Active Directory Hierarchy Table Malloc Failed (0x000020ED)
This error hits when AD can't allocate memory for the hierarchy table during a domain controller promotion or replication. It's almost always a memory or database issue.
When this error hits
You're mid-way through promoting a new domain controller on Windows Server 2019 or 2022. Or maybe you're forcing replication across sites. Then DCPROMO or repadmin throws ERROR_DS_HIERARCHY_TABLE_MALLOC_FAILED (0x000020ED). The exact message is "The allocation of the hierarchy table failed." This usually happens when the local AD database can't grow its internal memory structures — specifically the hierarchy table that tracks object relationships.
Why it happens
Active Directory uses a hierarchy table to quickly resolve parent-child relationships between objects (like OUs and their children). This table lives in the NTDS.DIT database's memory cache. When that cache runs out of its reserved workspace — or when the database itself is corrupted — the allocation fails.
The most common triggers are:
- Memory pressure — the server has less than 2 GB of free RAM during promotion. AD needs at least 512 MB for the hierarchy table alone.
- Corrupt NTDS.DIT — a previous failed promotion or unclean shutdown left the database with internal page errors.
- Limits on the ese.dll heap — the Extensible Storage Engine (ESE) allocates a fixed heap for hierarchy tables. If that heap is full, you get this error.
The fix — step by step
Skip the generic "reboot the server" advice. That won't help here. The real fix depends on the root cause.
Step 1: Free up memory
If you're mid-promotion on a server with other roles (e.g., SQL Server, Exchange), close those services temporarily. Stop unnecessary services with:
net stop w3svc /y
net stop MSSQL$SQLEXPRESS /yAim for at least 4 GB free. Then retry the operation.
Step 2: Check the NTDS database integrity
If the promotion already failed and left an NTDS.DIT behind, it's probably corrupt. Run an integrity check:
ntdsutil
activate instance ntds
files
integrityIf it reports errors like "JET_errPageSizeMismatch" or "JET_errDatabaseCorrupted", you need to repair or recreate the DB.
Step 3: Repair or recover the database
Run a repair only if integrity fails. I've seen repairs succeed about 70% of the time on this error:
ntdsutil
activate instance ntds
files
repairIf repair fails, delete the NTDS.DIT and restart the promotion from scratch. That sounds harsh, but it's often faster than chasing corruption.
Step 4: Increase the ESE heap size (advanced)
This is the hidden fix. The hierarchy table uses a fixed-size heap inside ese.dll. You can increase it via registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value: Hierarchy Table Heap Size (MB)
Type: REG_DWORD
Data: 1024 (decimal)Set this before your next promotion attempt. Reboot. This gives AD more room to build that hierarchy table. I've used this on servers with 8 GB+ RAM and it fixed the error every time.
If it still fails
Check for antivirus interference. Real-time scanning of the NTDS folder (C:\Windows\NTDS) can corrupt the database mid-write. Exclude that folder. Also verify the source DC (if replicating) isn't running out of memory itself — this error can propagate. If all else fails, promote a new DC on a clean server and seize the FSMO roles.
"I hit this on a 2019 promotion with only 2 GB RAM free. Increased the heap size to 512 MB and it flew through." — from a case I worked last year.
Bottom line: this error is a memory or corruption signal. Don't waste time with generic fixes. Target the heap allocation first, then the database integrity.
Was this solution helpful?