Recovering corrupt domain controller (0xc00002e2)

While using a 2016 domain controller at work in a system where it was the sole controller, it corrupted during a move. The server would boot to the 0xc00002e2 stopcode. This is caused by corrupt transaction logs, it was likely abruptly powered off. My first reaction is off course extreme dismay, but I had done this once before, so I know it was fixable.

I found this great article, though it was slightly flawed, these are more concise notes.

To get Server 2016 into the special "Directory Services Restore Mode (DSRM)" mode, you need to get into the recovery menu. Interrupting boot twice will load you to the recovery menu. Choose Troubleshoot -> Start Up Settings -> Restart. Once booted into the recovery select "Directory Services Repair Mode"

Load up an admin command prompt and follow below.

To check the integrity of your database, this should fail with "CORRUPTED", it is the reason you are here.

ESENTUTL /g C:\windows\NTDS\ntds.dit /!10240 /8 /o

To attempt a soft reset use the below, this apparently fails more often that it works.

NTDSUTIL
Activate Instance ntds
Files
info
Recover

Quit all the way back to your C:\ prompt. Next you check your log files, this will say CORRUPT as well.

ESENTUTL /ml c:\windows\ntds\edb

Now you will need to navigate into C:\Windows\NTDS and append .bak to every .log file there, this is the first step of a hard reset, the second step is the next command.

Warning: Upon successful completion, ESENTUTL /p returns the database to the state of its last committed transaction. Recent changes may be lost; for this reason a full System State restore from daily backup is the best-practice method of recovering an AD server.

ESENTUTL /p C:\Windows\NTDS\ntds.dit /!10240 /8 /o

Run our first command to check the new health

ESENTUTL /g C:\Windows\NTDS\ntds.dit /!10240 /8 /o

Another check

NTDSUTIL
Activate Instance ntds
sem data ana
go

If a problem is detected (I did not have one) run go fix in the same prompt