No announcement yet.

Deleted AD Transaction Logs!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Deleted AD Transaction Logs!


    I have accidently deleted a partition on one of four 2003 DC's that held the DC's AD transaction logs, this contained Edb*.log, Edb.chk etc,

    The Ntds.dit file was held on the system partition and is OK.

    I have no way of restoring these files

    This server is now no longer replicating and since a reboot I can ping but no longer remotely access the server via RDP (I think this is as the netlogon service has stopped)

    Can you tell me the best way to go about resolving this issue.

    If I recreate the deleted partition (assuming I find a way to logon!) and reboot will the logs be automatically recreated and will the DB resync? or will I have the demote the server and run dcpromo again?


  • #2
    Re: Deleted AD Transaction Logs!

    if transaction logs are deleted, what the DC does it would request all that data that was lost from it's partner DC.
    what I would do if I were you, I would boot into Directory recovery mode by pressing the F8 and try and log on the server and recreate the partition, then format it to the same Drive letter it was originally.
    I think that might do the trick, if not we would give you a different solution.


    • #3
      Re: Deleted AD Transaction Logs!

      I have recreated the partition, and the path which held the logs.

      The server will still not start when booting normally although when I go into Directory Services Restore mode, three new files have been created in the NTDS folder:


      In the event viewer I the following is listed:

      Internal error: An Active Directory error has occurred.

      Additional Data
      Error value (decimal):
      Error value (hex):
      Internal ID:



      Active Directory could not be initialized.

      The operating system cannot recover from this error.

      User Action
      Restore the local domain controller from backup media.

      Additional Data
      Error value:
      -550 %2


      I cannot run dcpromo to demote the server either as it is in restore mode

      Any ideas please?

      Many Thanks.


      • #4
        Re: Deleted AD Transaction Logs!

        dcpromo forcreremoval, metadata cleanup, dcpromo


        • #5
          Re: Deleted AD Transaction Logs!

          Thanks, can these commands be run using ntdsutil from the command line as I can only boot the server in directory restore mode in which running dcpromo does not work


          • #6
            Re: Deleted AD Transaction Logs!

            Originally posted by Garen View Post
            dcpromo forcreremoval, metadata cleanup, dcpromo
            I would not rush into it yet.


            • #7
              Re: Deleted AD Transaction Logs!

              At this point its probably the safest and quickest way to go. AD doesn't have self healing in place to deal with a screwup of that magnitude.

              You can try NTDSUTIL, Google it and look at the "recover" and "integrity" commands.
              Last edited by Garen; 15th December 2008, 19:22.


              • #8
                Re: Deleted AD Transaction Logs!

                Well I've to agree with Garen.
                I also think it's the easiest and quickest way to recover, especially if there are no backups and other healthy DC's in place.
                Technical Consultant

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"