none
Active Directory Domain Services Error Eventlog

    Question

  • Hi,

       i am using windows small business server 2008 as domain controller. users changed password is not replicating in client machines. i have notice eventlog error 1864 in the server. i have one unused ad SVRWIN01 which i have not used is this the reason for the issue. below is the error log. Kindly please help

    This is the replication status for the following directory partition on this directory server. 
     
    Directory partition:
    DC=ForestDnsZones,DC=thinci-edh,DC=local 
     
    This directory server has not recently received replication information from a number of directory servers.  The count of directory servers is shown, divided into the following intervals. 
     
    More than 24 hours:

    More than a week:

    More than one month:

    More than two months:

    More than a tombstone lifetime:

    Tombstone lifetime (days):
    180 
     
    Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. 
     
    To identify the directory servers by name, use the dcdiag.exe tool. 
    You can also use the support tool repadmin.exe to display the replication latencies of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>". 
    Monday, April 17, 2017 5:11 AM

All replies

  • Hi,

    According to your description, my understanding is that user password failed to be synced with event id 1864 logged.

    >one unused ad SVRWIN01 which i have not used is this the reason for the issue.
    Have you removed this DC from your SBS domain? 

    Removing a Domain Controller from a Domain:
    https://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

    On your SBS/DC, please open CMD and type “dcdiag” to analyzes the state of domain controller.

    On SBS, make sure that only DCs which are in used are listed in below location:
    1. Server Manager - Tools - Active Directory Users and Computers - Expand the Domain - Domain Controllers
    2. Server Manager - Tools - Active Directory Sites and Services - Expand the Site - Servers

    Besides, try to slean up metadata using ntdsutil. Open CMD, type below commands and each line end with enter:
    Ntdsutil
    metadata cleanup
    remove selected server <servername - SVRWIN01 which is not used>

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 18, 2017 9:01 AM
    Moderator
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 21, 2017 7:35 AM
    Moderator