Odd problem with AD ntds.dit
I've an odd problem with one of our primaries 2008 Servers. Its the single DC for their domain, and seems to be working mostly ok (people can login etc) but when you open the DNS console both forward and reverse zones cannot be accessed (they are AD zones). Also, when opening the ADUC console you can browse nearly all of the OUs, with the exception of Users which generates an error (system error)
So I assumed this was a problem with the AD database as the DNS and Users OU are part of AD. Rebooting the server into restore mode and running the esentutl tool to repair the ntds.dit database results in an error at about 50% of the Defragmentation stage - saying there is an Illegal Duplicate (error -1605).
So after many repair attempts (and also trying ntdsutil as well) I decided to revert to one of the System State backups created using Windows Server Backup - we have backups for the last 25 days and every one results in the same corrupted ntds.dit database! So it looks like this problem has been happening since the start of the holidays - unfortunately we only have the 25 backups taking is back to early August as the school itself was closed until today!
So I'm a bit stuck now - the server is sort of working, but DNS clearly isn't and AD seems to be partially corrupt. Oddly Ranger is working fine as is DHCP so the staff are logging on OK - but I'd like to fix this without an OS re-installation if possible, although its looking likely thats the only option!
Is there any other way to repair the AD ntds.dit database, or even a third party tool to do this as the MS one drops out with the error?