The Active Directory DIT file grows too fast

Article translations Article translations
Article ID: 829755 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page


The Ntds.dit directory information tree (DIT) file for the Active Directory directory service may grow too fast. For example, the size of this file may increase by approximately 50 percent in less than 24 hours. Because of this growth in file size, if your domain controller does not have sufficient hard disk space, your domain controller may crash.


This problem occurs because the security descriptor propagator behaves incorrectly when it encounters an error during an operation to add security descriptor core propagation data to a record in the DIT database.

Note The growth described in the "Symptoms" section of this article may also be caused when a valid operation against Active Directory requires more space to be allocated. One example of a valid operation that may cause this growth is an operation that makes many changes to the discretionary access control list (DACL) of an object at a level in Active Directory that affects many child objects. Before you install the hotfix that is described in the "Resolution" section of this article, try to determine whether operations have recently been performed that may cause many changes to occur in Active Directory.


Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


You must be running Microsoft Windows 2000 Service Pack 4 (SP4) to install this hotfix. For additional information about how to obtain SP4 for Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version        Size       File name
   29-Oct-2003  10:20  5.0.2195.6824    124,688  adsldp.dll
   29-Oct-2003  10:20  5.0.2195.6824    132,368  adsldpc.dll
   29-Oct-2003  10:20  5.0.2195.6824     63,760  adsmsext.dll
   29-Oct-2003  10:20  5.0.2195.6824    381,712  advapi32.dll
   29-Oct-2003  10:20  5.0.2195.6866     69,904  browser.dll
   29-Oct-2003  10:20  5.0.2195.6824    136,464  dnsapi.dll
   29-Oct-2003  10:20  5.0.2195.6824     96,016  dnsrslvr.dll
   29-Oct-2003  10:20  5.0.2195.6866     47,376  eventlog.dll
   29-Oct-2003  10:20  5.0.2195.6867    148,240  kdcsvc.dll
   23-Oct-2003  11:11  5.0.2195.6867    205,584  kerberos.dll
   20-Sep-2003  13:32  5.0.2195.6824     71,888  ksecdd.sys
   28-Oct-2003  19:45  5.0.2195.6869    511,248  lsasrv.dll
   28-Oct-2003  19:45  5.0.2195.6869     33,552  lsass.exe
   16-Oct-2003  13:33  5.0.2195.6866    114,960  msv1_0.dll
   29-Oct-2003  10:20  5.0.2195.6866    307,984  netapi32.dll
   29-Oct-2003  10:20  5.0.2195.6863    361,232  netlogon.dll
   29-Oct-2003  10:20  5.0.2195.6863    931,600  ntdsa.dll
   29-Oct-2003  10:20  5.0.2195.6824    392,464  samsrv.dll
   29-Oct-2003  10:20  5.0.2195.6824    113,936  scecli.dll
   29-Oct-2003  10:20  5.0.2195.6824    259,856  scesrv.dll
   29-Oct-2003  10:20  5.0.2195.6824     48,912  w32time.dll
   20-Sep-2003  13:32  5.0.2195.6824     57,104  w32tm.exe
   29-Oct-2003  10:20  5.0.2195.6824    126,224  wldap32.dll


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


For additional information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:
816915 New naming schema for Microsoft Windows hotfix packages
For additional information about the terminology that is used in this article, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft product updates, tools, and add-ons


Article ID: 829755 - Last Review: October 26, 2013 - Revision: 3.5
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
kbnosurvey kbarchive kbautohotfix kbhotfixserver kbqfe kbbug kbfix kbqfe kbwin2000presp5fix KB829755

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from