Event ID 16395 — Database Integrity
Applies To: Windows Server 2008
.jpg)
When a computer is promoted to become a domain controller, the promotion process converts the Security Accounts Manager (SAM) database into an Active Directory database.
Event Details
| Product: | Windows Operating System |
| ID: | 16395 |
| Source: | SAM |
| Version: | 6.0 |
| Symbolic Name: | SAMMSG_FATAL_UPGRADE_ERROR |
| Message: | A fatal error occurred trying to transfer the SAM account database into the directory service. A possible reason is the SAM account database is corrupt. |
Resolve
Retry promotion to a domain controller
A fatal error occurred when the Security Accounts Manager (SAM) database was undergoing conversion to Active Directory Domain Services (AD DS). The SAM database may be corrupt.
To perform these procedures on a computer joining an existing domain, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To perform these procedures on a computer creating a new domain in an existing forest, you must have membership in Enterprise Admins, or you must have been delegated the appropriate authority.
To perform these procedures on a computer creating a new forest, you must have membership in Adminstrators, or you must have been delegated the appropriate authority.
Restart the computer and try running the Active Directory Domain Services Installation Wizard.
To run the Active Directory Domain Services Installation Wizard:
- Click Start. In Start Search, type dcpromo, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Follow the directions in the Active Directory Domain Services Installation Wizard.
Verify
To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority. Perform all procedures on the computer that is logging the event.
Note: Before you stop the NTDS service, consider temporarily disabling the password-protected screen saver, if it is enabled. If the password-protected screen saver starts while the NTDS service is stopped, you will have to restart the computer to log in.
To check the integrity of the database:
- On the domain controller on which you want to verify the integrity of the Active Directory database, open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Stop the Active Directory database process: at the command prompt, type net stop ntds, and then press ENTER.
- To stop dependent services, type y, and then press ENTER.
- Type ntdsutil, and then press ENTER.
- Type activate instance ntds, and then press ENTER.
- Type semantic database analysis, and then press ENTER.
- Type go, and then press ENTER.
- Type quit, and then press ENTER twice. The command prompt appears.
- At the command prompt, type esentutl /mh c:\windows\ntds\ntds.dit, and then press ENTER. If the ntds.dit file is stored on a different volume and folder, enter that path instead of c:\windows\ntds. For example, if the ntds.dit file is on the E: drive in a folder named data, you would type esentutl /mh e:\data\ntds.dit.
- Next, run the command esentutl /g c:\windows\ntds\ntds.dit. Modify the path to the ntds.dit file as necessary. If there are no errors reported, the Active Directory database integrity is intact.
- Type net start ntds and press ENTER.
- Type quit, and then press ENTER. The command prompt disappears.
If you disabled the password-protected screen saver, you may enable it after the NTDS service starts.