You want to perform an offline defrag of the Active Directory DIT to reclaim whitespace in the DIT file.
First, reboot into Directory Services Restore Mode.
Next, check the integrity of the DIT, as outlined in Recipe 16.7.
Now, you are ready to perform the defrag. Run the following command to create a compacted copy of the DIT file. You should check to make sure the drive on which, you create the copy has plenty of space. A rule of thumb is that it should have at least 115% of the size of the current DIT available.
> ntdsutil files "compact to <TempDriveAndFolder>" q q
Next, you need to delete the transaction log files in the current NTDS directory.
> del <CurrentDriveAndFolder>\*.log
You may want to keep a copy of the original DIT file for a short period of time to ensure nothing catastrophic happens to the compacted DIT. If you are going to copy or move the original version, be sure you have enough space in its new location.
> move <CurrentDriveAndFolder>\ntds.dit <TempDriveAndFolder>\ntds_orig.dit > move <TempDriveAndFolder>\ntds.dit <CurrentDriveAndFolder>\ntds.dit
Repeat the steps in Recipe 16.7 to ensure the new DIT is not corrupted. If it is clean, reboot into normal mode and monitor the event log. If no errors are reported in the event log, make sure the domain controller is backed up as soon as possible.
Performing an offline defragmentation of your domain controllers can reclaim disk space if you've deleted a large number of objects from Active Directory. You should only perform an offline defrag when (and if) this occurs, e.g., following a spin-off. The database will reuse whitespace and grow organically as required. Typically, the database grows year over year as more objects are added, so the offline defrag should be seldom required. An offline defrag always carries a small element of risk, so it should not be done unnecessarily.
You might want to consider doing an offline defrag after the upgrade to Windows Server 2003. A new feature called single instance storage for security descriptors can greatly reduce the amount of space your DIT requires. With this new feature, unique security descriptors are stored once regardless of how many times they are used, whereas in Windows 2000 the same security descriptor would be stored individually on each object that uses it.
The key thing to plan ahead of time is your disk space requirements. If you plan on creating the compacted copy of the DIT on the same drive as the current DIT, you need to make sure that drive has 115% of the size of the DIT available. If you plan on storing the original DIT on the same drive, you'll need to make sure you have at least that much space available.
Recipe 16.2 for booting into Directory Services Restore Mode, Recipe 16.7 for checking the integrity of the DIT, MS KB 198793 (The Active Directory Database Garbage Collection Process), MS KB 229602 (Defragmentation of the Active Directory Database), and MS KB 232122 (Performing Offline Defragmentation of the Active Directory Database)