SOLVED: Cannot View or Make Changes in Active Directory “Because an internal error occured” 467 Database Corrupt

If you tried to view or make changes in your Active Directory but see errors like:

Windows Cannot Complete The Password Change Because An Internal Error Occured
Windows Cannot Complete The Password Change Because An Internal Error Occured

or

Windows Event Viewer Directory Service NTDS ISAM Error 467 Database Corrupt
Windows Event Viewer Directory Service NTDS ISAM Error 467 Database Corrupt

You have two ready choices:

  1. Restore from Backup, which means rebooting into Active Directory Restore Mode, restoring your Windows System State and praying that all goes well, or;
  2. Try to repair your Active Directory.

Obviously there is not much downside to trying a repair, so lets to that:

  1. In msconfig, set the boot to Safe Boot and check Active Directory Repair
  2. Reboot the server
  3. Open a command prompt in administrator and type esentutl /g c:\windows\ntds\ntds.dit to perform an integrity check, (the results indicate that the jet database is corrupt)
  4. Ensure you have a backup of c:\windows\ntds\ntds.dit which is the active directory database for butt coverage
  5. Type esentutl /p   c:\windows\ntds\ntds.dit to repair the database and agree with the prompt
  6. Delete any log files in c:\windows\ntds\ which in my case did not exist
  7. In msconfig, deselect the boot to Safe Boot and uncheck Active Directory Repair
  8. Reboot the server, and verify your AD looks and smells pretty
  9. Wank it because you are a big stud

Note that Patrick Bergen did this entire process through Remote Desktop on an SBS 2008 server and all appears well.  Therefore we can say with certainty that Active Directory Restore Mode (at least on Small Business Server) is similar to Safe Mode With Networking.

Thanks Patrick… you are the big stud today!

Leave a Reply