16.9. Repairing or Recovering the DIT
Problem
You need to repair or perform a soft recovery of the Active Directory DIT because a power failure or some other failure caused the domain controller to enter an unstable state.
Solution
Using a command-line interface
First, reboot into DS Restore Mode.
Run the following command to perform a soft recovery of the transaction log files:
> ntdsutil files recover q q
If you continue to experience errors, you may need to run a repair, which does a low level repair of the database, but can result in loss of data:
> ntdsutil files repair q q
If either the recover or repair are successful, you should then check the integrity (see Recipe 16.7).
Discussion
You should (hopefully) never need to recover or repair your Active
Directory database. A recovery may be needed after a domain
controller unexpectedly shuts down, perhaps due to a power loss, and
certain changes were never committed to the database. When it boots
back up, a soft recovery is automatically done in an attempt to
reapply any changes contained in the transaction log files. Since
Active Directory does this automatically, it is unlikely that running
the ntdsutil
recover
command will be of much help. The
ntdsutil
repair
, on the other
hand, can fix low-level problems, but it can also result in a loss of
data, which cannot be predicted. USE AT YOUR OWN PERIL!
I recommend you use extreme caution when performing a repair, and you may want to engage Microsoft Support first in case something really ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.