+ Post New Thread
Results 1 to 4 of 4
Windows Thread, Repairing AD and SAM in Technical; Hi all, I am still having trouble with my DC. I can not get it going again (I cannot restore ...
  1. #1
    thegrassisgreener's Avatar
    Join Date
    Jul 2007
    Posts
    177
    Thank Post
    3
    Thanked 2 Times in 1 Post
    Rep Power
    0

    Repairing AD and SAM

    Hi all,

    I am still having trouble with my DC. I can not get it going again (I cannot restore from backup becasue it fails everytime)

    the problem is when the server starts it fails to start Security Accounts Manager.

    The only way I can access the server is in Safe Mode - Restore Active Directory - DC Only

    Any ideas anyone How I can get the server going again with AD

    any help would be great

    thanks

  2. #2

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    25

    Re: Repairing AD and SAM

    I'm just wondering whether you have checked that the RPC service is running? I ask this because the SAM relies on RPC to run and if RPC is disabled or for some reason not starting, SAM will also fail.

    Also, is the LSASS.EXE process showing up at all in Task Manager?

    A lot of the troubleshooting you will need to do will depend on the type of errors you are seeing. This article may help to start with:

    http://support.microsoft.com/kb/258062

    And if normal login is not working (because the SAM is corrupt or missing) you need to restore the SAM first from a known good backup.

    http://support.microsoft.com/kb/326216

    If this isn't your only DC then stop replication now. I would run a metadata cleanup on the DC too, and then if all else fails run a repair on NTDS.DIT- but that's a last resort. Look to the best System State backup you have and do that restore- if system state restore fails (as you seem to be saying) then you may have no other option than to try all of the above and if it still fails.....incidentally, if the System State backup is more than 180 days old (for Server 2003 SP1) or 60 days (for all other releases up to SP1) then it won't be new enough to restore from. This is because of the "tombstone" lifetime attribute.

    Hope that helps even a little. Good luck!

    Paul

  3. #3
    thegrassisgreener's Avatar
    Join Date
    Jul 2007
    Posts
    177
    Thank Post
    3
    Thanked 2 Times in 1 Post
    Rep Power
    0

    Re: Repairing AD and SAM

    thanks very much, if anyone else as any suggestions i would be very great full....

    how do i run a repair on NTDS.dit?

    cheers

  4. #4

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    25

    Re: Repairing AD and SAM

    Hi.

    There is quite a good (detailed) run-down here:

    http://www.tech-archive.net/Archive/...4-12/1295.html

    Basically though what you need to do is:

    1. Boot to AD Restore Mode
    2. Open a command prompt and run an integrity check using the Esentutl tool like so:

    esentutl /g "<path>\ntds.dit"/!10240 /8 /v /x /o

    3. Repair the DB by typing:

    esentutl /p "<path>\ntds.dit" /!10240 /8 /v /x /o

    The /p switch there removes the bad bits from the database- and doesn't repair them. That being the case, make sure you have read all the articles I linked to first (especially the MS KB below) and if you have another DC in the domain do not do this. Just demote the server/reinstall the server and restore the rest from backup tape etc.

    4. Afterwards delete the NTDS log files from the NTDS folder
    5. Restart your server and see if you can log in etc.

    http://support.microsoft.com/default...&Product=winsv

    If you have another DC in the domain- DO NOT DO THIS!

    Perhaps someone else will have a better way?

    Paul



SHARE:
+ Post New Thread

Similar Threads

  1. Repairing student home machines
    By tomscaper in forum General Chat
    Replies: 55
    Last Post: 17th October 2007, 09:38 PM
  2. Replies: 8
    Last Post: 28th December 2006, 10:30 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •