none
Running Lingering Object Liquidator Tool in large environment

Answers

  • Hi

     You can use the tool safety.Also you can check the domain for lingering objects with "repadmin" command.

    Check these related articles;

    Information about lingering objects in a Windows Server Active Directory forest

    https://support.microsoft.com/en-us/help/910205/information-about-lingering-objects-in-a-windows-server-active-directory-forest

    How to Detect and Remove Lingering Objects from an Active Directory Domain Controller

    http://www.dell.com/support/Article/tr/tr/trbsdt1/SLN283355/EN

    Use Repadmin to Remove Lingering Objects

    https://technet.microsoft.com/tr-tr/library/cc794840%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Wendy JiangModerator Friday, February 10, 2017 8:26 AM
    • Marked as answer by weedee Thursday, March 9, 2017 7:08 AM
    Monday, February 6, 2017 5:15 PM

All replies

  • Hi

     You can use the tool safety.Also you can check the domain for lingering objects with "repadmin" command.

    Check these related articles;

    Information about lingering objects in a Windows Server Active Directory forest

    https://support.microsoft.com/en-us/help/910205/information-about-lingering-objects-in-a-windows-server-active-directory-forest

    How to Detect and Remove Lingering Objects from an Active Directory Domain Controller

    http://www.dell.com/support/Article/tr/tr/trbsdt1/SLN283355/EN

    Use Repadmin to Remove Lingering Objects

    https://technet.microsoft.com/tr-tr/library/cc794840%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Wendy JiangModerator Friday, February 10, 2017 8:26 AM
    • Marked as answer by weedee Thursday, March 9, 2017 7:08 AM
    Monday, February 6, 2017 5:15 PM
  • Thank you Burak,

    I still have questions.

    If I would use repadmin /removelingeringobjects /advisory_mode command to check for existence of lingering objects in my forest, on which Domain Controller I should run the command? Which DC should be the source and which destination? I'm bit of a lost here because we have several Domain Controllers.

    Strict Replication Consistence is not enabled on any DC.

    Tuesday, February 7, 2017 9:06 AM
  • Hi

     When you perfrom "repadmin /showrepl" you can find the problematic DC's.Then you can run "repadmin /showrepl DomainControllerName" to find the guid of that problemtic DC.

    repadmin /removelingeringobjects /<ServerName> (DC has lingering objects) <ServerGUID>(The GUID of a domain controller that has an up-to-date) DirectoryPartition (The distinguished name of the domain directory partition that might have lingering objects. For example, DC=RegionalDomainName,DC=ForestRootDomainName,DC=com)
    You should perfrom these every domain controller that might have lingering objects..

    also check this for details; https://redmondmag.com/articles/2014/08/08/repadmin-for-ad-troubleshooting.aspx


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, February 7, 2017 10:43 AM
  • Just ran repadmin /showrepl * /csv and it shows zero errors.

    Please correct me, if I'm wrong but if Strict Replication Consistency is not enabled on DCs (like in my forest) you will never see errors on repadmin, correct? If lingering objects happen to exist on some DC, rest of the DCs will happily replicate those objects to themselves.

    In case this is correct, lingering objects must be searched by some alternative method on forest where Strict Replication Consistency is not enabled.


    • Edited by weedee Tuesday, February 7, 2017 11:24 AM
    Tuesday, February 7, 2017 11:21 AM
  • Dear,

    Download the active directory replication status tools from the below site

    https://www.microsoft.com/en-in/download/details.aspx?id=30005

    It will scan your entire domain for all the partition. if it shows any error with error id 8606, 1988, 1388. Lingering objects presents on that particular DC.

    Run the advisory mode on the affected DC.

    Thanks

    Syed Abdul Kadar M.


    Thanks Syed Abdul Kadar M. Dont forget to mark as Answered if you found this post helpful.

    Tuesday, February 7, 2017 12:45 PM
  • Just ran repadmin /showrepl * /csv and it shows zero errors.

    Please correct me, if I'm wrong but if Strict Replication Consistency is not enabled on DCs (like in my forest) you will never see errors on repadmin, correct? If lingering objects happen to exist on some DC, rest of the DCs will happily replicate those objects to themselves


    Actually If strict replication consistency is not enabled on DC, lingering objects can be replicated to this domain controller.And yes you should enable " strict replication consistency " to find lingering objects on DC.also the recommendation is always enable strict replication consistency on DC's.

    And as an alternaive,you can use Liquidator tool to remove lingering objects if you cannot use repadmin to find the ling.Objc.(which dc strict replication consistency is disabled)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, February 7, 2017 6:42 PM
  • Scanning all my directory partitions on all 36 DCs would have been exhaustive task. So I ended up using Lingering Object Liquidator and I left Reference and Target DC selections empty. It took couple of hours to run and it detected couple of thousand lingering objects. There was no performance issues with our DCs. Thanks Burak!

    Thursday, March 9, 2017 7:14 AM