Event ID - 1136

Event Id1136
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionAD_TERM failed to create an index for the following attribute. Attribute identifier:%1 Attribute name:%2 A schema cache update will occur 5 minutes after the logging of this event and will attempt to create an index for the attribute. Additional Data Error value:%3 %4
Event InformationAccording to Microsoft :
Cause :
This event is logged when the AD_TERM failed to create an index for the attribute.
Resolution :
Compact and restore the database, and undo the index change
A schema cache update occurs automatically after this situation is detected. Check Event Viewer five minutes after this Event ID 1136 is posted, and see if the event recurred. If the event did not recur, the issue is resolved. If the event did recur, restart the computer.
When the computer restarts, check Event Viewer to see if the Event ID 1136 recurred. If the event recurred, there are several additional procedures that you can use to attempt to resolve this issue. After each procedure, check Event Viewer to see if this event continues to be reported. If the event continues to be reported, try the next procedure.
  1. Compact the Active Directory database
  2. Restore the Active Directory database from backup media
  3. Undo the index change for the attribute
Perform these procedures on the computer that is logging the event to be resolved. To compact the Active Directory database or to restore it from backup, you need the Directory Services Restore Mode password. If you do not know the Directory Services Restore Mode password, you can reset it by using the Ntdsutil tool.
To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
Compact the Active Directory database
To compact the Active Directory database:
Note : To compact the Active Directory database, you must have enough free disk space to approximately double the size of the existing database. If you do not have that much room on the existing partition on which Active Directory Domain Services (AD DS) is stored, compact the database to another volume where enough space is available. Before stopping the NTDS service, consider temporarily disabling the password protected screen saver, if it is enabled. If the password protected screen saver starts while the NTDS service is stopped, you will have to restart the computer to log in.
To check the integrity of the database:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type net stop ntds, and then press ENTER.
  3. At the command prompt, type ntdsutil, and then press ENTER.
  4. At the command prompt, type Activate Instance NTDS, and then press ENTER.
  5. At the command prompt, type files, and then press ENTER.
  6. At the command prompt, type compact to folderLocation, and then press ENTER. Substitute a folder location to which you want to create the compacted database for fileLocation.
  7. When the compaction is complete, the command output provides directions for copying the compacted database over the existing database. Type quit, and then press ENTER twice to exit Ntdsutil.
  8. If you have enough disk space, you can save a copy of the existing database (Ntds.dit).If there is not enough space on a single volume to hold two copies of the database, type a path to a volume or shared network resource that has enough space.
  9. Next, move the compacted database to the location of the previous database.
  10. Delete the log files, as indicated after the compaction routine completes.
  11. At the command prompt, type net start ntds, and then press ENTER.Now enable the password protected screen saver, if disabled it earlier.

Restore the Active Directory database from backup media
To restore the Active Directory database from backup media,need the Directory Services Restore Mode password.If do not know the Directory Services Restore Mode password,can reset it by using the Ntdsutil tool
  1. At a command prompt that you opened as administrator, type bcdedit /set safeboot dsrepair, and then press ENTER.
  2. Restart the domain controller.
  3. At the Windows logon screen, click Switch User.
  4. Click Other User.
  5. Type .\administrator as the user name, type the Directory Services Restore Mode password for the server and then press ENTER.
  6. Click Start. In Start Search, type cmd, and then press ENTER.
  7. At the command prompt, type wbadmin get versions -backuptarget:targetDrive:, and then press ENTER. Substitute the location of the backup that you want to restore for targetDrive.
  8. Identify the version of the backup that you want to restore.Must enter this version exactly in the next step.
  9. Type wbadmin start systemstaterecovery -version:dateTime -backuptarget:targetDrive:-quiet, and then press ENTER. Substitute the version of the backup that you want to restore for dateTime and the volume that contains the backup for targetDrive.
  10. Open a command prompt, type bcdedit /deletevalue safeboot, and then press ENTER.
  11. After the recovery operation completes restart the domain controller.
Note : There is no need to attempt an authoritative restore because the schema cannot be restored by using an authoritative restore.
Undo the index change for the attribute
To undo the index change for the attribute:
  1. Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type ADSIEdit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Right-click ADSI Edit, and then click Connect to.
  3. In Select a well known Naming Context, click Schema. The default action of the tool is to connect to the local domain. If you want to connect to another domain or server, you can do that under Computer in the Connection Settings dialog box.
  4. Click OK.
  5. In the console tree, expand Schema.
  6. Click the object name CN=Schema.
  7. In the middle pane, a list of attribute names, classes, and distinguished names appears. Locate the attribute that is referred to in Event Viewer, and double-click it.
  8. In the list of attributes that appears in the attribute's properties, click the searchFlags attribute, and then click Edit.
  9. Set the value to 0 unless you can identify a more appropriate attribute identifier for the configuration.
  10. In the Attribute Editor and the attribute's properties, click OK.
  11. Close ADSI Edit.
  12. Restart the computer.
Reference LinksEvent ID 1136 from Source Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.