Please note that ESENTUTL is doing a lossy repair. This kind of repair fixes corruption by deleting data from the database. You should only use this kind of repair as a last resort.
Furthermore, Microsoft does not support domain controllers after Esentutl is used to recover from Active Directory database corruption. If you perform this kind of repair, you must rebuild the domain controller for Active Directory to be in a supported configuration.
You should attempt all other available methods before consider using ESENTUTL:
1. Run “ntdsutil files integrity” Check the integrity of the Active Directory database
2. Perform a semantic database analysis using ntdsutil
3. If there are other functional domain controllers in the same domain, remove Active Directory from the server, and then reinstall Active Directory.
4. Restore from system state backup
5. If no system state backup is available, and there are no other healthy domain controllers in the domain, we recommend that you rebuild the domain by removing Active Directory and then reinstalling Active Directory on the server, creating a new domain.
Restart the Server – Press F8 – Enter Directory Services Restore Mode
Log into the server
Open a Command Prompt and change to the C:\Windows\ntds directory
Run an Integrity Check on the database before doing the actual repair
The command is: esentutl /g ntds.dit
If the Integrity Check fails. Do a repair only as a last resort.
The command is: esentutl /p ntds.dit
Click OK on the Warning Prompt
Wait while the database is repaired
Reboot the Domain Controller