Follow the procedure below to fix Microsoft Active Directory database problems (corrupted Active Directory due to e.g memory issues/disk problems): 1. Reboot the server and press F8. Choose Directory Services Restore Mode from the Menu. 2. Check the physical location of the Winnt\NTDS\ folder. 3. Check the permissions on the \Winnt\NTDS folder. The default permissions are: Administrators – Full Control System – Full Control 4. Check the Winnt\Sysvol\Sysvol folder to make sure it is shared. 5. Check the permissions on the Winnt\Sysvol\Sysvol share. The default permissions are: Share Permissions: —————— Administrators – Full Control Authenticated Users – Full Control Everyone – Read NTFS Permissions:—————– Administrators – Full Control Authenticated Users – Read & Execute, List Folder Contents, Read Creator Owner – none Server Operators – Read & Execute, List Folder Contents, Read System– Full Control Note: You may not be able to change the permissions on these folders if the Active Directory database is unavailable because it is damaged, however it is best to know if the permissions are set correctly before you start the recovery process, as it may not be the database that is the problem. 6. Make sure there is a folder in the Sysvol share labeled with the correct name for their domain. 7. Open a command prompt and run NTDSUTIL to verify the paths for the NTDS.dit file. These should match the physical structure from Step 2. To check the file paths type the following commands: Start a command prompt NTDSUTIL Files Info The output should look similar to: Drive Information: C:\ NTFS (Fixed Drive) free (2.9 Gb) total (3.9 Gb) D:\ NTFS (Fixed Drive) free (3.6 Gb) total (3.9 Gb) DS Path Information: Database : C:\WINNT\NTDS\ntds.dit – 10.1 Mb Backup dir: C:\WINNT\NTDS\dsadata.bak Working dir: C:\WINNT\NTDS Log dir : C:\WINNT\NTDS – 30.0 Mb total res2.log – 10.0 Mb res1.log – 10.0 Mb edb.log – 10.0 Mb This information is pulled directly from the registry and mismatched paths will cause Active Directory not to start. Type Quit to end the NTDSUTIL session. 8. Rename the edb.chk file and try to boot to Normal mode. If that fails, proceed with the next steps. 9. Reboot into Directory Services Restore mode again. At the command prompt, use the ESENTUTL to check the integrity of the database. NOTE: You can use NTDSUTIL to check the Integrity, however esentutl is usually more reliable. Type the following command: ESENTUTL /g “\NTDS.dit” /!10240 /8 /v /x /o (Note: Type the path without the quotes). Note: The default path would be C:\Winnt\NTDS\ntds.dit; however it may be different in some cases. The output will tell you if the database is inconsistent and may produce a jet_error 1206 stating that the database is corrupt. If the database is inconsistent or corrupt it will need to be recovered or repaired . To recover the database type the following at the command prompt: NTDSUTIL Files Recover If this fails with an error, type quit until back at the command prompt and repair the database using ESENTUTL by typing the following: ESENTUTL /p “\NTDS.dit” /!10240 /8 /v /x /o (Note: Type the path without the quotes). Note: If you do not put the switches at the end of the command you will most likely get a Jet_error 1213 “Page size mismatch” error. 10. Delete the log files in the NTDS directory, but do not delete or move the ntds.dit file. 11. The NTDSUTIL tool needs to be run again to check the Integrity of the database and to perform a Semantic Database analysis. To check the integrity, at the command prompt type: NTDSUTIL Files Integrity The output should tell you that the integrity check completed successfully and prompt that you should perform a Semantic Database Analysis. Type quit. To perform the Semantic Database Analysis type the following at the NTDSUTIL Prompt type: Semantic Database Analysis Go The output will tell you that the Analysis completed successfully. Type quit and closes the command prompt. NOTE: If you get errors running the Analysis then type the following at the semantic checker prompt: semantic checker: go fix This puts the checker in Fixup mode, which should fix whatever errors there were. 12. Reboot the server to Normal Mode. If any of these steps fail to recover the database the only alternative is to perform an Authoritative System State restore from backup in Directory Services Restore mode. For more information, please refer to the following articles: 315136 HOW TO: Complete a Semantic Database Analysis for the Active Directory http://support.microsoft.com/?id=315136 265706 DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation http://support.microsoft.com/?id=265706 258007 Error Message: Lsass.exe – System Error : Security Accounts Manager http://support.microsoft.com/?id=258007 265089 Event 1168: Windows 2000 DCs Unable to Boot into Active Directory http://support.microsoft.com/?id=265089 315131 HOW TO: Use Ntdsutil to Manage Active Directory Files from the Command http://support.microsoft.com/?id=315131 BR – Frank