Active Directory database corruption

Below are a few common causes behind the NTDS database corruption:
================================================
- Hard disk failure (Bad sectors).
- ‘Disk write caching’ enabled on the disk.
- Dirty (unexpected) shutdown of the server.
- Realtime Antivirus scanning of the NTDS database and transaction log files.
- Large fragmented database.
- Drive containing the NTDS database is compressed.
- Some activity other than the ones above that would prevent the transactional changes to be written to the local copy of the Active Directory database.
- The NTFS file system permissions on the NTDS folder or the root drive is too restrictive.

Below are the events reported in the eventlog that would indicate a NTDS database issue. You can use this with your monitoring software to detect any NTDS database corruption issue.

Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2108
Description: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller.
8409 A database error has occurred.

Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1084
Description: This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object.

Event Type: Error
Event Source: NTDS ISAM
Event Category: Database Corruption
Event ID: 467
Description: NTDS (540) NTDSA: Index INDEX_0009028F of table datatable is corrupted (0). or index INDEX_0009039a

Basic troubleshooting:
================

1. In DSRM mode, check the integrity of the Active Directory database. To do this, type "ntdsutil files integrity" at the command prompt.

If the integrity check indicates no errors, restart the domain controller in normal mode. If the integrity check does not finish without errors, continue to the following steps.

2. In DSRM mode, perform a semantic database analysis. To do this, type the following command at the command prompt, including the quotation marks:
'ntdsutil "sem d a" go'

3. If the semantic database analysis indicates no errors, continue to the following steps. If the analysis reports any errors, type the following command at the command prompt, including the quotation marks:
'ntdsutil "sem d a" "go f"'

4. Perform an offline defragmentation of the Active Directory database, KB 232122 (http://support.microsoft.com/kb/232122/ ).

Reboot into normal mode again and check if the database is good. if error continue or it does not allow you to login to thr normal mode then do any one o fthe following.

5. Restore from a latest system state backup when there were no errors related to NTDS corruption.

6. Demote and repromote the domain controller.
KB232122 (http://support.microsoft.com/kb/232122/ ) Performing offline defragmentation of the Active Directory database

References:
========
"Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller
http://support.microsoft.com/?id=258062

Issues with Jet Databases on Compressed Drives
http://support.microsoft.com/?id=318116

Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?id=837932

An "Event ID 467" database corruption error may be intermittently logged in the Directory Services event log on a Windows Server 2003-based domain controller
http://support.microsoft.com/?id=902396

Event ID 1539 " Database integrity
http://technet.microsoft.com/en-us/library/dd941847(WS.10).aspx

- Aby