Verifies integrity of AD DS or AD LDS database files with respect to Active Directory semantics. At the semantic checker: prompt, type any of the parameters listed under Syntax.

Ntdsutil is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use ntdsutil, you must run the ntdsutil command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

Syntax

[get %d] [{go | go fixup}] [verbose %s] [{check quota | rebuild quota}]

Parameters

Parameter Description

check quota

Integrity-check quota-tracking table (object owner quotas). This command checks if the quota table is correct, by trying to open the quota-tracking table and getting column information for each pre-defined column name.

get %d

Retrieves record number %d from the Ntds.dit.

go

Starts the semantic analysis of the Ntds.dit or AD LDS instance with no fixup.

A report is generated and written to a file named Dsdit.dmp.n, in the current directory, where n is an integer incremented each time that you carry out the command.

go fixup

Start semantic checker with fixup.

verbose %s

Toggles verbose mode on or off.

rebuild quota

Force asynchronous rebuild of quota-tracking table.

%d

A numeric variable, such as replication delay time periods.

quit

Takes you back to the previous menu or exits the utility.

?

Displays help at the command prompt.

Help

Displays help at the command prompt.

Remarks

  • Unlike the file management commands described earlier, which test the integrity of the database with respect to the ESENT database semantics, the semantic analysis analyzes the data with respect to Active Directory semantics. It generates reports on the number of records present, including deleted and phantom records.

    Note

    End users should not use this command except when Microsoft requests them to use it as an aid to fault diagnosis.
  • Before you can run the semantic database analysis subcommand, you need to set NTDS or an AD LDS instance as the active instance for ntdsutil. For example, if the AD LDS instance that you want to restore is named instance1, type the following command at the ntdsutil prompt before you run the authoritative restore subcommand:

    ac in instance1
  • You need to stop the AD DS or AD LDS service before you can run the semantic database analysis subcommand. To stop AD DS, click Start, click Server Manager. In the console tree, double-click Configuration, and then click Services. In the details pane, right-click Active Directory Domain Services and then click Stop.

Examples

To turn on verbose mode logging, type:

semantic checker: verbose on

To start the semantic analysis of the Ntds.dit with no fixup, type:

semantic checker: go

Additional references

Command-Line Syntax Key

Ntdsutil

authoritative restore

configurable settings

DS behavior

files

group membership evaluation

ifm

LDAP policies

local roles

metadata cleanup

partition management

roles

security account management

set DSRM password

snapshot


  • ifm
  • snapshot
  • security account management
  • set DSRM password