This is an unusual one, but I would love to avoid rebuilding this server.
It is a SBS 2008, only about 10 users, but big mailboxes and hosting a complicated production website.
Approximately 6 months ago something happened to the NTDS.DIT file. It carried on working though and I only discovered now that there is a problem - too late for backups to be useful. If I try to add a user it fails and generates an error, besides that it works perfectly.
NTDSUtil says the file is corrupt. I have tried all combinations of NTDSUtil and ESENTUTL. This will not fix the file in such a way that the AD service will start (even when NTDSUtil gives the file the all clear).
In a non-SBS situation it would be straightforward to add another DC, promote it and remove AD from the problem server, then add the original DC server back again. I think this would work here because the data in AD is all readable.
But I have read that with SBS it could be problematic to follow this route, because it wants to be the only DC. SO my question is could I do this, and if so how?