Recently my home server started reporting some errors with reading from the AD database file:

NTDS (612) NTDSA: A request to read from the file "C:\Windows\NTDS\ntds.dit" at offset 14368768 (0x0000000000db4000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (25 seconds) to be serviced by the OS. In addition, 1 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 3267 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Now, searching for the issue on the Internet seemed to just return a bunch of answers to check the disk, HDD is failing, etc.  All of which I knew was not to be true.  This wasn’t a hardware issue but something related to the way the system was working, so I decided to run a quick compact of the database and see if that cleared up the issue as compacting the AD DS database NTDS.DIT improves performance. Although the improvement varies depending on amount of changes to the database – at the very least I figured if it was bad sectors, a compact and copy would move the file to good sectors.

  1. Open the Services.msc panel and stop "Active Directory Domain Services" (also stops the services below)
    1. File Replication Service
    2. Kerberos Key Distribution Center
    3. Intersite Messaging
    4. DNS Server
  2. Open a command line, type the following (without quotes):
    1. “ntdsutil”
    2. “activate instance ntds”
      1. At this point, you should see the following:
      2. image
    3. “files”
    4. “compact to c:\temp”
      1. And now you should see a very poorly rendered ASCII graph showing that the compact was successful
      2. image
    5. At this point, enter “quit” twice.  Once to get out of file maintenance, the second to get out of the ntdsutil program
    6. Now, copy the ntds.dit file from temp over the file located in C:\windows\ntds\ntds.dit and delete all the *.log files
    7. Last step, start the "Active Directory Domain Services" in services.msc, the other dependant services that stopped will also come back up.

So, fingers crossed it all looks good.