Active Directory maintains a multi-master database, like any other database there, can be data corruption and crashes. I have not come across an Active Directory environment that a full Active Directory database recovery is required. I have seen situations where there is some corruption that needs to be addressed.

By running integrity check, we can identify binary level AD database corruption. This tool comes as part of the Ntdsutil tool which is used for Active Directory database maintenance. This goes through the database file and checks for errors and assesses the integrity of the database. The integrity command also checks if correct headers exist in the database and if all of the tables are functioning and consistent. This process runs as part of Active Directory Service Restore Mode (DRSM).

*** To run these checks the NTDS service must be off.

In order to run integrity checker, we must complete the following steps:

    1. Log in to Domain Controller as Domain/Enterprise Administrator
    2. Open PowerShell as Administrator
    3. Stop NTDS service using the following command

net stop ntds

Next, run the following commands in order:

activate instance ntds

Now, in order to exit from the utility enter, quit.

It is also recommended to run Semantic database analysis to confirm the consistency of active directory database contents.

In order to check we need to run the following commands in PowerShell as Administrator, as we did before:

activate instance ntds
semantic database analysis 

If  the tool has detected any integrity issues you can type the below code to fix any integrity errors:

go fixup 

After the process is completed, we must restart ntds by running the below code:

net start ntds

This completes this tutorial on how to Detect Low-Level Active Directory Database Corruption. We are your Microsoft Server professionals. If you need assistance with your Microsoft Server, give us a call today!

Leave a Reply