Active Directory Corruption . .

L

Lee Royston-Hayes

I get the error following message when starting my PCD
(only) server in my mini network.

lsass.exe - System Error : Security Accounts Manager
initialization failed because of the following error:
Directory Service cannot start. Error Status: 0xc00002e1.
Please click OK to shutdown this system and reboot into
Directory Services Restore Mode, check the event log for
more detailed information

I have checked through all the support website but cannot
get back my corrupt active directory - I have tried the
soft restore / repair after booting in "Directory
Services Restore" mode. I do not have a backup to go back
to either.

Is there a way to re-initalise the Active Directory
in "Directory Services Restore" mode from scratch ?

Thx, Lee.
 
L

Lee

I checked the files using NTDSUtil.exe and also the
permissions too . . it's definately a gonna.

Help I need a new Active Directory !

Thanks in advance, I am stuck without my server.
 
J

Jerold Schulman

I get the error following message when starting my PCD
(only) server in my mini network.

lsass.exe - System Error : Security Accounts Manager
initialization failed because of the following error:
Directory Service cannot start. Error Status: 0xc00002e1.
Please click OK to shutdown this system and reboot into
Directory Services Restore Mode, check the event log for
more detailed information

I have checked through all the support website but cannot
get back my corrupt active directory - I have tried the
soft restore / repair after booting in "Directory
Services Restore" mode. I do not have a backup to go back
to either.

Is there a way to re-initalise the Active Directory
in "Directory Services Restore" mode from scratch ?

Thx, Lee.
Click to expand...


Use tip 2599 in the 'Tips & Tricks' at http://www.jsiinc.com to check /adjust
permissions.


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
N

NB

Have you created an emergency repair disk prior to this
problem occuring? If so, then reboot your server with
hte CD in the drive and do a repair it will ask you for
the repair disk in the floppy drive.

NB
 
B

Ben Ybarra [MSFT]

Hello Lee,

Thank you for your post.

If you have check permission and insure you pathing to the database is
correct then you may be dealing with a corrupted NTDS.DIT file.

You can check the integrity of the database by using either NTDSUTIL or
ESENTUTL.

Using NTDSUTIL:
===============
Start your computer in Directory Services Repair mode.
At a command prompt, type the following lines, pressing ENTER after each:
ntdsutil
files
Integrity

Using ESENTUTL:
================
Start your computer in Directory Services Repair mode.
At a command prompt, type the following lines, pressing ENTER after each:
"esentutl /g "<path>\ntds.dit" /!10240 /8 /v /x /o" (without the quotation
marks)

This will tell you if the database is corrputed and will attempt a soft
recovery by re-running the logs. If the database is corrupted, I highly
recommend you restore a system state backup (if you have one). If you do
not have a system state back you can repair the database using NTDSUTIL or
ESENTUTL (This is called a Hard Repair.) A hard repair will run through the
database purge any pages that do not add up to the correct checksum bit.
You will lose some data by doing a hard repair. ONLY PROCEED IF THIS IS THE
ONLY DOMAIN CONTROLLER.

Note: If you have other domain controllers within the domain, seize the
roles to another domain contoller and do a metadata cleanup of the bad DC
before and rebuild the machine.

WARNING:
Caution must be exercised when using the Repair command because you can
experience the random loss of data. The exact type of data that can be lost
is not known. This loss can occur when there is data necessary for the safe
operation of Active Directory that is not identified in the ESE.

Using NTDSUTIL:
===============
Start your computer in Directory Services Repair mode.
At a command prompt, type the following lines, pressing ENTER after each:
ntdsutil
files
Repair

Using ESENTUTL:
================
Start your computer in Directory Services Repair mode.
At a command prompt, type the following lines, pressing ENTER after each:
"esentutl /p "<path>\ntds.dit" /!10240 /8 /v /x /o" (without the quotation
marks)

Reference:
315131 HOW TO: Use Ntdsutil to Manage Active Directory Files from the
Command
http://support.microsoft.com/?id=315131

Windows 2000 Advance Troubleshooting:
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsbi/dsb
i_add_qouy.asp

Best of luck to you,
Ben Ybarra, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Directory Services cannot start 4
Security Accounts manager init failed 2
lsass.exe.Error. 0x00002e1 Error 1
Very Urgent:: lsass.exe System Error 1
Security Accounts Manager fails, directory services does not start 1
AD database corrupted 1
Directory services eror message 2
Directory Service Restore Mode ! 2

Top