No announcement yet.

Repairing corrupted AD / NTDS.dit file

  • Filter
  • Time
  • Show
Clear All
new posts

  • Repairing corrupted AD / NTDS.dit file

    I have a client that has have 3 domain controllers and I noticed that when I created a user it didn't replicate to DC2. When I looked at the even viewer / directory services I get an error event id: 2108 that basically is saying that the ntds.dit file is corrupted.


    I'm hoping that someone with more experience could guide me on the steps on what I should have done? Like what ntdsutil commands could I have entered to attempt repair?

    I did try the: ntdsutil semantic database go fix option but that didn't seem to do much.

    I read online that I can do eseutil to perform a lossy repair. What command I can do to attempt to perform repair using eseutil?

    I didn't have a backup of the system state.

    This machine was holding all the fsmo roles. When I tried to transfer these roles from another dc it the dc says that I can't because it can not contact the dc that was holding the roles.

    Should I have done a dcpromo /forceremoval ? And then seize the roles?

    I read that perhaps I could have done a seize from another dc and then clean the metadata? Would I have to perform the metadata cleanup on all of the domain controllers that are good? But, after that I can't bring that same computer back online. Is this the case even after doing metadata cleanup and doing a dcpromo /forceremoval?

    Now what I did finally after spending hours on this. Was copy the NTDS folder and NTFRS folder from another domain controller to the corrupted DC while in DSRM. That appears to have worked. Any issues I may encounter due what I have done?

    Any advice / suggestions would be appreciated. Although the DC appears to be fine, I would like suggestions on how I could have done a better job at this.

    Thanks you so much in advance.
    Last edited by diginet; 25th October 2008, 09:17.