exe terminal console.

2. Confirm that the Active Instance is set to NTDS by running the command below

ac in ntds

3. Set the target to partition management, and establish server connection to the domain by running partition management, AD DS partition and Enter followed by typing connection.

This brings up server connection. From here type {connect_to_server_domain_name} and press the Enter key. Ensure you type the commands exactly as shown in the screenshot below, with parentheses and underscores.

4. Next step is to quit the Server connection by typing quit within the Ntdsutil.exe console. From here, let’s run the list command to list out all the existing AD DS partitions within the NTDS.dit file.

5. Create a new AD DS partition by running the command below within the partition management. Remember to replace the details with your details.

create nc dc=AppPartition,dc=tectdirectarchi,dc=com techdirectarchive.com

Increased Number of Partitions: A Comparison

Upon comparing the above and previous screenshots, you’ll notice an increase in partitions from 4 to 5.

6. The last step is to delete and quit the partition management as well as quit the entire NTDSUTIL.exe tool. Let’s do this by running the command below. This will delete the newly created AD DS partition. you can use the list command to confirm the deletion.

delete nc dc=AppPartition,dc=tectdirectarchive,dc=com

Note that when typing commands within the NTDSUTIL.exe terminal console, there no space between them. 

7. Now have done creating and deleting the, let’s go ahead and quit the NTDSUTIL.exe tool by typing quit in the terminal console.

In this article, you have been taken through the steps of “Create and Delete AD DS Partition with NTDSUTIL.EXE”. You learned about the NTDS directory service, its purpose, and the partitions within the NTDS.dit file.