Using Ntdsutil

Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory. Use Ntdsutil to perform database maintenance of Active Directory, manage and control single master operations, remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled, and create application directory partitions. The tool has a series of menus that allow you to move between different management tasks. This tool is intended to be used by experienced administrators. By default, Ntdsutil is installed in the systemroot\System32 folder and can be accessed at the command prompt. For command-line information about the Ntdsutil command-line tool, see Ntdsutil.

You can invoke Ntdsutil from the command prompt with no arguments. Rather than support and extend an ever-increasing set of cryptic command-line arguments, the tool parses keyboard input after you invoke it. For example, you can type the following:

list roles for connected server

connect to server xxx

For convenience, you need only specify enough of each word to make it unique with respect to any other words that you can enter in that specific menu. Thus, as you become more familiar with the tool, you could type li r f c s rather than list roles for connected server.

Processing command input

Ntdsutil processes as input all the arguments that you type when you start the program. For example, if you type the following:

ntdsutil help connections help quit quit

Ntdsutil does the following steps:

1. Invokes Ntdsutil.exe.
2. Displays its Help information.
3. Invokes the Connections submenu.
4. Displays its Help information.
5. Closes the Connections submenu and returns to the top-level menu.
6. Quits the program.

Automating Ntdsutil commands

You can automate Ntdsutil by creating batch files or scripts that contain a series of Ntdsutil commands. Many Ntdsutil commands that perform writes, open by default a message that asks users if they really want to perform a particular operation. When these messages appear, the program will pause and wait for keyboard input. Use the Popups %s command to disable these messages when running Ntdsutil from a batch file or script. For example, to disable these messages, type the following:

popups no

To reenable the display of these messages, type the following:

popups yes

It is good practice to disable these messages only when you are scripting Ntdsutil commands and to reenable them as soon as you finish scripting.

Errors in Ntdsutil

Ntdsutil does not provide error level kick back or fail overs. The only way to verify that changes were made is to pars, then view the log file.