Re: Tombstone problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Jorge de Almeida Pinto [MVP - DS] wrote:
dont believe what the output is on the command line window. Check the DS
event log

That's what I did:

Active Directory has completed the removal of lingering objects on the
local domain controller. All objects on this domain controller have had
their existence verified on the following source domain controller.

Source domain controller:
6bbcef2a-3fc6-4ea5-8ea1-c96bf99174dc._msdcs.INDEA.local
Number of objects deleted:
0

Objects that were deleted and garbage collected on the source domain
controller yet existed on the local domain controller were deleted from
the local domain controller. Past event log entries list these deleted
objects.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
----------------------------------------------------------------------

And then a few minutes later:

Active Directory Replication encountered the existence of objects in the
following partition that have been deleted from the local domain
controllers (DCs) Active Directory database. Not all direct or
transitive replication partners replicated in the deletion before the
tombstone lifetime number of days passed. Objects that have been
deleted and garbage collected from an Active Directory partition but
still exist in the writable partitions of other DCs in the same domain,
or read-only partitions of global catalog servers in other domains in
the forest are known as "lingering objects".

This event is being logged because the source DC contains a lingering
object which does not exist on the local DCs Active Directory database.
This replication attempt has been blocked.

The best solution to this problem is to identify and remove all
lingering objects in the forest.


Source DC (Transport-specific network address):
6bbcef2a-3fc6-4ea5-8ea1-c96bf99174dc._msdcs.INDEA.local
Object:
CN=Offer Remote Assistance
Helpers\0ADEL:c980eee8-8026-4529-96d0-588e59b4aa95,CN=Deleted
Objects,DC=INDEA,DC=local
Object GUID:
c980eee8-8026-4529-96d0-588e59b4aa95

User Action:

Remove Lingering Objects:

The action plan to recover from this error can be found at
http://support.microsoft.com/?id=314282.

If both the source and destination DCs are Windows Server 2003 DCs,
then install the support tools included on the installation CD. To see
which objects would be deleted without actually performing the deletion
run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA
GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will
enumerate all lingering objects. To remove lingering objects from a
source domain controller run "repadmin /removelingeringobjects <Source
DC> <Destination DC DSA GUID> <NC>".

If either source or destination DC is a Windows 2000 Server DC, then
more information on how to remove lingering objects on the source DC can
be found at http://support.microsoft.com/?id=314282 or from your
Microsoft support personnel.

If you need Active Directory replication to function immediately at all
costs and don't have time to remove lingering objects, enable loose
replication consistency by unsetting the following registry key:

Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict
Replication Consistency

Replication errors between DCs sharing a common partition can prevent
user and compter acounts, trust relationships, their passwords, security
groups, security group memberships and other Active Directory
configuration data to vary between DCs, affecting the ability to log on,
find objects of interest and perform other critical operations. These
inconsistencies are resolved once replication errors are resolved. DCs
that fail to inbound replicate deleted objects within tombstone lifetime
number of days will remain inconsistent until lingering objects are
manually removed by an administrator from each local DC.

Lingering objects may be prevented by ensuring that all domain
controllers in the forest are running Active Directory, are connected by
a spanning tree connection topology and perform inbound replication
before Tombstone Live number of days pass.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
.

Relevant Pages

  • Re: AD sites and services
    ... A search for "Active Directory Sites" yeilds the following: ... After an Unsuccessful Domain Controller Demotion" ... http://support.microsoft.com?kbid=220140 "FRS Replication Protocol and Topology ... Windows 2000 Domain Controllers" ...
    (microsoft.public.win2000.active_directory)
  • Re: Event ID 1988 appears, tried everything on microsoft support homepage...
    ... The lingering objects are being defined as GC objects from what ... my problem is that on about 2 dcs the following event ... controllers Active Directory database. ... transitive replication partners replicated in the deletion before the ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Replication
    ... Source NTDS Replication ... A database error occurred while applying replicated changes ... the Active Directory database then retry the operation. ... On the source domain controller, move the object to have a ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Replication
    ... Source NTDS Replication ... A database error occurred while applying replicated changes ... the Active Directory database then retry the operation. ... On the source domain controller, move the object to have a ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Replication issues
    ... Please describe a bit more detailed the network setup. ... Please see output of AD Replication Monitor - Search Domain ... Active Directory Replication Domain Controller Replication Failure ...
    (microsoft.public.windows.server.active_directory)