π ~1 min read
Table of contents
Symptom & Impact
The Active Directory Domain Services on Windows Server 2019 pages heavily, causing slow LDAP responses and stalled replication. Logons slow across the domain, Group Policy processing times stretch, and SYSVOL convergence falls behind on partner DCs.
Environment & Reproduction
Reproduce on DCs with low memory or oversized indexes. Inspect Directory Service log and counters for NTDS and database cache.
Get-Service -Name ntds
Get-WinEvent -LogName System -MaxEvents 40
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 10Root Cause Analysis
Causes include insufficient RAM for the NTDS cache, runaway LDAP queries, oversized indexes after schema changes, or competing workloads on the DC.
Quick Triage
Capture NTDS database cache size, active LDAP query patterns, and replication backlog before changes.
sc.exe query ntds
Get-Service -Name ntds | Select-Object Status,StartType
Get-EventLog -LogName System -Newest 30 | Where-Object {$_.Source -match 'ntds'}Step-by-Step Diagnosis
Sample NTDS counters, list expensive LDAP queries, and check replication backlog metrics.
Get-WinEvent -LogName System -MaxEvents 50 | Where-Object {$_.ProviderName -match 'ntds'} | Select TimeCreated,Id,LevelDisplayName,Message
sc.exe qfailure ntds
sfc /verifyonly
Solution β Primary Fix
Add memory or reduce competing roles on the DC, then restart NTDS to rebuild the cache cleanly.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Restart-Service -Name ntds -Force
Get-Service -Name ntds | Select-Object Status,StartType
Get-WinEvent -LogName System -MaxEvents 20 | Where-Object {$_.ProviderName -match 'ntds'}
Solution β Alternative Approaches
If a runaway query is at fault, identify and throttle the calling application and add an appropriate index.
sc.exe config ntds start= auto
sc.exe failure ntds reset= 86400 actions= restart/60000/restart/60000/run/1000
Restart-Service -Name ntds -ForceVerification & Acceptance Criteria
Logon and LDAP query latency return to baseline and replication backlog clears within agreed SLA.
Get-Service -Name ntds
Get-WinEvent -LogName System -MaxEvents 25 | Where-Object {$_.ProviderName -match 'ntds' -and $_.LevelDisplayName -eq 'Error'}
Test-NetConnection -ComputerName localhost -Port Rollback Plan
Restore the previous DC role layout if added roles caused contention or remove problematic indexes.
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 5
wbadmin get versions
# Restore previous configuration export if availablePrevention & Hardening
Keep DCs role-focused, monitor LDAP query latency, and right-size memory for the directory dataset.
Get-Service -Name ntds | Export-Clixml C:/Temp/ntds-baseline.xml
Get-WinEvent -LogName System -MaxEvents 50 > C:/Temp/ntds-events.txt
Get-ScheduledTask | Where-Object {$_.TaskName -match 'ntds'}Related Errors & Cross-Refs
Related to events 1644, 2089, and NTDS database cache warnings.
Related tutorial: View the step-by-step tutorial for Windows Server 2019.
View all Windows Server 2019 tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Microsoft Learn references for AD DS performance tuning on Windows Server 2019.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
