+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Thread, Corrupt AD HELP!! in Technical; I have a network with 2 Servers DC01 which is the root DC with everything and then a second DC02 ...
  1. #1
    Guest

    Corrupt AD HELP!!

    I have a network with 2 Servers DC01 which is the root DC with everything and then a second DC02 which has AD too

    DC01's AD has been corrupted and will now only boot into Directory Services Restore Mode. Tried to restore the system state from backup but to no avail.

    Done everything you can with ntdsutil but nothing helps.

    AD on DC02 is fine.

    How can i repair DC01 without having to repair the network?

  2. #2

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,069 Times in 760 Posts
    Rep Power
    330

    Re: Corrupt AD HELP!!

    Don't know if this will work but could you not transfer the operations master to your DC02 and then replicate the AD back over to DC01 and then re-transfer the operations master control back to DC01. Just a thought

  3. #3
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Corrupt AD HELP!!

    Quote Originally Posted by bossman
    Don't know if this will work but could you not transfer the operations master to your DC02 and then replicate the AD back over to DC01 and then re-transfer the operations master control back to DC01. Just a thought
    Thats what I would do. If your AD is intact then its less trouble in the long run. You can get alsorts of weird and wonderful things happening froma backup.
    The only time I would attempt to do what you are doing is if it was the only server.
    Seize the FSMO roles and go from there.

  4. #4
    Guest

    Re: Corrupt AD HELP!!

    DC01 will not boot into windows normally, only into Directory Services Restore Mode and DC02 cannot connect to DC01 to sieze the roles

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,941
    Thank Post
    1,343
    Thanked 1,788 Times in 1,111 Posts
    Blog Entries
    19
    Rep Power
    595

    Re: Corrupt AD HELP!!

    DC02 does not need access to DC01 to seize the roles ... you can force it.

    I don't have my Minasi library with me here but I am sure it'll be on Technet somewhere ...

    Have a look here for some more info.

  6. #6
    marco84's Avatar
    Join Date
    Jul 2005
    Location
    Manchester
    Posts
    146
    Thank Post
    4
    Thanked 5 Times in 4 Posts
    Rep Power
    19

    Re: Corrupt AD HELP!!

    Have a look at this article on Seizing FSMO roles

  7. #7

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    783
    Thank Post
    1
    Thanked 33 Times in 31 Posts
    Rep Power
    24

    Re: Corrupt AD HELP!!

    The following link provides information for using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

    http://support.microsoft.com/kb/255504

    You should also be able to sucessfully recover the active directory on DC01 from a system state backup. The following link willhelp.

    Active Directory Operations Guide

    I have recovered AD using the procedues listed in the above artical several times with great sucess.

    Good luck.

  8. #8

    Join Date
    Oct 2006
    Location
    uk
    Posts
    494
    Thank Post
    19
    Thanked 3 Times in 2 Posts
    Rep Power
    17

    Re: Corrupt AD HELP!!

    you could dcpromo down and back up again after transferring the fsmo roles this should recover AD. i had this happen and did a system state back up big mistake. so in the end had to seize the fsmo roles from non existant (well dead server) and then strip the sids (important) on the old server when i eventually fixed the raid array

  9. #9
    Guest

    Re: Corrupt AD HELP!!

    Thanks for the input guys.

    Have now managed to get the server to boot into normal windows mode. I know have the following errors in the event log.

    Code:
    Event ID: 474
    
    Source: ESENT
    
    Description:
    
    lsass (784) The database page read from the file "C:\WINDOWS\ntds\ntds.dit" at offset 10575872 (0x0000000000a16000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch.  The expected checksum was 3525701925 (0xd225f125) and the actual checksum was 4062572837 (0xf225f125).  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
    Code:
    Event ID: 11
    
    Source: Disk
    
    Description:
    
    The driver detected a controller error on \Device\Harddisk0.
    Code:
    Event ID: 24800
    
    Source: CPQCISSE
    
    Description:
    
    Logical drive 1, configured on 
    Array Controller in slot 2, returned a fatal error on a read/write request on the volume. 
    Logical block address dbcd40, block count 8, command 20, drive bus 1 and Drive Id
    Code:
    Event ID: 1084
    
    Source: NTDS Replication
    
    Description:
    
    Internal event: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller. 
     
    Object:
    CN=ICT01,OU=ICT Suite,OU=School Computers,DC=server,DC=local 
    Object GUID:
    f02c71f7-ea48-456e-bb50-675bd6f3d74c 
    Source domain controller:
    18cdebaf-0499-494b-b848-db32982019fb._msdcs.server.local 
     
    Synchronization of the local domain controller with the source domain controller is blocked until this update problem is corrected. 
     
    This operation will be tried again at the next scheduled replication. 
     
    User Action 
    Restart the local domain controller if this condition appears to be related to low system resources (for example, low physical or virtual memory). 
     
    Additional Data 
    Error value:
    1127 While accessing the hard disk, a disk operation failed even after retries.
    So I am guessing the problem lies with the HDD and Replication from DC02 to DC01.

    IYO do you think the HDD is failing or is it windows thinking it is due to other problems?

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Corrupt AD HELP!!

    The drive. Replace it before it fails entirely.

  11. #11
    Guest

    Re: Corrupt AD HELP!!

    Thanks Geoff you have made my day

    So would my plan of action be...

    1. Transfer FSMO roles to DC02

    2. Image and replace faulty DC01 HDD

    3. DCpromo down and back up again

    I understand that I then cannot transfer the FSMO roles back to the same server?

    What effect will this have on performance of the network as DC02 is really only a desktop spec PC running WUS?

    Or would just replaceing the HDD fix the replication issues and therefore repair the AD database?

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Corrupt AD HELP!!

    You need to remove the HDD as soon as possible. It may corrupt data in AD. This faulty data will then be replicated to the other DC. I suggest:

    1. Take DC1 offline now.
    2. Seize FSMO the roles on DC2.
    3. Repair/Replace the hardware on DC1 as required.
    4. Restore DC1 from a known good backup.
    5. Force a replication from DC2 to DC1.

  13. #13

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124

    Re: Corrupt AD HELP!!

    Quote Originally Posted by SYSMAN_MK
    Thanks Geoff you have made my day

    So would my plan of action be...

    1. Transfer FSMO roles to DC02

    2. Image and replace faulty DC01 HDD

    3. DCpromo down and back up again

    I understand that I then cannot transfer the FSMO roles back to the same server?

    What effect will this have on performance of the network as DC02 is really only a desktop spec PC running WUS?

    Or would just replaceing the HDD fix the replication issues and therefore repair the AD database?
    Replacing the disc might work but I'd transfer the FSMO roles first - you then won't impact on normal logons, user password changes etc.

    You don't say if it's 2000 or 2003 but 2003 server (I think with SP1 but it might be the basic) will attempt to transfer roles and then seize if it can't when you use ntdsutil so it's completely safe.

    AD is very good at not replicating "bad" data - ie if disc corruption has damaged a record then that won't get replicated.

    AD logons are very light in terms of network traffic and machine load so a decent spec workstation should easily cope with the load while you fix the main server.

    If the hard disc is failing then you may not be able to image it - what else is on it other than Windows and the DC role? If it's just a DC then you may find it's easier to just install Windows from scratch and dcpromo it. If there are print queues them use printmig3 to make a backup of them - it's then easy to put them back.

  14. #14
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,099
    Thank Post
    118
    Thanked 70 Times in 48 Posts
    Rep Power
    56

    Re: Corrupt AD HELP!!

    If you sieze the roles from DC01 and then restore DC01 from a known good backup, DC01 will comeback online thinking it's the holder of the master roles.

    Why don't you just transfer/sieze the roles from DC01
    Replace the hardware in DC01
    Reinstall server fresh
    Let them replicate.

    Job done

  15. #15
    Guest

    Re: Corrupt AD HELP!!

    Main problem is that DC01 is the main server for the lan. It is a primary school so the server was installed with single HDD with single partition. So the server is DNS / DHCP / Print Server / Etc. Plus is houses all user folders / profiles / network shares.

    At the moment windows has stoped the server from replicating with DC02. The main issues now are the Event ID: 474 NTDS ISAM / Event ID: 1084 NTDS ISAM.

    AD on DC01 can be accessed now and all data seems to be there except I get errors when trying to access an OU which houses all the IT suite computers.

    I am hoping now that this issue is being caused by the faulty hard drive and that "IF" i can image the old / new disks then AD will replicate again. Clutching at straws I know.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Corrupt Word/Excel files
    By ind13 in forum Office Software
    Replies: 5
    Last Post: 6th June 2008, 02:03 PM
  2. Replies: 2
    Last Post: 26th April 2007, 04:07 PM
  3. Profile Corrupt: User Cannot Logon
    By DaveP in forum Wireless Networks
    Replies: 4
    Last Post: 12th December 2006, 09:59 PM
  4. Restoring data from a corrupt sd card
    By timbo343 in forum Windows
    Replies: 4
    Last Post: 15th June 2006, 09:37 AM
  5. Recovering Files From a Corrupt Floppy
    By Preston in forum Windows
    Replies: 15
    Last Post: 27th April 2006, 03:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •