{"id":2449,"date":"2022-02-08T12:11:31","date_gmt":"2022-02-08T12:11:31","guid":{"rendered":"http:\/\/galhano.com\/blog\/?p=2449"},"modified":"2026-01-20T10:39:17","modified_gmt":"2026-01-20T10:39:17","slug":"using-ntdsutil-tool-to-manage-active-directory","status":"publish","type":"post","link":"http:\/\/galhano.com\/blog\/?p=2449","title":{"rendered":"Using Ntdsutil Tool to Manage Active Directory"},"content":{"rendered":"\n<p> The NTDSutil.exe utility is one of the key tools to manage Active Directory and its database (ntds.dit file). <\/p>\n\n\n\n<p>The NTDSutil utility can be used by AD administrators in various scenarios. Most often the utility is used to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Transfer (seizing) FSMO roles in the AD domain between domain controllers;<\/li><li>Authoritative restoring of deleted objects in Active Directory;<\/li><li>Remove faulty (missing) AD domain controllers;<\/li><li>Performing AD database maintenance: checking integrity, compressing,\n moving the ntds.dit file or AD log files to another drive on a domain \ncontroller in order to increase performance;<\/li><li>Active Directory snapshot management;<\/li><li>Change the administrator password for the DSRM (Directory Services Restore Mode) recovery mode.<\/li><\/ul>\n\n\n\n<p>To display the basic syntax of the NTDSutil utility, open an elevated command prompt on the domain controller and run:<\/p>\n\n\n\n<p>[ps]Ntdsutil.exe \/?[\/ps]<\/p>\n\n\n\n<p> As you can see, the Ntdsutil utility has a few subcommands available. Let\u2019s try to learn them in more detail with examples. <\/p>\n\n\n\n<p>Let me remind you that in the AD there are five <a href=\"https:\/\/theitbros.com\/fsmo-roles\/\">FSMO<\/a> (Flexible Single Master Operation) roles:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li><a href=\"https:\/\/theitbros.com\/fsmo-role-schema-master\/\">Schema master<\/a>;<\/li><li><a href=\"https:\/\/theitbros.com\/fsmo-role-domain-naming-master\/\">Domain naming master<\/a>;<\/li><li><a href=\"https:\/\/theitbros.com\/fsmo-role-rid-master\/\">RID master<\/a>;<\/li><li><a href=\"https:\/\/theitbros.com\/fsmo-role-pdc-emulator\/\">PDC emulator master<\/a>;<\/li><li><a href=\"https:\/\/theitbros.com\/fsmo-role-infrastructure-master\/\">Infrastructure master<\/a>.<\/li><\/ol>\n\n\n\n<p>These  roles can be assigned to different domain controllers in the AD forest  and\/or domain. The current owners of FSMO roles can be obtained using  the command:<\/p>\n\n\n\n<p>[ps]netdom query fsmo[\/ps]<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>source link: <a href=\"https:\/\/theitbros.com\/ntdsutil\/\">https:\/\/theitbros.com\/ntdsutil\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The NTDSutil.exe utility is one of the key tools to manage Active Directory and its database (ntds.dit file). The NTDSutil utility can be used by AD administrators in various scenarios. Most often the utility is used to: Transfer (seizing) FSMO roles in the AD domain between domain controllers; Authoritative restoring of deleted objects in Active [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[215,6],"tags":[],"class_list":["post-2449","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-networking","author-admin"],"_links":{"self":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2449"}],"version-history":[{"count":2,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2449\/revisions"}],"predecessor-version":[{"id":2451,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2449\/revisions\/2451"}],"wp:attachment":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2449"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}