Moving Active Directory database related files to another location


Here’s your problem for the day: your active directory files are on the system drive, perhaps because you inherited some Active Directory domain controllers, perhaps because a junior Windows system administrator did the DCPromo… You’re a professional Windows system administrator and you want to have them located elsewhere, say D:

The process is documented at Technet’s but requires two separate duties:

  • Moving the databases files per se, namely the ntds.dit and jet files; Starting with WIndows 2008, this is quick and easy, and downtimes may be unnoticed if you are quick enough
  • Moving the SYSVOL replicated share, takes more time and far from being simple

Moving the database and or logs files

It is documented under Move the directory Database and Log Files to a Local Drive and involve the following steps

  1. Disable your antivirus (as it may not guess what kind of files we are moving); that’s not in Microsoft’s procedure BTW
  2. create two elevated command prompt if your logs and database are separated; and for each of them go the actual location of the database or the log, e.g.
  3. cd C:\ADLogs or cd C:\ADDatabase
  4. Prepare a notepad with the following contents so you ‘ve got the two ntdsutil scripts:


    where d:\ntds is the target folder where you want the files to be moved to. I do not follow the practice to separate logs from databases because in most cases the speed of the storage is no longer the culprit and nowadays you likely have no influence over it (Virtual machines datastores, etc.),. What I want to achieve is separating the Active Directory files from the OS files.
  5. Stop the NTDS Service
  6. run the first script from the database folder and look for error messages
  7. run the second script from the logs folder and still look for error messages
  8. Start the NTDS Service
  9. Look into the Event Viewer for issues

The Microsoft documentation tells you to perform integrity and security checks but the output of the ntdsutil commands are rather verbose and safe. In addition, you may obtain the JET_errOutOfSessions error message when doing so, but the hotfix outlined by Microsoft is no longer applicable to latest releases of Windows 2008R2.

Moving the Sysvol share

The sysvol share move takes longer and exists in two flavors not related to the OS you’re running although what Microsoft says, but to the way the replication is done: are you FRS or DFS-R?

The two procedures are OK, but you have a few caveats in the Windows 2003 Version on Windows 2008.

  • Be sure to fill in the table located there
Parameter Current Value New Value
fRSRootPath
fRSStagingPath
Sysvol parameter in registry
Sysvol junction
Staging junction

 

  • In order to fill in this table, you can use Powershell by doing:

  • ¬†Assuming you are moving from C:\Windows\sysvol to D:\Sysvol, you’ll obtain something like this
Parameter Current Value New Value
fRSRootPath C:\Windows\SYSVOL\domain D:\SYSVOL\domain
fRSStagingPath C:\Windows\SYSVOL\staging\domain D:\SYSVOL\staging\domain
Sysvol parameter in registry C:\Windows\SYSVOL\sysvol D:\SYSVOL\sysvol
Sysvol junction C:\Windows\SYSVOL\domain D:\SYSVOL\domain
Staging junction C:\Windows\SYSVOL\staging\domain D:\SYSVOL\staging\domain
  1. Stop the NTFRS Service
  2. Copy the C:\Windows\Sysvol folder using File Explorer
  3. Change the registry key HKLM\System\CurrentControlSet\Services\NetLogon\Parameters\Sysvol to the new location
  4. Change both fRSRootPath and fRSStagingPath in the NTFRS object
  5. Change both junctions (On the C: and the D: drive)
  6. instead of using linkd, you may want to use the junction utility from the SysInternals tools. In this case you must remove the junction and then create it again

  7. Change the BurFlags to a non-authorative restore
  8. Restart the ntfrs service
  9. Perform the various dcdiag tests. If you missed one junction on scripts, NETLOGON won’t show up, just recreate it and restart the netlogon service.

 

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.