Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-ADDBAccount - There was a problem reading the Database which probably comes from a different OS #181

Open
Phancypants opened this issue May 10, 2024 · 1 comment
Open

Get-ADDBAccount - There was a problem reading the Database which probably comes from a different OS #181

Phancypants opened this issue May 10, 2024 · 1 comment
Labels
question

Comments

@Phancypants
Copy link

I've been trying to get DSInternals working to perform some password auditing but have encountered this error and am unsure where to go from here.

I started by creating a Shadow copy of the C: drive on my DC which is running Server 2016 datacenter and copied the ntds.dit file from the shadow copy.

I then extracted the system hive from the DC using the command reg save HKLM\SYSTEM

I copied both files to my Widows 10 computer and ran the following:

$key = Get-Bootkey -SystemHiveFilePath C:\temp\sys
Get-ADDBAccount -All -BootKey $key -DBPath C:\Temp\ntds.dit

Which resulted in this error:
Get-ADDBAccount : There was a problem reading the database, which probably comes from a different OS. Try defragmenting it first by running the 'esentutl /d ntds.dit' command.
At line:1 char:1

  • Get-ADDBAccount -All -BootKey $key -DBPath C:\Temp\ntds.dit
  •   + CategoryInfo          : OpenError: (:) [Get-ADDBAccount], InvalidDatabaseStateException
  + FullyQualifiedErrorId : DBContextError,DSInternals.PowerShell.Commands.GetADDBAccountCommand

I defragged the database as suggested and tried again with the same results. I have also attempted this on a system running server 2016 datacenter and another system running server 2022 but all attempts have resulted in the same error.

I saw a suggestion that the system hive should be exported from the same shadow copy as the ntds.dit file so I tried that but when I tried to use this as the bootkey it gave me an error that the registry database is corrupt

PS C:\Windows\system32> $key = Get-Bootkey -SystemHiveFilePath C:\temp\SYSTEM
Get-Bootkey : The configuration registry database is corrupt
At line:1 char:8

  • $key = Get-Bootkey -SystemHiveFilePath C:\temp\SYSTEM
  •    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : NotSpecified: (C:\temp\SYSTEM:String) [Get-BootKey], Win32Exception
    • FullyQualifiedErrorId : GetBootKey_Win32Error,DSInternals.PowerShell.Commands.GetBootKeyCommand
@MichaelGrafnetter
Copy link
Owner

MichaelGrafnetter commented May 12, 2024
edited

Hello @Phancypants , you are describing 2 independent problems:

  • One is with the SYSTEM registry hive, for which you also need transactional log files when you copy it out from a shadow copy.
  • The other issue is with opening the AD database, for which you again need the corresponding transactional logs. And it really can only be opened on the same Windows build on which it was created, as Microsoft changes the database format with each Windows version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelGrafnetter @Phancypants