Active_Directory [SOLVED]: Database Corruption on Active Directory ntds.dit file. Event 467 On Primary DC

Active_Directory [SOLVED]: Database Corruption on Active Directory ntds.dit file. Event 467 On Primary DC

Home Forums Active Directory Active_Directory [SOLVED]: Database Corruption on Active Directory ntds.dit file. Event 467 On Primary DC

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #35909

    Anonymous

    QuestionQuestion

    I had some issues with my Primary Domain Controller last night. It blue screened and after restarting began a chkdsk. After some work, I was able to get the server back online and everything appears to be functional, but I am getting Event id 467 logs on it.

    NTDS (748) NTDSA: Database C:WindowsNTDSntds.dit: Index
    DRA_USN_CRITICAL_index of table datatable is corrupted (0).

    My other DC (I only have 2) does not display these logs and replication I believe is working.

    I’m not sure where to go from here. Should I transfer roles to my secondary DC to make it my primary and then demote and promote the DC that is spitting out logs?

    I also found this blog post about someone who had corruption on a secondary DC and was able to fix it: https://www.emmanuelrached.com/2014/11/20/dc-failing-due-to-corrupt-ntds-db/ It involves defragmenting the corrupted indexes and creating a new ntds.nit file. Is this something I should try?

    I also have nightly full server backups that I can try to restore. Although I tried to do this last night and Windows Recovery couldn’t find my .vhdx file even though I know it was there.

    I’m really not sure what caused this. It is running on a VM and all hardware on the host looks good. No other VMs are having issues. I did recently install Microsoft Identity Management on it which I know is not recommended on a DC, but it shouldn’t have caused this mess…

    #35910

    Anonymous

    Accepted AnswerAnswer

    There’s no such things as Primary of Secondary Domain Controllers. Those concepts died with Windows NT. All moderns DCs are multi-master peers.

    Because of this, I wouldn’t waste time trying to repair this specific error. I’d transfer the Operations Master roles, demote the failed DC, and remove it from the domain and spin up a fresh server to replace it.

    Source: https://serverfault.com/questions/887052/database-corruption-on-active-directory-ntds-dit-file-event-467-on-primary-dc
    Author: MDMarra
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.