In my test environment, I have created multiple domain controllers and placed them in multiple subnets. Couple of the servers is in Leela office and another one is in Gayatri. I could not check these servers for some days and did not work on them due to other activities. Recently I tried to connect to them and logged on to one of my test domain controllers and noticed that one of the servers was out of network and did not replicate to other servers for some days. (I haven’t implemented anything to monitor replication health). I then tried to forcefully replicate the server using ‘repadmin’ command. But it has been failed with an error:
“The source server is currently rejecting replication requests. This operation will not continue”
Then I checked event viewer and noticed that there are some error events due to lingering objects in the server which was out of network. These are some user accounts deleted from a server other than the affected server. This change was not replicated to the affected server since it was out of network. Tombstone period has expired before bringing the server back online and the deleted objects became present only in the affected server. So when I brought the server back after the tombstone period these user objects became lingering and other servers were denying to replicate to the affected server due to lingering objects.
I used the below command to remove lingering objects.
repadmin /removelingeringobjects <affectedservername> <GUIDofgoodDC> dc=ADFANS,dc=NET
This command basically compares the AD database of the affected and good DCs and deletes the lingering objects without triggering replication so that the deletions occur only in the affected server. (You can also use the /advisory_mode switch to run the tool for testing purpose. This will not remove the lingering objects but will give you the details of the objects in event viewer.)
Then I synchronized the servers using the Repadmin /syncall option.
In my case it was obvious that the lingering objects were on the server which was out of network. But in huge environments you will not be able to find out the affected server very easily. In that case you could locate the server by checking the event logs. Domain controller that doesn’t log Event ID 1388 or Event ID 1988 (if Strict Replication Consistency is not enabled) contains the lingering object. There are tools available to gather event ids from multiple servers and Eventcombmt is such one.
I have referred the below articles to diagnose and fix my issue. Repadmin is a tool used to diagnose replication issues and this comes with windows server 2003 support tools.
Forcing replication: http://technet.microsoft.com/en-us/library/cc811569(WS.10).aspxFinding Lingering objects: http://technet.microsoft.com/en-us/library/cc738018(WS.10).aspx