This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Size of active directory database showing empty size

I am trying to run the a report 'Size of Active Directory Database'. However, the report comes back empty showing no size (MB). I figured out that it requires NTFS discovery to run and find C:\windows\NTDS folder in order to capture the size. My question is What permission do I need to give the service account to read the size of the NTDS database ? Keeping in mind we do not want to give Domain Admin access to this service account
  • The Size of Active Directory attribute does indeed query the size of the NTDS file, but not through the NTFS discovery. The AD discovery does the collection, and requires access to both the Domain controller's registry and file system. This is restricted to administrators.
  • Hi Peter,

    The AD discovery is running fine but the size of the NTDS folder is nowhere to be reported, the report shows empty which means there is a problem somewhere, I was being instructed by Quest to get the folder size etc by running the NTFS discovery but the discovery is failing because of Access Denied, I want to the exact permission required to get the required data in the discovery.
  • Size of Active Directory Database

    Shows the size of the Active Directory database for the selected computers. Contains a parameter to select the domains to be included in the report.

    Note: Run NTFS Discovery against Domain Controllers and collect folder C:\WINDOWS\NTDS\ and collect all files under this folder.

    support.quest.com/.../
  • Hello,

    I see there is an error in that documentation online. I will report it, thank you! I will still reiterate that the report "Size of Active Directory Database" is indeed an Active Directory report and does not require the NTFS discovery to be executed. The report will require read rights to the Domain Controller's Registry (SYSTEM\CurrentControlSet\Services\NTDS\Parameters), and will also need read access to the Domain Controller's Administrative share and the NTDS subfolder - which is only granted to members of the "Administrators" group of the domain.

    As an alternative, running the NTFS discovery against the same folder location (either through the windows administrative share "\admin$\ntds" or through the c$ administrative share) on the Domain Controllers, you can collect the file sizes. However, you still have to have read file/folder permissions on the Domain Controller's file system.