0

System: Windows 2003 Server Enterprise Scenario: NTDS db is corrupt and all attempts to fix with esentutl fail. Ran chkdsk which seemed to repair disk error and give access to the ntds.dit file but still esentutl fails. (Attached the drive to a different server to run the esentutl)

Error:

Access to source database '[path to copy of]/ntds.dit' failed with Jet error -1022.

Operation terminated with error -1022 (JET_errDiskIO, Disk IO error) after 0.170 seconds.

This error occurs on any disk I copy the files to including original location in C:\WINDOWS\NTDS\

Now enter the "Stupid!" and "what was I thinking!?" part (must be the late hour...)

Stupid: No updated backup - after using a backup I get a network password error in the lsass error.

what was I thinking!?: Started the install repair from the original CD but the install fails since the AD fails to start.

Now I cant boot into any mode (safe mode, AD restore etc) nor complete the repair install.

I would really like to avoid a fresh install since I have the Exchange server on this DC and would rather migrate to a new server than have to start from scratch.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209

2 Answers2

1

It sure sounds to me that you're completely screwed. If you can't restore from backup and can't get the system online, then you're out of luck. In the future, you should take this as a lesson to:

  1. Take good backups
  2. Test your backups
  3. Not run Exchange (or other services) on a Domain Controller
MDMarra
  • 100,734
  • 32
  • 197
  • 329
0

Well in windows 2000 AD, ntds.dit is the actual database file. It's the central point for your user accounts, and everything else stored in AD. If this file is corrupt...i'm not certain on how to recover it. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects. Back to the real world. Only the Jet database can maniuplate information within the AD datastore.

Unfortunately, Kilgore2k, it seems like you're borked for the moment.
One thing to do in the future is to do regular backups (i know, i know, we've ALL heard it before). Get some drive-imaging software (Symantec Ghost, WinImg, etc), and get a snapshot of your drive/array. Then use backup software (start > run > ntbackup, or a 3rd party backup tool) to backup all of your files and such that change daily, weekly, etc.

I have a "vanilla" image of my domain controller and web server that i created..."vanilla" as in, after i installed everything, got the latest hot fixes in, etc, i made a snapshot of it. Then on Saturdays and Sundays i run a Full backup, and every day in between (monday-friday) i run an incremental backup.

So to restore, i just need to plop that snapshot back on the drives/arrays, then do a restore with my last full backup + the incrementals, and voila, server up and running (you would have to go into AD restore mode though for your DC).