I had some issues with my Primary Domain Controller last night. It blue screened and after restarting began a chkdsk. After some work, I was able to get the server back online and everything appears to be functional, but I am getting Event id 467 logs on it.
NTDS (748) NTDSA: Database C:\Windows\NTDS\ntds.dit: Index
DRA_USN_CRITICAL_index of table datatable is corrupted (0).
My other DC (I only have 2) does not display these logs and replication I believe is working.
I'm not sure where to go from here. Should I transfer roles to my secondary DC to make it my primary and then demote and promote the DC that is spitting out logs?
I also found this blog post about someone who had corruption on a secondary DC and was able to fix it: https://www.emmanuelrached.com/2014/11/20/dc-failing-due-to-corrupt-ntds-db/ It involves defragmenting the corrupted indexes and creating a new ntds.nit file. Is this something I should try?
I also have nightly full server backups that I can try to restore. Although I tried to do this last night and Windows Recovery couldn't find my .vhdx file even though I know it was there.
I'm really not sure what caused this. It is running on a VM and all hardware on the host looks good. No other VMs are having issues. I did recently install Microsoft Identity Management on it which I know is not recommended on a DC, but it shouldn't have caused this mess…
Best Answer
There's no such things as Primary of Secondary Domain Controllers. Those concepts died with Windows NT. All moderns DCs are multi-master peers.
Because of this, I wouldn't waste time trying to repair this specific error. I'd transfer the Operations Master roles, demote the failed DC, and remove it from the domain and spin up a fresh server to replace it.