Windows 2000 Repair NTDS.dit - Single DC no system backups available.

Posted on 2014-01-13
Last Modified: 2014-01-25

My one and only Windows 2000 DC RAID controller crashed this morning and it seemed to corrupt my AD database since I am not able to log in. Upon windows services loading up I received an Issas error stating to reboot into Directory services mode..

So I did. I looked up all the NTDUTIL.EXE and ESENTUTL.EXE commands in order to repair/recover the ntds.dit db but no luck.

Command outputs generated error such as:

Operation terminated with error -1811 (JET_errFileNotFound, File not found)

Is there any special software or utility that maybe able to successfully repair this?

or am I stuck having to rebuild the server? :\

Question by:tobe1424
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 39777483
you got a file not found error - did you specify the path/file name correctly?
if you rebuild it you will have to add your systems to the domain and create all user accounts again since you have no backup and starting from scratch
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 250 total points
ID: 39777597
If you have attempted to use ESENTDSUtil and this did not fix your ntds.dit database then you are probably out of luck. You could possibly call Microsoft as they have some tools that are not released to the public which might be able to help you.

Microsoft only charges you if they correct the issue. So if you DC is worth fixing at most you would be spending approx $300.00 is Microsoft corrects the issue. If not, then you don't pay.

Out side of that if you do not have any system state backups for your AD environment or a second domain controller then you are out of luck.

LVL 37

Expert Comment

ID: 39777650
I don't think even MS will attempt to fix the issue as 2000 is out of support OS

Not sure if premium ticket (A grade) can allow to do this but they will charge $$$ hourly basis most probably

instead I suggest you to rebuild the server from scratch may be with latest OS (Windows 2008 at minimum)

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 53

Expert Comment

by:Will Szymkowski
ID: 39777663
Even though 2000 is out of support they should be able to do a "best efforts" attempt. MS ticekts are not hourly they are per incident.


Author Comment

ID: 39777709
thx for the pointers. I ended up correcting the path to c:\winnt\ntds\ntds.dit and used some other options and the repair process finished..

I opted for a chkdsk upon boot up. Now it's starting back up. let see how it goes..

I will advise shortly. Thanks again

Accepted Solution

tobe1424 earned 0 total points
ID: 39777748
The syntax below did the trick for me. my DC is now back online.

esentutl /p "c:\winnt\ntds\ntds.dit" /!10240 /8 /v /x /o

LVL 53

Expert Comment

by:Will Szymkowski
ID: 39777768
Great to hear!


Author Comment

ID: 39786916
I've requested that this question be closed as follows:

Accepted answer: 250 points for seth2740's comment #a39777483
Assisted answer: 250 points for Spec01's comment #a39777597
Assisted answer: 0 points for tobe1424's comment #a39777748

for the following reason:

the syntax entered worked correctly

Author Comment

ID: 39786912
i ended up discovering the correct syntax with the help of seth and spec01

Author Comment

ID: 39786917
seth's pointer helped me discover the correct syntax i needed in order to rebuild my AD db.

Author Comment

ID: 39803462
sounds good to me

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question