yet another good question from the Newsgroups that I saw the other day. The question was:
When I delete objects from AD – the database does not shrink. Why?
First of all, it is important to understand the deletion process in AD. Deleting objects in AD doesn’t mean that you wipe the object right-away. The object is marked as deleted and then moved to the “Deleted Objects” container where it resides for a certain time (the tombstone life time) before it finally gets cleaned out off the directory. When cleaning it out, the database does not shring. The Garbage Collector process is out the just clean the database pages the object was written to. The pages are marked as “free” — and known as “Whitespace” from then on. This whitespace can then be used to write new data to the directory.
Twice a day, there’s “online defragmentation” happening on any DC. Note that this is nothing that could be replicated between the DCs. Defragmentation is done locally on the DC and changes the way data is stored in pages ‘physically’ in the database. Every DC is sure to store its data different than its friends do. So the service runs on any DC independently and does independent work. Unfortunately, online defragmentation does not gain any free space. It simply moves free pages together so that they get next to each other.
So if you really want to shrinkÂ your database’s size, you’ll need toÂ offline defragment it. That’s taking the DC down andÂ booting it into DSRM mode. You’ll fire upÂ NTDSUtil and use its “files”Â context and use the “compact toÂ <directory>” command.Â NTDSUtil is then going to create a whole new DIT file for you – and copy the contents of the old DIT without its whitespaces to the new location. Once it’s finished (it may take a while, depending on your DIT size, obviously). Once done, you copy the new, compressed whitespace-free DIT over to the place the current DIT resides.
Now, boot back into normal mode and use the newly created, whitespace-free NTDS.DIT file.
Do you need Offline Defragmentation? Here are a couple of fast facts:
- Yeah, if you run out of disk space. Check the eventID 1646 event after enabling “6 Garbage Collection” logging in HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics. The services runs twice a day, too and will print out the amount of whitespace in a DC’s DIT.
- Seriously, if you have to offline defrag your DIT just to gain a couple of MB to save your HDD from exploding, there’s something wrong with the DC and its hard disk management anyway, right? So offline defragging may not be the best choice to fix the problem.
- The database won’t slow down if it grows bigger. Lots of whitespace isn’t much of a problem.Â
- Offline Defrag involves downtime. Is it worth taking down your DC for a couple of minutes/probably some hours?
- The process creates a whole new DIT database.Â Performing a full backup of the new DIT is encouraged.Â
- You shouldn’t overwrite the current DIT but keep it in a safe location and use the compressed DIT. Just in case. You never know.