Solved

Server 2008 Active Directory integrity check

Posted on 2010-09-17
9
2,766 Views
Last Modified: 2012-05-10
Receiving an error in Symantec Backup Exec 12.5:

Final error: 0xe000035a - The consistency check of the snapshot for the Microsoft Active Directory, ADAM or AD LDS database has failed. You should check for possible data corruption in the Active Directory, ADAM or AD LDS Server that is online.


The following error is received when trying to backup the System of the Domain Controller with the GRT option for Active directory selected and Active Directory Recovery Agent (ADRA) license is not installed.
Final error: 0xe000035a - The consistency check of the snapshot for the Microsoft Active Directory, ADAM or AD LDS database has failed. You should check for possible data corruption in the Active Directory, ADAM or AD LDS Server that is online.


This error points to the Active Directory Reocvery Agent in Backup Exec, we have not had this agent installed nor do we have a license for it.

Symantec support pondered this for approx. 4 months then decided that this was not their issue.  They referred me to:

http://technet.microsoft.com/en-us/library/cc780814.aspx
http://technet.microsoft.com/en-us/library/cc770715.aspx

I guess my question is what is the easiest way to Detect/Repair the integrity of the Active Directory?
0
Comment
Question by:Cyber_Junkie
  • 4
  • 3
  • 2
9 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 33704729
I don't know if their support pointed you to this, but it's worth a look (and to make sure something wasn't overlooked by them, since Symantec is...yeeaaah...): http://seer.entsupport.symantec.com/docs/286216.htm
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 33704744
Basically, that link says you should disable the option to restore individual items in Active Directory when taking your backups. Without the Granular Restore Technology used by the Active Directory Recovery Agent, you will only be able to run full backups of Active Directory rather than backing up individual objects.
0
 

Author Comment

by:Cyber_Junkie
ID: 33704745
Thx but we are not using backup to Disk, we are still using tape and we don't have exchange installed on this server.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 39

Expert Comment

by:Adam Brown
ID: 33704763
The fix still applies. Without the Active Directory Recovery Agent, GRT is just screwing up your backup because it doesn't know how to view individual objects in Active Directory. Turning off the option to "Enable the restore of individual objects from Active Directory backups" will disable the GRT check prior to backup. This should fix your problem. And it's not a difficult thing to just try out.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33704792
Start with ntdsutil and check it first. Using the procedures outlined http://technet.microsoft.com/en-us/library/cc961819.aspx (see Ensuring file integrity...)
On a 2008 box you can stop the AD service and check. In 2003/2000 you would have to boot and hit F8 and go into DSRM mode
If it fails http://technet.microsoft.com/en-us/library/cc816754(WS.10).aspx
If I'm betting I'd say your DB is ok
Thanks
Mike
0
 

Author Comment

by:Cyber_Junkie
ID: 33704826
I have gone through the backup job and I don't see the option to remove the check for "Enable the restore of individual objects from Active Directory backups."  I found online under settings Microsoft Dicrectory where it should be, but in my backup job, the Microsoft Active Directory line item is not there.
0
 

Author Comment

by:Cyber_Junkie
ID: 33705042
Will stopping the NTDS service also allow me to run the integrity check, it state in the article that it has to be run in Directory Services restore mode?

I stopped the NTDS service, started following the produre.  Typed in Ntdsutil <Enter> then Files <Enter> received Active Instance not set.  To set an active instance use "Activate Instance ".  I an only assume that there is a step missing and Activate Instance should be entered before files.  
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33706474
Yeah stopping the service will also do it. (mentioned that in my comment) That article is not updated for 2008.

You are right you have to first set an active instance.  See my screenshot from my 2008 R2 lab DC.  I reproduced your error then activated the ntds instance.

Thanks
Mike
Integrity-Check.png
0
 

Author Comment

by:Cyber_Junkie
ID: 33712512
Successful, no errors
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question