Sometimes your Active directory database gets corrupt and you may not be able to get inside a domain controller in normal mode. You may get following error before logon “Just before Log on screen should appear I get a error message thats something like this: “…Directory Services cannot start… Please click OK to shutdown the system and reboot into the Directory Services Restore Mode”
If you have a backup you can restore DB from backup, but what if you don’t have a backup?? In case of single domain controller you can not do anything, it’s all gone. But if you have another DC which is having a good copy of AD and is running fine, you can try this:
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Important Follow these steps only as a last resort if the domain controller cannot start in normal mode.
To remove Active Directory from a domain controller, follow these steps:
- Restart the computer, and then press F8 to display the Windows 2000 Advanced Options menu.
- Choose Directory Services Restore Mode, press ENTER, and then press ENTER again to continue restarting.
- Modify the ProductType entry in the registry. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate the following registry subkey:
- In the right-pane, double-click ProductType.
- Type ServerNT in the Value data box, and then click OK.
Note If this value is not set correctly or is misspelled, you may receive the following error message:System Process – License Violation: The system has detected tampering with your registered product type. This is a violation of your software license. Tampering with product type is not permitted.
- Quit Registry Editor.
- Restart the computer.
- Log on with the administrator account and password that is used for Directory Service Repair mode.
The computer will behave as a member server. However, there are still some remaining files and registry entries on the computer that are associated with the domain controller.
- Start Registry Editor and locate the following registry entry:
If there is an entry for Src Root Domain Srv, right-click the value and then click Delete. This value must be deleted so that the domain controller sees itself as the only domain controller in the domain after promotion.
Important The above step is critical. Without it the re-promotion into the temporary AD forest will not complete and you will not be able to log on to the domain controller.
- Remove the remaining files and registry entries. To do this, follow these steps:
- Start the Active Directory Installation Wizard.
- Install Active Directory to make the computer a domain controller for a new, temporary domain, such as “psstemp.deleteme.”
Note Make sure that you make the computer a domain controller in a different forest.
- After you install Active Directory, start the Active Directory Installation Wizard again, and then remove Active Directory from the domain controller.
- After you remove Active Directory from a domain controller, remove metadata that is left in the domain. For more information about how to remove this metadata, click the following article number to view the article in the Microsoft Knowledge Base:
216498 (http://support.microsoft.com/kb/216498/ ) How to remove data in Active Directory after an unsuccessful domain controller demotion
You can find Original Microsoft KB article at : http://support.microsoft.com/kb/332199