Event ID 1150 — Schema Operations

  • Article

Applies To: Windows Server 2008 R2

Schema operations include the following:

  • Updating the schema cache
  • Updating the schema index
  • Implementing schema modifications
  • Maintaining schema integrity

Event Details

Product: Windows Operating System
ID: 1150
Source: Microsoft-Windows-ActiveDirectory_DomainService
Version: 6.0
Symbolic Name: DIRLOG_SCHEMA_COLUMN_ADD_FAILED
Message: The attempt to create a new database column for the following new attribute failed.

Attribute identifier:
%1
Attribute name:
%2

The attribute definition was ignored.

Additional Data
Error value:
%3 %4

Resolve

Correct the schema modification error condition

There are several steps that you can use to resolve this issue. After you complete each procedure, check Event Viewer to see if this event, Event ID 1150, continues to be reported. If the event continues to be reported, proceed to the next procedure.

  1. Start Active Directory replication.
  2. Restart the computer.
  3. Compact the Active Directory database.
  4. Restore the Active Directory database from backup media.

To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority. Perform all procedures on the computer that is logging the event.

Start Active Directory replication

To start Active Directory replication:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type **repadmin /syncall /user:**domain\user **/pw:**password, and then press ENTER. Substitute the appropriate domain name, user name, and password for domain, user, and password, respectively. The command output indicates whether synchronization started successfully.

Note: If Event ID 1150 continues to occur, restart the computer and check for the event again before continuing to the next procedure.

To compact the Active Directory database or to restore it from backup, you need the Directory Services Restore Mode password. If you do not know the Directory Services Restore Mode password, you can reset it by using the Ntdsutil tool and the instructions in article 322672 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=95915).

Compact the Active Directory database

To compact the Active Directory database:

Note: To compact the Active Directory database, you must have enough free disk space to approximately double the size of the existing database. This is because an expanded copy of the database is made during the compaction. If you do not have that much room on the existing partition on which Active Directory Domain Services (AD DS) is stored, compact the database to another volume where enough space is available. Also, before stopping the NTDS service, consider temporarily disabling the password protected screen saver, if it is enabled. If the password protected screen saver starts while the NTDS service is stopped, you will have to restart the server to log in.

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type net stop ntds, and then press ENTER.
  3. At the command prompt, type ntdsutil, and then press ENTER.
  4. At the command prompt, type Activate Instance NTDS, and then press ENTER.
  5. At the command prompt, type files, and then press ENTER.
  6. At the command prompt, type compact to folderLocation, and then press ENTER. Substitute a folder location to which you want to create the compacted database for fileLocation. For example, if you want to compact the database to a folder named Data in the c: drive, type compact to c:\data, and then press ENTER.
  7. When the compaction is complete, the command output gives directions for copying the compacted database over the existing database.To exit Ntdsutil, type quit, and then press ENTER twice.
  8. If you have enough disk space, you can save a copy of the existing database (Ntds.dit). For example, if the existing database is c:\windows\ntds\ntds.dit and the compacted database is c:\data\ntds.dit, rename the existing database to ntds.old by typing the following at a command prompt: move c:\windows\ntds\ntds.dit ntds.old, and then pressing ENTER. If there is not enough space on a single volume to hold two copies of the database, type a path to a volume or shared network resource that has enough space. For example, type move c:\windows\ntds\ntds.dit f:\backup\ntds.old, and then press ENTER.
  9. Next, move the compacted database to the location of the previous database. Continuing with the previous example, type move c:\data\ntds.dit c:\windows\ntds\ntds.dit, and then press ENTER.
  10. Delete the log files, as indicated after the compaction routine completes. For example, if your Ntds.dit database is in the c:\windows\ntds folder, type del c:\windows\ntds\*.log, and then press ENTER.
  11. Type net start ntds, and then press ENTER. If you disabled the password protected screen saver, you can enable it after the NTDS service has started.

When you confirm that the domain controller is functioning properly, you can delete the renamed database. For example, if the Ntds.old database is located in the c:\Windows\NTDS folder, open a command prompt, type del c:\Windows\NTDS\ntds.old, and then press ENTER to delete the old renamed database. If the domain controller does not function normally when you start the NTDS service, you can stop the NTDS service and replace the Ntds.dit database with the Ntds.old database. For example, you can type move f:\backup\ntds.old c:\windows\ntds\ntds.dit, and then press ENTER. If compacting the database does not resolve the error condition, you may have to restore the database from backup media.

Restore the Active Directory database from backup media

To restore the Active Directory database from backup media, you need the Directory Services Restore Mode password. If you do not know the Directory Services Restore Mode password, you can reset it by using the Ntdsutil tool and the steps in article 322672 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkID=95915).

To restore the Active Directory database from backup media:

  1. At a command prompt that you opened as administrator, type bcdedit /set safeboot dsrepair, and then press ENTER.
  2. Restart the domain controller.
  3. At the Windows logon screen, click Switch User.
  4. Click Other User.
  5. Type .\administrator as the user name, type the Directory Services Restore Mode password for the server, and then press ENTER.
  6. Click Start, in Start Search type cmd, and then press ENTER.
  7. At the command prompt, type wbadmin get versions -backuptarget:targetDrive:, and then press ENTER. Substitute the location of the backup that you want to restore for targetDrive.
  8. Identify the version of the backup that you want to restore. You must enter this version exactly in the next step.
  9. At the command prompt, type **wbadmin start systemstaterecovery -version:**dateTime -backuptarget:targetDrive:-quiet, and then press ENTER. Substitute the version of the backup that you want to restore for dateTime and the volume that contains the backup for targetDrive.
  10. At a command prompt, type bcdedit /deletevalue safeboot, and then press ENTER.
  11. After the recovery operation completes, restart the domain controller.

Note: There is no need to attempt an authoritative restore because the schema cannot be restored with an authoritative restore.

Verify

To verify that the schema is in a consistent state, complete the following procedures:

  1. Ensure that the domain controllers synchronize their directory data by starting Active Directory replication.
  2. Enable diagnostic logging for the schema.
  3. Update the schema cache.
  4. Verify that the schema was updated successfully by using Event Viewer.

To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

Start Active Directory replication

To start Active Directory replication:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command **repadmin /syncall /user:**domain\user **/pw:**password. Substitute the appropriate domain name, user name, and password for domain, user, and password, respectively. The command output indicates whether synchronization started successfully.

Enable diagnostic logging for the schema

To verify a successful update of the schema, you can enable diagnostic logging for the schema. When you enable diagnostic logging, a schema update produces Event ID 1582 in the Directory Service log of Event Viewer. To enable diagnostic logging for the schema, you must edit the registry.

To enable diagnostic logging for the schema:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

  1. Open Registry Editor. To open Registry Editor, click Start. In Start Search, type regedit, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics, in the left pane, right-click the 24 DS Schema value, and then click Modify.
  3. Type 1 or higher (up to 5) for Value data to enable diagnostic logging for the schema. The higher the value, the more information is reported to the Directory Service log. Click OK.

Update the schema cache

To update the schema cache:

  1. Create a file to force a schema cache update using Ldifde.exe. Create a new text file named SchemaUp (SchemaUp.txt, if you are viewing file extensions) in a folder location that is convenient for you to access.

  2. Copy the following five lines of text and paste them as the contents of the SchemaUp.txt file.

    dn:

    changetype: modify

    add: schemaUpdateNow

    schemaUpdateNow: 1

    -

  3. After you paste the text into the file, ensure that there are no line breaks (carriage returns) between each line of text. If there are, delete the empty lines. Ensure that you have a hyphen as the last line of text in the file.

  4. Save the file.

  5. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  6. At the command prompt, type ldif -i -f SchemaUp.txt, and then press ENTER. If necessary, type the file path to the text file that you saved. For example, if you saved the file in the Documents folder of an account named Administrator, type ldifde -i -f "c:\users\administrator\documents\schemaUp.txt", and then press ENTER.

Verify that the schema cache was updated successfully by using Event Viewer

To verify that the schema cache was updated successfully by using Event Viewer:

  1. Open Event Viewer. To open Event Viewer, click Start. In Start Search, type eventvwr.msc, and then press ENTER.
  2. Expand Applications and Services Logs, and then click Directory Service.
  3. Look for Event ID 1582, which confirms that the schema cache was reloaded successfully. If you do not see the event, click Find, type 1582, and then click Find Now. Event 1582 confirms that the schema cache was updated.
  4. Confirm that there are no Critical, Error, or Warning events that are related to the schema that occurred after the schema cache update. To locate events that are related to the schema, click Find, type DS Schema, and then click Find Next.
  5. Continue to click the Find Next button and review each event until you have verified that there are no Critical, Error, or Warning events that occurred after the schema cache update.

When you confirm that the schema cache was updated, you may no longer need diagnostic logging for schema events. To disable diagnostic logging for schema events, use the Reg command to set the 24 DS Schema value to 0. To set the value of 24 DS Schema to 0, at a command prompt, type the following command, and then press ENTER:

Reg Add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v "24 DS Schema" /t REG_DWORD /d 0

The number after /d indicates the value, in this case, the logging level. For example, to set the logging level to 1, change /d 0 to /d 1 in the previous command.

To learn more about the Reg command syntax and options, at a command prompt, type Reg /?, and then press ENTER.

Schema Operations

Active Directory