Skip to main content

Directory Services Cannot Start) After Restoring NTDS & SYSVOL on a Single DC


This guide explains how to recover from the Windows Server Blue Screen:

STOP CODE: 0xC00002E2
STATUS_DS_INIT_FAILURE

This typically occurs when:

  • ntds.dit was restored manually
  • SYSVOL was restored manually
  • BurFlags may have been set
  • The server was freshly promoted as a new DC
  • The NTDS database state does not match the system registry metadata

On a single domain controller, this issue is fully recoverable using an NTDS hard repair.

⚠️ Requirements

This procedure is safe ONLY when:

  • You have a single Domain Controller (no other DCs in the domain)
  • There is no AD replication to other servers

If you have more than one DC, stop here — this procedure can cause USN rollback in multi-DC environments.

1. Boot into Directory Services Restore Mode (DSRM)

  1. Restart the domain controller.
  2. During system startup, press F8 (or use your hypervisor / cloud console “Send F8” function).
  3. Select: 
    Directory Services Restore Mode
  4. Log in using the DSRM password (set when the DC was promoted).

2. Perform a Hard Repair of NTDS.dit

Open Command Prompt (Administrator) while in DSRM and run:

esentutl /p "C:\Windows\NTDS\ntds.dit"

You will be prompted:

Proceed with repair (Y/N)?

Type:

Y

This performs a “hard repair” of the AD database. This is only safe because this is a single DC domain.

3. Run an Integrity Check

Still in DSRM, run:

esentutl /g "C:\Windows\NTDS\ntds.dit"

Expected output should end with something similar to:

Integrity check successful

If errors appear, stop and record the output before proceeding.

4. (Optional but Recommended) Defragment the Database

Defragmenting the database can reclaim space and further clean up after the repair:

esentutl /d "C:\Windows\NTDS\ntds.dit"

Wait for the operation to complete before continuing.

5. Clean Up NTDS Log Files

Navigate to the NTDS folder:

C:\Windows\NTDS

Delete only the following file types:

  • *.log
  • *.jrs
  • edb.chk

Do NOT delete:

  • ntds.dit
  • temp.edb
  • any other *.dit files
  • any *.jfm files

Removing the log and checkpoint files ensures AD does not try to reuse invalid transaction logs after the repair.

6. Reboot the Server Normally

Restart the server in normal mode:

shutdown /r /t 0

Expected outcome:

  • The server boots normally (no more STOP 0xC00002E2)
  • The Active Directory Domain Services service starts
  • You can log in normally with a domain account

7. Verify SYSVOL and NETLOGON Shares

After logging in, open Command Prompt and run:

Back to top