Bienvenue
Bienvenue dans l’univers Dell
Mon compte
- Passer des commandes rapidement et facilement
- Afficher les commandes et suivre l’état de votre expédition
- Créez et accédez à une liste de vos produits
- Gérer vos sites, vos produits et vos contacts au niveau des produits Dell EMC à l’aide de la rubrique Gestion des informations de l’entreprise.
Numéro d’article: 000138794
Windows Server: Active Directory database repair after Domain Controller failure
Résumé: How to repair Active Directory in Windows Server operating systems after Domain Controller failure?
Contenu de l’article
Symptômes
This article addresses Active Directory Repair on Windows Server operating systems.
Issue:
Upon startup, a Windows Server 2003 Active Directory domain controller (DC) displays a message prior to the login prompt, similar to this:
Application popup: lsass.exe - System Error : Security Accounts Manager initialization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.
The Active Directory (AD) database is corrupt; the server cannot authenticate AD domain members and will not boot into normal mode.
Solution:
In the absence of a recent systems state backup, the following steps may be used as an AD recovery attempt.
1. Restart the DC in Directory Services Restore Mode (DSRM).
a. On server startup, press F8 after the system BIOS and hardware service (e.g. PERC, iDRAC) initializations are complete.
b. From the boot menu, select 'Directory Services Restore Mode' and press Enter.
2. From the Windows Start button select Run and type 'cmd' to open a command prompt.
Type 'ESENTUTL /g C:\windows\NTDS\ntds.dit /!10240 /8 /o' and press Enter to do the initial integrity check.
In cases of database inconsistencies an error message, e.g. 'results CORRUPTED, -1206' will be returned.
3. Next, type 'NTDSUTIL' and press Enter. This launches the NTDS tools set.
a. At the prompt type 'Files' and press Enter to get to the NTDS file management utility
b. At the file maintenance: prompt type 'info' and press Enter to show locations of all AD database-related files.
4. At the file maintenance: prompt type 'Recover' and press Enter. This will initiate a 'soft' recovery of the AD database.
Note: With rare exception, this step is not sufficient in addressing the problem; it is, primarily, a preliminary step in diagnosing the depth of the issue.
Enter 'quit' at each prompt until returned to the Command (C:\<path>) prompt.
5. From the Command prompt type 'ESENTUTL /ml c:\windows\ntds\edb' to check the AD Database log files.
If this step fails, issue the following commands and press Enter after each:
a. 'DEL *.log'
b. 'DEL *.chk'
and proceed to Step 6.
6. From the Command prompt type 'ESENTUTL /p C:\Winnt\NTDS\ntds.dit /!10240 /8 /o' and press Enter to perform a 'hard' recovery
of the AD Database.
Warning: Upon successful completion, ESENTUTL /p returns the database to the state of its last committed transaction. Recent changes may be lost; for this reason a full System State restore from daily backup is the best-practice method of recovering an AD server.
7. From the Command prompt type 'ESENTUTL /g C:\Winnt\NTDS\ntds.dit /!10240 /8 /o' and press Enter to ensure database consistency.
8. Return to the NTDSUTIL prompt (see Step 3) and type 'sem dat ana' (truncated from 'Semantic Database Analysis') and press Enter.
From the semantic checker: prompt type 'go' and press Enter.
If a problem is detected, type 'go fix' and press Enter.
9. Restart the server in Normal Mode upon completion of all steps.
Additional Information:
http://support.microsoft.com/kb/258062
Cause
-
Résolution
-
Propriétés de l’article
Produit concerné
Servers, Microsoft Windows 2008 Server R2, Microsoft Windows 2008 Server Service Pack 2, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2
Dernière date de publication
08 أكتوبر 2021
Version
4
Type d’article
Solution