Lingering Objects and Replication issues

In my test envi­ron­ment, I have cre­ated mul­ti­ple domain con­trollers and placed them in mul­ti­ple sub­nets. Cou­ple of the servers is in Leela office and another one is in Gay­a­tri. I could not check these servers for some days and did not work on them due to other activ­i­ties. Recently I tried to con­nect to them and logged on to one of my test domain con­trollers and noticed that one of the servers was out of net­work and did not repli­cate to other servers for some days. (I haven’t imple­mented any­thing to mon­i­tor repli­ca­tion health). I then tried to force­fully repli­cate the server using ‘repad­min’ com­mand. But it has been failed with an error:

“The source server is cur­rently reject­ing repli­ca­tion requests. This oper­a­tion will not continue”

Then I checked event viewer and noticed that there are some error events due to lin­ger­ing objects in the server which was out of net­work. These are some user accounts deleted from a server other than the affected server. This change was not repli­cated to the affected server since it was out of net­work. Tomb­stone period has expired before bring­ing the server back online and the deleted objects became present only in the affected server. So when I brought the server back after the tomb­stone period these user objects became lin­ger­ing and other servers were deny­ing to repli­cate to the affected server due to lin­ger­ing objects.

I used the below com­mand to remove lin­ger­ing objects.

repad­min /removelingeringobjects <affect­ed­server­name> <GUID­of­goodDC> dc=ADFANS,dc=NET

This com­mand basi­cally com­pares the AD data­base of the affected and good DCs and deletes the lin­ger­ing objects with­out trig­ger­ing repli­ca­tion so that the dele­tions occur only in the affected server. (You can also use the /advisory_mode switch to run the tool for test­ing pur­pose. This will not remove the lin­ger­ing objects but will give you the details of the objects in event viewer.)

Then I synchronized the servers using the Repad­min /syncall option.

In my case it was obvi­ous that the lin­ger­ing objects were on the server which was out of net­work. But in huge envi­ron­ments you will not be able to find out the affected server very eas­ily. In that case you could locate the server by check­ing the event logs. Domain con­troller that doesn’t log Event ID 1388 or Event ID 1988 (if Strict Repli­ca­tion Con­sis­tency is not enabled) con­tains the lin­ger­ing object. There are tools avail­able to gather event ids from mul­ti­ple servers and Event­combmt is such one.

I have referred the below arti­cles to diag­nose and fix my issue. Repad­min is a tool used to diag­nose repli­ca­tion issues and this comes with win­dows server 2003 sup­port tools.

Forc­ing repli­ca­tion: http://technet.microsoft.com/en-us/library/cc811569(WS.10).aspxFind­ing Lin­ger­ing objects: http://technet.microsoft.com/en-us/library/cc738018(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc785298(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc780362(WS.10).aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s