Re: Active directory corruption
- From: Blues Skies CTO <BluesSkiesCTO@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 6 Nov 2006 16:13:02 -0800
Very Good. I just ran in to offline defrag the other day. The problem occured
because my customer powered off the server during an update. Toasted the AD.
After running a defrag all was well. Though it may help.
Perhaps you could help me with my latest Boneheads gone wild episode.
During an installation of PHP I accidentally changed permissions for the
default web site and copied the permissions to all the child directories
like Exchange. We can no longer get into Exchange over the web and this is
also affecting our Http outlook access to where we cannot log in. I believe
to sole problem is permissions for each of the child sites.
--
Marc Levesque
CTO
Blue Skies Information Technologies, Inc.
MCP, MCSA, A+
"rrafiringa" wrote:
.
Well Monsieur Levesque,
if you get event id 467 from the directory service, it's more probable
that a hard repair with esentutl followed by a semantic analysis is the
way to go.
1. Reboot the server and press F8. Choose Directory Services Restore
Mode
from the Menu.
2. Check the physical location of the Winnt\NTDS\ folder.
3. Check the permissions on the \Winnt\NTDS folder. The default
permissions
are: Administrators - Full Control System - Full Control
4. Check the permissions on the Winnt\Sysvol\Sysvol share.
The default permissions are: NTFS Permissions: Administrators - Full
Control Authenticated Users - Read & Execute, List Folder Contents,
Read
Creator Owner - none Server Operators - Read & Execute, List Folder
Contents, Read System - Full Control
Note: You may not be able to change the permissions on these folders if
he
Active Directory database is unavailable because it is damaged, however
it
is best to know if the permissions are set correctly before you start
the
recovery process, as it may not be the database that is the problem.
5. Check the permissions on the root of the C:\ drive or the drive
where
the NTDS folder is located. Default NTFS permissions are: Everyone =
full
control
Note: In some cases it may be necessary to add the Administrator and
System
accounts with Full Control.
6. Make sure there is a folder in the Sysvol share labeled with the
correct
name for their domain.
7. Open a command prompt and run NTDSUTIL to verify the paths for the
NTDS.dit file. These should match the physical structure from Step 2.
To check the file paths type the following commands:
NTDSUTIL
Files
Info
This information is pulled directly from the registry and mismatched
paths
will cause Active Directory not to start.
Type Quit to end the NTDSUTIL session.
8. Rename the edb.chk file and try to boot to Normal mode. If that
fails,
proceed with the next steps.
9. Reboot into Directory Services Restore mode again. At the command
prompt, use the ESENTUTL to check the integrity of the database.
NOTE: You can use NTDSUTIL to check the Integrity, however esentutl is
usually more reliable.
Type the following command: ESENTUTL /g "\NTDS.dit" /!10240 /8 /o
(Note: Type the path without the quotes).
Note: The default path would be C:\Winnt\NTDS\ntds.dit, however it may
be
different in some cases.
The output will tell you if the database is inconsistent and may
produce a
jet_error 1206 stating that the database is corrupt.
If the database is inconsistent or corrupt it will need to be recovered
or
repaired .
To recover the database type the following at the command prompt:
NTDSUTIL
Files
Recover
If this fails with an error, type quit until back at the command prompt
and
repair the database using ESENTUTL by typing the following: ESENTUTL
/p
"\NTDS.dit" /!10240 /8 /o
(Note: Type the path without the quotes). Note: If you do not put the
switches at the end of the command you will most likely get a
Jet_error
1213 "Page size mismatch" error.
10. Delete the log files in the NTDS directory, but do not delete or
move
the ntds.dit file.
11. The NTDSUTIL tool needs to be run again to check the Integrity of
the
database and to perform a Semantic Database analysis.
To check the integrity, at the command prompt type:
NTDSUTIL
Files
Integrity
The output should tell you that the integrity check completed
successfully
and prompt that you should perform a Semantic Database Analysis.
Type quit. To perform the Semantic Database Analysis type the following
at
the NTDSUTIL Prompt
type: Semantic Database Analysis
Go
The output will tell you that the Analysis completed successfully.
Type quit and close the command prompt.
NOTE: If you get errors running the Analysis then type the following at
the
semantic checker prompt: semantic checker: go fix This puts the
checker in Fixup mode, which should fix whatever errors there were.
Bonne chance frangin.
Blues Skies CTO Wrote:
I would go into directory services restore mode from boot menu and
perform an
offline defrag of active directory. Look for repairing or defraging AD
--
Marc Levesque
CTO
Blue Skies Information Technologies, Inc.
MCP, MCSA, A+
--
rrafiringa
------------------------------------------------------------------------
rrafiringa's Profile: http://forums.techarena.in/member.php?userid=18734
View this thread: http://forums.techarena.in/showthread.php?t=620662
http://www.techarena.in
- Follow-Ups:
- Re: Active directory corruption
- From: rrafiringa
- Re: Active directory corruption
- References:
- Re: Active directory corruption
- From: rrafiringa
- Re: Active directory corruption
- Prev by Date: Re: WSUS as part of a new install of R2
- Next by Date: Re: Another companyweb cannot be displayed
- Previous by thread: Re: Active directory corruption
- Next by thread: Re: Active directory corruption
- Index(es):
Relevant Pages
|
