Error "The parameter is incorrect" Attempting to Import LDF File for Authoritative Restore

Article translations Article translations
Close Close
Article ID: 2014074 - View products that this article applies to.
Expand all | Collapse all

Symptoms

When Active Directory objects on a domain controller are deleted or become corrupted, you may have to restore them using a system state backup that contains the Active Directory database. You may then have to use the Ntdsutil.exe tool to mark the restored versions of these objects as authoritative.

On a domain controller that is running at least Windows Server 2003 with Service Pack 1 or later Windows versions, the Ntdsutil tool writes back links for the objects that are restored authoritatively into LDF files.

 If you have enabled credential roaming for some users which need to be restored, following error may occur:

ldifde -i -k -f ar_xxxx.ldf
Connecting to "dc01.contoso.com"
Logging in as current user using SSPI
Importing directory from file "ar_20090710-084606_links_adb.contoso.com.ldf"
Loading entries...............................
Add error on line <xxx>: Invalid Syntax
The server side error is "The parameter is incorrect."
28 entries modified successfully.
An error has occurred in the program
No log files were written.  In order to generate a log file, please specify the log file path via the -j option.

Cause

The problem is caused by an incorrect format of the LDF file created when doing the authoritative restore in the Ntdsutil tool. 

The LDF file contains a syntax error in line modifying following attributes:

  • msPKIDPAPIMasterKeys
  • msPKIAccountCredentials
  • msPKIRoamingTimeStamp

 These attributes can be found on user objects, where credential roaming is enabled.

Resolution

You can use the following script to remove the msPKI attributes that are causing the problem from the LDF file. 

---- remove_msPKI_entries.vbs ----

Const forReading = 1
Const forWriting = 2
Const insideEntry = 0
Const foundNewEntry = 1
Dim  deleteEntry
Dim  strNextLine
Dim  state
Dim state1
Dim  strPath
Dim  strLdifdeFileName
Dim  strLdifdeFileFullPath
Dim  strNewLdifdeFileName
Dim strNewLdifdeFileFullPath
Dim  strtempFileName
Dim strtempFileFullPath
If wscript.Arguments.Count <> 2 Then
 wscript.echo( "=======================================================================================" )
 wscript.echo( "Usage: cscript remove-msPKI-attrs.vbs <old_ldifde_back_links_file> <new_ldifde_back_links_file>" )
 wscript.echo( "" )
 wscript.echo( "Example: cscript remove-msPKI-attrs.vbs ar_20091102-135937_links_mydom.com.ldf new_ar_20091102-135937_links_mydom.com.ldf")
 wscript.echo( "" )
 wscript.echo( "msPKIDPAPIMasterKeys, msPKIAccountCredentials, msPKIRoamingTimeStamp back links will be deleted from")
 wscript.echo( "<old_ldifde_back_links_file> and remaining entries will be written into <new_ldifde_back_links_file>" )
 wscript.echo( "" )
 wscript.echo( "NOTE: If <new_ldifde_back_links_file> is already existing in current directory... its contents will be overwritten" )
 wscript.echo( "=======================================================================================" )
 wscript.Quit -1
End If 
Set objFSO    =  CreateObject("Scripting.FileSystemObject")
'All the files assumed to be in current directory
strPath    = "."
strLdifdeFileName   = wscript.Arguments(0)
strLdifdeFileFullPath  = objFSO.BuildPath(strPath, strLdifdeFileName)

strNewLdifdeFileName   = wscript.Arguments(1)
strNewLdifdeFileFullPath = objFSO.BuildPath(strPath, strNewLdifdeFileName)
strtempFileName    = objFSO.GetTempName
strtempFileFullPath  = objFSO.BuildPath(strPath, strtempFileName) 
'Open the given ldifde file for reading
Set objLdifdeFile  = objFSO.OpenTextFile( strLdifdeFileFullPath, forReading )
'Open a temporary file for writing
Set objNewLdifdeFile  = objFSO.OpenTextFile( strNewLdifdeFileFullPath, forWriting, true ) 
state =   foundNewEntry
Do Until objLdifdeFile.AtEndOfStream
 
 strNextLine  = objLdifdeFile.Readline
 If state = foundNewEntry Then
  state   = insideEntry
  set objtempFile  =  objFSO.OpenTextFile( strtempFileFullPath, forWriting, true)
 End If
 objtempFile.WriteLine( strNextLine ) 
 If StrComp( strNextLine, "-" ) = 0 Then
  state   = foundNewEntry
  objtempFile.Close
  set objtempFile =  objFSO.OpenTextFile( strtempFileFullPath, forReading )
  state1    = foundNewEntry
  deleteEntry  = 0
  Do Until objtempFile.AtEndOfStream
   strNextLine = objtempFile.ReadLine
   If state1 = insideEntry Then
    state1  = foundNewEntry
    If Instr( strNextLine, "msPKIDPAPIMasterKeys") <> 0 Then
     deleteEntry  = 1
    ElseIf Instr( strNextLine, "msPKIAccountCredentials" ) <> 0 Then
     deleteEntry  = 1
    ElseIf Instr( strNextLine, "msPKIRoamingTimeStamp" ) <> 0 Then
     deleteEntry  = 1
    End If
   ElseIf InStr( strNextLine, "ChangeType:" ) = 0 Then
    state1  = insideEntry
   End If
  Loop
  objtempFile.Close
  set objtempFile  =  objFSO.OpenTextFile( strtempFileFullPath, forReading )
  If deleteEntry = 0 Then
   Do Until objtempFile.AtEndOfStream
    StrNextLine   =  objtempFile.ReadLine
    objNewLdifdeFile.WriteLine( strNextLine )
   Loop
  End If
  objtempFile.Close
  objFSO.DeleteFile( strtempFileFullPath )
 End If
Loop
objLdifdeFile.Close
objNewLdifdeFile.Close 

--------

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2014074 - Last Review: March 11, 2010 - Revision: 5.0
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Windows Server 2008 Enterprise
  • Windows Server 2008 R2 Enterprise
Keywords: 
KB2014074

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com