As I prepare to plan for a infrastructure upgrade for a client, I decided to build a small lab environment to do some tests with directory services restoration as it’s been years since I’ve had to do a restore and seeing how most projects never seem to go as anticipated, I figure it would be best to be as prepared as I could through this refresher exercise. While performing test restores with my two test domain controllers, I noticed an odd error message that I would continuously receive when using the NTDSUtil command to mark OUs, objects or partitions as authoritative when I execute it in the Windows Support Tools directory. The following is the prompt with the error is what I would receive:
ntdsutil.exe – Unable To Locate Component
This application has failed to start because SAMSRV.dll was not found. Re-installing the application may fix this problem.
C:\Program Files (x86)\Support Tools>ntdsutilntdsutil: authoritative restore
authoritative restore: restore database
Opening DIT database...
Failed to recover database from external backup. Error 0x7f(The specified procedure could not be found.).
Authoritative Restore failed.
Error 8000ffff parsing input - illegal syntax?
I originally didn’t know what was causing this because I would try rebooting the server, complete a restore of the system state again, execute ntdsutil with an authoritative restore command and it would work. Performing some searches on Google returned some results that lead me to the following Symantec KB:
Though I went ahead to try and delete this key, the restore would continuously fail.
It was not until after going through this process 5 to 6 times that I noticed that it would fail whenever I executed the ntdsutil.exe command in the C:\Program Files (x86)\Support Tools folder. The following screenshot is when I executed the command in a regular Windows Command Prompt successfully:
Note: I understand that the example above shows I restored a the domain partition but take my word that the difference doesn’t matter and that the reason why it worked was because I wasn’t in the support tools folder.
I’m not sure if this problem is specific to the server OS I used but just in case you’re encountering the same issue as I did, the following is the information about the domain controller:
Server OS: Windows Server 2003 R2 64-bit
Service Pack: SP2
Hotfixes and Updates installed: All patches installed up to April 22, 2011
Forest Functional Level: Windows 2003
Domain Functional Level: Windows 2003
Restoring Active Directory no matter the whole database, OUs, objects or partitions is always nerve racking so I hope this post will be able to help anyone who may encounter this problem during a restore.