A Low Tech Way To Warn Against Disk Full Conditions

An area where AD admins have to keep an eye on is disk full conditions on the volume that contains the AD database %windir%\NTDS\NTDS.DIT. It’s not a common condition, but if it happens it usually happens to ALL the DCs in a domain…and then you’re in a world of hurt.

Sean Deuby

April 28, 2010

2 Min Read
ITPro Today logo in a gray background | ITPro Today

An area where AD admins have to keep an eye on is disk full conditions on the volume that contains the AD database %windir%NTDSNTDS.DIT. It’s not a common condition, but if it happens it usually happens to ALL the DCs in a domain…and then you’re in a world of hurt.

If you’ve taken the default installation parameters, this volume is C: and so contains the OS, and also contains SYSVOL and the database transaction logs. There are several common ways the disk can fill on you.

  • The AD database itself can grow. It won’t complain (it can scale way beyond anything you’ll ever possibly need), it’ll just grow. What might cause this? A rogue script adding objects (object flooding), using 3rd party utilities such as Quest Authentication Services to integrate a large number of non-Windows clients, or, if you’re still running Windows 2000 by any chance, adding a container-inheritable ACE at the domain head (causing an ACE to be added to every object in the domain. This was corrected in Windows 2003 with the single instance store.). These last two are more of a danger in large AD installations.

  • Adding large or too many files to SYSVOL. This can happen by adding very large files as part of Group Policy software installation, or adding files to the NETLOGON share (which resides on SYSVOL).

When something like this happens, it’s a real “all hands on desk” alert because any of these problems will immediately replicate to all other DCs in the domain (or possibly forest if you’ve got GCs everywhere). Suddenly you’ve got authorization and authentication for an entire domain in danger.

Obviously the right solution is to monitor your DCs for such conditions. A quick and dirty way to buy yourself some extra time to get around a growing space problem is to pre-allocate some disk space with placeholder files. When you start getting disk full warnings, you can simply delete a placeholder file or two, and you’ve suddenly given yourself several hours (or days if it’s slow growth) to correct the condition.

Creating a placeholder file is simple:

fsutil file createnew

So, I’d probably create a folder called “Placeholders” on the system partition and run this command a few times with different file names:

fsutil file createnew c:placeholdersplaceholder1.dat 5000000000

This will create a 5 GB placeholder file. NOTE: I do NOT recommend you create this file in a replicating directory, for example the NETLOGON share. It’s much better to manually create these on each DC than replicate 5 GB of sparse file around the domain!

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like