Windows Server

How to create and delete a custom AD DS partition with the NTDSUTIL.EXE Tool on Windows Server (Applies to 2012, 2016, 2019 and 2022 versions)

Slide2-1

Windows Server serves as a platform for building and deploying infrastructure within the corporate environment. This infrastructure deployment usually consists of applications, networks, user accounts, and web services. Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS). Aside from using the NtdsUtil.exe tool to create custom AD DS partitions, it also allows you to perform several other AD DS-related management tasks, such as NTDS database maintenance, including creating snapshots, relocating database, files, and offline defragmentation, removing metadata left behind by domain controllers that were removed from the network without being properly uninstalled, as well as resetting the password used to sign in to the Directory Services Restore Mode (DSRM).

Caution: NTDSUTIL tool is a high level tool and is intended for use by experienced administrators.

See also the following related articles how to create, configure and apply Group Policy Objects on Windows Servers , how to Install Windows Admin Center on Windows 10 & 11, how to Manage Azure Virtual Machines with Windows Admin Center and Serial Console, and how to install and configure Active Directory Domain Services on Windows Server 2022

What is NTDS?

NTDS (Windows NT Directory Services) is the directory service in Microsoft Windows Server used for storing data generated by Active Directory Domain Services (AD DS). The AD DS database is saved in a file on every Domain Controller in the domain. The AD DS database is stored in the ntds.dit file located in the NTDS folder of the system root, usually C:\Windows\NTDS. AD DS uses a concept known as multi-master replication to ensure that the datastore is consistent on all DCs. This process of ensuring data consistency and accuracy across all DCs on the AD DS is known as replication.

NTDS-Storage-Location-2

As you see from the screenshot above the AD DS database is just one file named NTDS.dit. Although the NTDS.dit appears to be a single file, there are different other partitions such as configuration, schema, domain, and application partition with different data that form part of the NTDS.dit file. Each partition is a unit of replication, and each partition has its own replication topology.

Why do We Need a Custom AD DS Partition?

The reason why it is necessary to create an AD DS partition is some applications might need to store their data in the AD DS database. Some of these applications use schema extensions while there are others that require creating custom AD DS partitions. The idea of creating a custom AD DS partition usually occurs if there is a plan by an organization to develop an in-house suite of business applications. In this case, you need to create a custom AD DS partition to facilitate the deployment of the new in-house developed suite of applications. You have to ensure that the AD DS replication remained fully operational throughout these changes so it won’t impact the business process.

Creating AD DS Custom Partition using NTDSUTIL.exe Tool

We are going to go through the short steps of creating and deleting the AD DS custom partition through the following:

  1. Run the command prompt (cmd) with an elevated permission by Right-clicking it and clicking you “Run as Administrator”. You can also assess the Ntdsutil tool through the Run command dialog box by pressing Windows Key + R, the Run dialog box shows up type ntdsutil.exe to take you the NSDTUTIL.exe terminal console.

2. Confirm that the Active Instance is set to NTDS by running ac in ntds command

Confirm-the-active-instance
NTDS Active Instance

3. Set the target to partition management, and establish server connection to the domain by running partition management, and Enter followed by typing connection. This brings up server connection. From here type {connect_to_server_domain_name} and press the Enter key. Make sure you type the commands exactly as it’s shown on the screenshot below with parenthesis and underscores.

Server-Connection
Partition Management and Server Connection

4. Next step is to quit the Server connection by typing quit within the Ntdsutil.exe console. From here, let’s run the list command to list out all the existing partitions within the NTDS.dit file. The reason why need to list out the partitions is to be sure of the numbers of existing partitions before we add the new one.

List-Partitions

5. Create a new partition by running create nc dc=AppPartition,dc=tectdirectarchi,dc=com techdirectarchive.com within the partition management. Remember to replace the details with your details.

Added-a-New-Partition
Create New AD DS Partition

If compare the above screenshot to the previous one, you will notice that the number of partitions has increased to 5 from 4 partitions.

6. The last step is to delete and quit the partition management as well as quit the entire NTDSUTIL.exe tool. Let’s do this by running delete nc dc=AppPartition,dc=tectdirectarchive,dc=com. This will delete the newly created partition. you can use the list command to confirm the deletion.

Deletion-is-successful2
Delete AD DS Partition
Note that when typing commands within the NTDSUTIL.exe terminal console, there no space between them. 

7. Now have done creating and deleting the AD DS Partition, let’s go ahead and quit the NTDSUTIL.exe tool by typing quit in the terminal console.

In this article, you have been taken through the steps of creating, and deleting the AD DS custom partitions. You also got exposed to what the NTDS directory service is all about, and what it is used for as well as learning about the partitions within the NTDS.dit file.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x