locked
Active Directory Replication Problem RRS feed

  • Question

  • Hi All,

    I'm getting the following error on one of my domain cotrollers. So please help me to resolve this error.

    Another directory server has attempted to replicate into this directory server an object which is not present in the local Active Directory Domain Services database. The object may have been deleted and already garbage collected (a tombstone lifetime or more has past since the object was deleted) on this directory server. The attribute set included in the update request is not sufficient to create the object. The object will be re-requested with a full attribute set and re-created on this directory server.

     This event is being logged because the source DC contains a lingering object which does not exist on the local DCs copy of Active Directory Domain Services database and the local DC does *not* have the following registry key enabled to ensure strict replication consistency. Strict replication consistency prevents lingering objects residing on a source DC from re-replicating to a destination DC that has already processed the deletion.  Since this registry key is not set, the object will be re-replicated and recreated in the local Active Directory Domain Services database.

     

     The best solution to this problem is to identify and remove all lingering objects in the forest, starting with the writable and read-only partitions containing the object referenced in this event, and then enable the following registry key to ensure strict replication consistency.

    Regs,

    Sachitha

    Saturday, January 28, 2012 7:08 AM

Answers

All replies

  • The above error in your post is more related to presence of lingering objects in your domain

    Find the related articles below:

    http://support.microsoft.com/kb/870695

    http://technet2.microsoft.com/window....mspx?mfr=true
    http://blogs.dirteam.com/blogs/jorge/archive/2005/11/24/153.aspx

    http://blogs.dirteam.com/blogs/jorge/archive/2006/05/08/Lingering-objects.aspx

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.


    Saturday, January 28, 2012 7:18 AM
  • If you have multiple DC in the network you can demote & re-promote the DC containing lingering object.Sometimes its difficult to remove lingering object either using repadmin /removelingeringobjects or other tool & easiest way to deal with such issues is demote & re-promote the DC. If lingering objects spreads int the domain then its more difficult to tackle them. Demote & promote is the best solution.

    From the log it clear that lingering object is present.check the directory service on the DC event id 1988(Source:NTDS replication) will be logged.

    The DC which is not having the above event is having lingering object.

    To remove lingering object refer below link.
    http://sandeshdubey.wordpress.com/2011/10/09/how-to-find-and-remove-lingering-objects-in-active-directory/

    Alternately you can also demote & promote the server containg the lingering.You need to forcefully demote the server having lingering object by runnning dcpromo/forceremoval followed by metadata cleanup and promote the server back as DC.

    If faulty DC is FSMO role holder you need to seize the FSMO on other DC.

    Reference link
    Forcefull removal of DC:http://support.microsoft.com/kb/332199
    Metadata cleanup:http://www.petri.co.il/delete_failed_dcs_from_ad.htm
    Seize FSMO role:http://www.petri.co.il/seizing_fsmo_roles.htm

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Saturday, January 28, 2012 7:21 AM
  • Thanks for the support. I'm bit confused on the "repadmin /removelingeringobjects" command. Can you post an example on this.

    Regs,

    Sachitha.

    Saturday, January 28, 2012 7:46 AM
  • repadmin /removelingeringobjects <var>domain_controller</var>.example.com A0AE6093-15F5-4DB8-836B-4495E3A15396 dc=example,dc=com

    please refer to the below links for more info on the Usage:

    http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

    http://support.microsoft.com/kb/870695


    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.
    • Marked as answer by Elytis Cheng Thursday, February 2, 2012 9:44 AM
    Saturday, January 28, 2012 7:55 AM
  • You can refer below blogs complete step to identify the lingering object and from where it is originating and how to remove the same.

    http://sandeshdubey.wordpress.com/2011/10/09/how-to-find-and-remove-lingering-objects-in-active-directory/

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    • Marked as answer by Elytis Cheng Thursday, February 2, 2012 9:44 AM
    Saturday, January 28, 2012 8:34 AM
  • repadmin /removelingeringobjects <var>Destination_domain_controller </var><var>Source_domain_controller_GUID </var><var>Directory_partition </var>/advisory_mode

    Where,

    1) Destination_domain_controller = adc.domain.com (Affected Domain Controller which containing ligering objects)

    2) Source_domain_controller_GUID <var>Directory_partition = 65b4d750-6a0c-43dc-b830-fbe38c48ab87 (GUID of that domian controller which not have lingering objects.which is working properly)</var>

    3) advisory_mode = The /advisory_mode parameter is optional. You can use this parameter to make sure that the lingering object that is reported in event ID 1988 exists in the Active Directory database on the server that you suspect has the lingering objects. When you use this parameter, the lingering objects are not removed. Instead, the /advisory_ mode parameter lets you view the results of the command before you take action to remove any objects from the folder. We recommend that you always use the /advisory_ mode parameter before you use Repadmin to delete the lingering objects

    Exampl commant.

    C:\>repadmin /removelingeringobjects <var>domain_controller</var>.example.com A0AE6093-15F5-4DB8-836B-4495E3A15396 dc=example,dc=com /advisory_mode

    <var></var> 


    Shaikh Shahabuddin. (MSCA)
    Saturday, January 28, 2012 8:57 AM
  • It very difficult to get rid of lingering objects and more difficult if its in read only partitions, if you have other DC's in the domain i would suggest simply demoting and re-promoting to get rid of lingering on the DC showing this symptom. If you don't remove the DC it might happen lingering object is spread to whole forest and then it will be more challenging to remove.

    Demoting and promoting the DC is viable approach for the DC's infected with lingering objects.

    Take a look at below previous discussion and you can use references in the article to remove the lingering objects, but my experience with repadmin /removelingerinjobjects is not good becasue even though after running this cmd, getting success log but lingering object was remain and i required to demote it.

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9f114f3f-e8ef-4ac6-846f-8e61d6324d9a

    The syntax is repadmin /removelingeringobjects destinationDC SourceDCGUID dc=abc,dc=com 

    http://technet.microsoft.com/en-us/library/cc736571%28WS.10%29.aspx#BKMK_35

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  http://awinish.wordpress.com/


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Saturday, January 28, 2012 9:47 AM
  • Thanks for the support. I'm bit confused on the "repadmin /removelingeringobjects" command. Can you post an example on this.

    Regs,

    Sachitha.


    Hi,

    You may refer this http://support.microsoft.com/kb/870695 for repadmin /removelingeringobjects syntax and example, however I would recommend to remove the problem DC forcefully from Active Directory (DCPROMO /FORCEREMOVAL), perform metadata cleanup and reinstall the problem server and promote it as DC & GC..

    Note: If problem DC is a FSMO role owner, you need to seize the FSMO roles to healthy DC.

    You may refer below links:
    Clean Up Server Metadata Windows Server 2003 and Windows Server 2003 R2
    http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

    Clean Up Server Metadata Windows Server 2008 and higher
    http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

    Regards,


    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA
    Saturday, January 28, 2012 4:02 PM
  • Why & who marked the comments of mine and Gopi kiran as Abuse?

    Please let me know the reason for the same.


    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Sunday, January 29, 2012 1:11 AM
  • To deal with the lingring object, you two chioce either use repadmin command to remove the same or else you can demote and promote the dc, which is having lingering object.

    I obseved the sandesh comment about the this is realy good to fix the issue.

    Follow that and do let us know if you need any help.

    You can also remove lingering object by using ldp
    http://support.microsoft.com/kb/314282
    http://utools.com/help/LingeringObjects.asp

     

    Regards

    Ajay sharma


    Ajay Sharma NOC L2Tech Engineer, continuum noc. Email: ajay.sharma@noc.continuum.net
    Sunday, January 29, 2012 4:50 AM