Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Server Operating Systems > Windows Server 2000 / 2003 / 2003 R2
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Lingering Objects

Lingering Objects

this thread has 3 replies and has been viewed 5142 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 3rd April 2009, 01:15
Mudd Mudd is offline
Junior Member
Staying around
 
 Join Date: Mar 2008
  6 month star 12 month star
 Location: California
 Posts: 237
 Reputation: Mudd is on a distinguished road (16)
Default Lingering Objects

Hi,

How can I confirm if I have lingering objects in Active Directory? Is there a utility for this?

Had an admin take DC's off line with out doing the DCPROMO first. I believed he removed them manually (metadata cleanup) but I want to confirm they are gone.

After checking "replmon" I noticed changes are being seen by servers not known to me. They're 17 of these servers and not sure what to make of it. The list looks something like this.

DELETED SERVER #1
DELETED SERVER #2
DELETED SERVER #3...and so on and so on the 17 of them.

TIA guys!
  #2  
Old 3rd April 2009, 01:44
Garen Garen is offline
Users Awaiting Email Confirmation
Someone to look up to
 
 Join Date: Nov 2007
  6 month star 12 month star
 Posts: 751
 Reputation: Garen will become famous soon enoughGaren will become famous soon enough (147)
Default Re: Lingering Objects

Improper DC demotion does not create lingering objects.

Lingering objects come from restoring old backups or turning on DCs that have been offline longer than the tombstone lifetime.

If you had lingering objects you would see the warnings in the event logs because AD Strict Replication (Win2000 SP3+ only) disables replication with a DC that contains lingering objects.
  #3  
Old 3rd April 2009, 19:12
Mudd Mudd is offline
Junior Member
Staying around
 
 Join Date: Mar 2008
  6 month star 12 month star
 Location: California
 Posts: 237
 Reputation: Mudd is on a distinguished road (16)
Default Re: Lingering Objects

Quote:
Originally Posted by Garen View Post
Improper DC demotion does not create lingering objects.

Lingering objects come from restoring old backups or turning on DCs that have been offline longer than the tombstone lifetime.

If you had lingering objects you would see the warnings in the event logs because AD Strict Replication (Win2000 SP3+ only) disables replication with a DC that contains lingering objects.
Ok, so I can check the logs for lingering objects?
  #4  
Old 7th April 2009, 15:16
AndyJG247's Avatar
AndyJG247 AndyJG247 is offline
Senior Member
Wrote the book
 
 Join Date: Mar 2008
  6 month star 12 month star
 Location: London
 Posts: 3,842
 Reputation: AndyJG247 is a jewel in the roughAndyJG247 is a jewel in the roughAndyJG247 is a jewel in the roughAndyJG247 is a jewel in the rough (349)
Default Re: Lingering Objects

Something like this:
Code:
Event Type:    Error
Event Source:    NTDS Replication
Event Category:    Replication 
Event ID:    1988
Date:        07/04/2009
Time:        12:56:56
User:        NT AUTHORITY\ANONYMOUS LOGON
Computer:    DC99
Description:
Active Directory Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory database.  Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed.  Objects that have been deleted and garbage collected from an Active Directory partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". 
 
 This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory database.  This replication attempt has been blocked.
 
 The best solution to this problem is to identify and remove all lingering objects in the forest.
 
 
Source DC (Transport-specific network address):
11159e43-14df-477f-822d-d1fcwad37aww._msdcs.microsoft.com 
Object:
CN=2342342131f34f23\0ACD3:333222940-6e48-4ee4-719-6157cfd2437c,CN=12121212,OU=1212121,OU=121212,OU=12121,DC=1212,DC=microsoft,DC=com 
Object GUID:
111111111-6e48-111-b719-6157cfd2437c 
 
User Action:
 
Remove Lingering Objects:
 
 The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
 
 If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD.  To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects.  To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
 
 If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
 
 If you need Active Directory replication to function immediately at all costs and don't have time to remove lingering objects, enable loose replication consistency by unsetting the following registry key:
 
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency
 
 Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved.  DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC.
 
 Lingering objects may be prevented by ensuring that all domain controllers in the forest are running Active Directory, are connected by a spanning tree connection topology and perform inbound replication before Tombstone Live number of days pass.
__________________
cheers
Andy

Please read this before you post:
http://support.microsoft.com/kb/555375

Quis custodiet ipsos custodes?
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
AD old objects jcputter Windows Server 2000 / 2003 / 2003 R2 2 22nd April 2008 11:50
What affect does the "Delete/Create al child objects" permission have on leaf objects gtomsho Active Directory 0 9th April 2008 02:10
Delgate can see other OUs and objects nikodemz Active Directory 2 26th September 2007 20:38
Slow showing of objects in AD big-man Active Directory 2 7th November 2005 10:39
AD objects EX S2002 Active Directory 2 30th August 2005 11:42


All times are GMT +3. The time now is 22:51.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri