Sign in with
Sign up | Sign in
Your question

Replication Problem (Will I need to rebuild domain)

Last response: in Windows 2000/NT
Share
February 15, 2005 6:54:31 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
day so therefore has exceeded the tombstone lifetime. This DC is part
of a forest. There are no other DC's in that domain.

Does the root DC (dc.root.org) of the forest keep a copy of the AD for
this domain? (sub.root.org)

Or will we have to rebuild this domain and re-add it to the forest?

Any advice would be appreciated.

This is the log in the Event Log: NTDS Replication Event ID: 2042

It has been too long since this machine last replicated with the named
source machine. The time between replications with this source has
exceeded the tombstone lifetime. Replication has been stopped with
this source.
The reason that replication is not allowed to continue is that the two
machine's views of deleted objects may now be different. The source
machine may still have copies of objects that have been deleted (and
garbage collected) on this machine. If they were allowed to replicate,
the source machine might return objects which have already been
deleted.
Time of last successful replication:
2004-09-15 00:01:50
Invocation ID of source:
03edf844-f834-03ed-c813-2e040c532403
Name of source:
c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
Tombstone lifetime (days):
60

The replication operation has failed.

User Action:

Determine which of the two machines was disconnected from the forest
and is now out of date. You have three options:

1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove
inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced.
You can continue replication by using the following registry key. Once
the systems replicate once, it is recommended that you remove the key
to reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
Replication With Divergent and Corrupt Partner

Thanks

John
Anonymous
February 15, 2005 9:27:19 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

> Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> this domain? (sub.root.org)

No it does not.


> Or will we have to rebuild this domain and re-add it to the forest?

Yes, this is exactly what you will have to do. You will also need to
cleanup this domain and domain controller by following these KBs:
-- http://support.microsoft.com/?id=230306
-- http://support.microsoft.com/?id=216498


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"John" <homehome16@hotmail.com> wrote in message
news:42f3a03a.0502150354.27d52583@posting.google.com...
Hi,

Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
day so therefore has exceeded the tombstone lifetime. This DC is part
of a forest. There are no other DC's in that domain.

Does the root DC (dc.root.org) of the forest keep a copy of the AD for
this domain? (sub.root.org)

Or will we have to rebuild this domain and re-add it to the forest?

Any advice would be appreciated.

This is the log in the Event Log: NTDS Replication Event ID: 2042

It has been too long since this machine last replicated with the named
source machine. The time between replications with this source has
exceeded the tombstone lifetime. Replication has been stopped with
this source.
The reason that replication is not allowed to continue is that the two
machine's views of deleted objects may now be different. The source
machine may still have copies of objects that have been deleted (and
garbage collected) on this machine. If they were allowed to replicate,
the source machine might return objects which have already been
deleted.
Time of last successful replication:
2004-09-15 00:01:50
Invocation ID of source:
03edf844-f834-03ed-c813-2e040c532403
Name of source:
c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
Tombstone lifetime (days):
60

The replication operation has failed.

User Action:

Determine which of the two machines was disconnected from the forest
and is now out of date. You have three options:

1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove
inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced.
You can continue replication by using the following registry key. Once
the systems replicate once, it is recommended that you remove the key
to reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
Replication With Divergent and Corrupt Partner

Thanks

John
February 16, 2005 6:45:12 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Paul, Thanks for you help just one more question:

What would happen if I either used the repadmin
/removelingeringobjects command or edited the registry key?

If no information what changed on the schema or the config. Would it
work? What would be the worse that could happen?

John




"ptwilliams" <ptw2001@hotmail.com> wrote in message news:<Ot2rPu4EFHA.208@TK2MSFTNGP12.phx.gbl>...
> > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > this domain? (sub.root.org)
>
> No it does not.
>
>
> > Or will we have to rebuild this domain and re-add it to the forest?
>
> Yes, this is exactly what you will have to do. You will also need to
> cleanup this domain and domain controller by following these KBs:
> -- http://support.microsoft.com/?id=230306
> -- http://support.microsoft.com/?id=216498
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "John" <homehome16@hotmail.com> wrote in message
> news:42f3a03a.0502150354.27d52583@posting.google.com...
> Hi,
>
> Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
> day so therefore has exceeded the tombstone lifetime. This DC is part
> of a forest. There are no other DC's in that domain.
>
> Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> this domain? (sub.root.org)
>
> Or will we have to rebuild this domain and re-add it to the forest?
>
> Any advice would be appreciated.
>
> This is the log in the Event Log: NTDS Replication Event ID: 2042
>
> It has been too long since this machine last replicated with the named
> source machine. The time between replications with this source has
> exceeded the tombstone lifetime. Replication has been stopped with
> this source.
> The reason that replication is not allowed to continue is that the two
> machine's views of deleted objects may now be different. The source
> machine may still have copies of objects that have been deleted (and
> garbage collected) on this machine. If they were allowed to replicate,
> the source machine might return objects which have already been
> deleted.
> Time of last successful replication:
> 2004-09-15 00:01:50
> Invocation ID of source:
> 03edf844-f834-03ed-c813-2e040c532403
> Name of source:
> c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
> Tombstone lifetime (days):
> 60
>
> The replication operation has failed.
>
> User Action:
>
> Determine which of the two machines was disconnected from the forest
> and is now out of date. You have three options:
>
> 1. Demote or reinstall the machine(s) that were disconnected.
> 2. Use the "repadmin /removelingeringobjects" tool to remove
> inconsistent deleted objects and then resume replication.
> 3. Resume replication. Inconsistent deleted objects may be introduced.
> You can continue replication by using the following registry key. Once
> the systems replicate once, it is recommended that you remove the key
> to reinstate the protection.
> Registry Key:
> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
> Replication With Divergent and Corrupt Partner
>
> Thanks
>
> John
Related resources
Anonymous
February 16, 2005 11:51:49 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hmmm...this is one of those "what if" scenarios.

Realistically, you can remove the lingering objects and will probably be
fine. Especially if you don't have many DCs. The main issue here, and it's
going to be worse in larger environments where replication latency is
greater, is that objects that have been deleted can be brought back. A
worse case scenario is database inconsistencies, which will result in a
rebuild of the domain (and possibly forest if we're talking enterprise
partition issues/ corruption, etc.). Think about what could happen, you
could have a possible scenario where object DACLs have changed, computer
objects have different GUID associated with them, user conflicts due to
objects with the same names being in the same containers (shouldn't be an
issue), possible duplicate SPNs, etc.

Zombies ;-)

How many DCs per domain are we talking and what kind of changes have
happened in the last two months?


--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


"John" <homehome16@hotmail.com> wrote in message
news:42f3a03a.0502160345.3ad5ad1@posting.google.com...
Paul, Thanks for you help just one more question:

What would happen if I either used the repadmin
/removelingeringobjects command or edited the registry key?

If no information what changed on the schema or the config. Would it
work? What would be the worse that could happen?

John




"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:<Ot2rPu4EFHA.208@TK2MSFTNGP12.phx.gbl>...
> > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > this domain? (sub.root.org)
>
> No it does not.
>
>
> > Or will we have to rebuild this domain and re-add it to the forest?
>
> Yes, this is exactly what you will have to do. You will also need to
> cleanup this domain and domain controller by following these KBs:
> -- http://support.microsoft.com/?id=230306
> -- http://support.microsoft.com/?id=216498
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "John" <homehome16@hotmail.com> wrote in message
> news:42f3a03a.0502150354.27d52583@posting.google.com...
> Hi,
>
> Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
> day so therefore has exceeded the tombstone lifetime. This DC is part
> of a forest. There are no other DC's in that domain.
>
> Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> this domain? (sub.root.org)
>
> Or will we have to rebuild this domain and re-add it to the forest?
>
> Any advice would be appreciated.
>
> This is the log in the Event Log: NTDS Replication Event ID: 2042
>
> It has been too long since this machine last replicated with the named
> source machine. The time between replications with this source has
> exceeded the tombstone lifetime. Replication has been stopped with
> this source.
> The reason that replication is not allowed to continue is that the two
> machine's views of deleted objects may now be different. The source
> machine may still have copies of objects that have been deleted (and
> garbage collected) on this machine. If they were allowed to replicate,
> the source machine might return objects which have already been
> deleted.
> Time of last successful replication:
> 2004-09-15 00:01:50
> Invocation ID of source:
> 03edf844-f834-03ed-c813-2e040c532403
> Name of source:
> c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
> Tombstone lifetime (days):
> 60
>
> The replication operation has failed.
>
> User Action:
>
> Determine which of the two machines was disconnected from the forest
> and is now out of date. You have three options:
>
> 1. Demote or reinstall the machine(s) that were disconnected.
> 2. Use the "repadmin /removelingeringobjects" tool to remove
> inconsistent deleted objects and then resume replication.
> 3. Resume replication. Inconsistent deleted objects may be introduced.
> You can continue replication by using the following registry key. Once
> the systems replicate once, it is recommended that you remove the key
> to reinstate the protection.
> Registry Key:
> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
> Replication With Divergent and Corrupt Partner
>
> Thanks
>
> John
February 17, 2005 6:32:34 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We have two DC's in the top level domain (Domain A). These have not
been touch since they were install. Below this level we have two
domains. One of the domains has teow DC's (Domain B). and the other
which is the problem domain has one DC (Domain c). In total there are
only 5 DC in the forest.

We also have some old legacy that have two way trusts with Domain B.
These are all windows 2000 domains

I started here about 3 months ago and I don't think that any big
changes have been made. Just to note the problem domain was the last
domain added to the forest.

The only changes that have been made are new users/deleted users. New
shares, printers, etc. however I thought that this information was
stored in the "Domain Partition", and I didn't think that this
information was replicated across to other domains.

We have also added a few more server's and computer's to Domain B.
Most of the servers have been either termainl servers or files
servers. We haven't added any new DC's or exchange servers, we may
have added some SQL servers.

Thanks John



"ptwilliams" <ptw2001@hotmail.com> wrote in message news:<uLbXXlGFFHA.4004@tk2msftngp13.phx.gbl>...
> Hmmm...this is one of those "what if" scenarios.
>
> Realistically, you can remove the lingering objects and will probably be
> fine. Especially if you don't have many DCs. The main issue here, and it's
> going to be worse in larger environments where replication latency is
> greater, is that objects that have been deleted can be brought back. A
> worse case scenario is database inconsistencies, which will result in a
> rebuild of the domain (and possibly forest if we're talking enterprise
> partition issues/ corruption, etc.). Think about what could happen, you
> could have a possible scenario where object DACLs have changed, computer
> objects have different GUID associated with them, user conflicts due to
> objects with the same names being in the same containers (shouldn't be an
> issue), possible duplicate SPNs, etc.
>
> Zombies ;-)
>
> How many DCs per domain are we talking and what kind of changes have
> happened in the last two months?
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "John" <homehome16@hotmail.com> wrote in message
> news:42f3a03a.0502160345.3ad5ad1@posting.google.com...
> Paul, Thanks for you help just one more question:
>
> What would happen if I either used the repadmin
> /removelingeringobjects command or edited the registry key?
>
> If no information what changed on the schema or the config. Would it
> work? What would be the worse that could happen?
>
> John
>
>
>
>
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:<Ot2rPu4EFHA.208@TK2MSFTNGP12.phx.gbl>...
> > > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > > this domain? (sub.root.org)
> >
> > No it does not.
> >
> >
> > > Or will we have to rebuild this domain and re-add it to the forest?
> >
> > Yes, this is exactly what you will have to do. You will also need to
> > cleanup this domain and domain controller by following these KBs:
> > -- http://support.microsoft.com/?id=230306
> > -- http://support.microsoft.com/?id=216498
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "John" <homehome16@hotmail.com> wrote in message
> > news:42f3a03a.0502150354.27d52583@posting.google.com...
> > Hi,
> >
> > Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
> > day so therefore has exceeded the tombstone lifetime. This DC is part
> > of a forest. There are no other DC's in that domain.
> >
> > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > this domain? (sub.root.org)
> >
> > Or will we have to rebuild this domain and re-add it to the forest?
> >
> > Any advice would be appreciated.
> >
> > This is the log in the Event Log: NTDS Replication Event ID: 2042
> >
> > It has been too long since this machine last replicated with the named
> > source machine. The time between replications with this source has
> > exceeded the tombstone lifetime. Replication has been stopped with
> > this source.
> > The reason that replication is not allowed to continue is that the two
> > machine's views of deleted objects may now be different. The source
> > machine may still have copies of objects that have been deleted (and
> > garbage collected) on this machine. If they were allowed to replicate,
> > the source machine might return objects which have already been
> > deleted.
> > Time of last successful replication:
> > 2004-09-15 00:01:50
> > Invocation ID of source:
> > 03edf844-f834-03ed-c813-2e040c532403
> > Name of source:
> > c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
> > Tombstone lifetime (days):
> > 60
> >
> > The replication operation has failed.
> >
> > User Action:
> >
> > Determine which of the two machines was disconnected from the forest
> > and is now out of date. You have three options:
> >
> > 1. Demote or reinstall the machine(s) that were disconnected.
> > 2. Use the "repadmin /removelingeringobjects" tool to remove
> > inconsistent deleted objects and then resume replication.
> > 3. Resume replication. Inconsistent deleted objects may be introduced.
> > You can continue replication by using the following registry key. Once
> > the systems replicate once, it is recommended that you remove the key
> > to reinstate the protection.
> > Registry Key:
> > HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
> > Replication With Divergent and Corrupt Partner
> >
> > Thanks
> >
> > John
February 17, 2005 6:39:16 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We have two DC's in the top level domain (Domain A). These have not
been touch since they were install. Below this level we have two
domains. One of the domains has teow DC's (Domain B). and the other
which is the problem domain has one DC (Domain c). In total there are
only 5 DC in the forest.

We also have some old legacy that have two way trusts with Domain B.
These are all windows 2000 domains

I started here about 3 months ago and I don't think that any big
changes have been made. Just to note the problem domain was the last
domain added to the forest.

The only changes that have been made are new users/deleted users. New
shares, printers, etc. however I thought that this information was
stored in the "Domain Partition", and I didn't think that this
information was replicated across to other domains.

We have also added a few more server's and computer's to Domain B.
Most of the servers have been either termainl servers or files
servers. We haven't added any new DC's or exchange servers, we may
have added some SQL servers.

Thanks John



"ptwilliams" <ptw2001@hotmail.com> wrote in message news:<uLbXXlGFFHA.4004@tk2msftngp13.phx.gbl>...
> Hmmm...this is one of those "what if" scenarios.
>
> Realistically, you can remove the lingering objects and will probably be
> fine. Especially if you don't have many DCs. The main issue here, and it's
> going to be worse in larger environments where replication latency is
> greater, is that objects that have been deleted can be brought back. A
> worse case scenario is database inconsistencies, which will result in a
> rebuild of the domain (and possibly forest if we're talking enterprise
> partition issues/ corruption, etc.). Think about what could happen, you
> could have a possible scenario where object DACLs have changed, computer
> objects have different GUID associated with them, user conflicts due to
> objects with the same names being in the same containers (shouldn't be an
> issue), possible duplicate SPNs, etc.
>
> Zombies ;-)
>
> How many DCs per domain are we talking and what kind of changes have
> happened in the last two months?
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "John" <homehome16@hotmail.com> wrote in message
> news:42f3a03a.0502160345.3ad5ad1@posting.google.com...
> Paul, Thanks for you help just one more question:
>
> What would happen if I either used the repadmin
> /removelingeringobjects command or edited the registry key?
>
> If no information what changed on the schema or the config. Would it
> work? What would be the worse that could happen?
>
> John
>
>
>
>
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:<Ot2rPu4EFHA.208@TK2MSFTNGP12.phx.gbl>...
> > > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > > this domain? (sub.root.org)
> >
> > No it does not.
> >
> >
> > > Or will we have to rebuild this domain and re-add it to the forest?
> >
> > Yes, this is exactly what you will have to do. You will also need to
> > cleanup this domain and domain controller by following these KBs:
> > -- http://support.microsoft.com/?id=230306
> > -- http://support.microsoft.com/?id=216498
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "John" <homehome16@hotmail.com> wrote in message
> > news:42f3a03a.0502150354.27d52583@posting.google.com...
> > Hi,
> >
> > Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
> > day so therefore has exceeded the tombstone lifetime. This DC is part
> > of a forest. There are no other DC's in that domain.
> >
> > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > this domain? (sub.root.org)
> >
> > Or will we have to rebuild this domain and re-add it to the forest?
> >
> > Any advice would be appreciated.
> >
> > This is the log in the Event Log: NTDS Replication Event ID: 2042
> >
> > It has been too long since this machine last replicated with the named
> > source machine. The time between replications with this source has
> > exceeded the tombstone lifetime. Replication has been stopped with
> > this source.
> > The reason that replication is not allowed to continue is that the two
> > machine's views of deleted objects may now be different. The source
> > machine may still have copies of objects that have been deleted (and
> > garbage collected) on this machine. If they were allowed to replicate,
> > the source machine might return objects which have already been
> > deleted.
> > Time of last successful replication:
> > 2004-09-15 00:01:50
> > Invocation ID of source:
> > 03edf844-f834-03ed-c813-2e040c532403
> > Name of source:
> > c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
> > Tombstone lifetime (days):
> > 60
> >
> > The replication operation has failed.
> >
> > User Action:
> >
> > Determine which of the two machines was disconnected from the forest
> > and is now out of date. You have three options:
> >
> > 1. Demote or reinstall the machine(s) that were disconnected.
> > 2. Use the "repadmin /removelingeringobjects" tool to remove
> > inconsistent deleted objects and then resume replication.
> > 3. Resume replication. Inconsistent deleted objects may be introduced.
> > You can continue replication by using the following registry key. Once
> > the systems replicate once, it is recommended that you remove the key
> > to reinstate the protection.
> > Registry Key:
> > HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
> > Replication With Divergent and Corrupt Partner
> >
> > Thanks
> >
> > John
Anonymous
February 17, 2005 10:15:02 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Then I'll say you'll be fine. Yes, most things are in the domain partition,
but the GC pulls a subset of attributes from all domain partitions in the
forest.

Adding servers and the like are domain-specific, so should not affect this.

I'd go for it!

Let us know...


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"John" <homehome16@hotmail.com> wrote in message
news:42f3a03a.0502170332.8591f32@posting.google.com...
We have two DC's in the top level domain (Domain A). These have not
been touch since they were install. Below this level we have two
domains. One of the domains has teow DC's (Domain B). and the other
which is the problem domain has one DC (Domain c). In total there are
only 5 DC in the forest.

We also have some old legacy that have two way trusts with Domain B.
These are all windows 2000 domains

I started here about 3 months ago and I don't think that any big
changes have been made. Just to note the problem domain was the last
domain added to the forest.

The only changes that have been made are new users/deleted users. New
shares, printers, etc. however I thought that this information was
stored in the "Domain Partition", and I didn't think that this
information was replicated across to other domains.

We have also added a few more server's and computer's to Domain B.
Most of the servers have been either termainl servers or files
servers. We haven't added any new DC's or exchange servers, we may
have added some SQL servers.

Thanks John



"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:<uLbXXlGFFHA.4004@tk2msftngp13.phx.gbl>...
> Hmmm...this is one of those "what if" scenarios.
>
> Realistically, you can remove the lingering objects and will probably be
> fine. Especially if you don't have many DCs. The main issue here, and
> it's
> going to be worse in larger environments where replication latency is
> greater, is that objects that have been deleted can be brought back. A
> worse case scenario is database inconsistencies, which will result in a
> rebuild of the domain (and possibly forest if we're talking enterprise
> partition issues/ corruption, etc.). Think about what could happen, you
> could have a possible scenario where object DACLs have changed, computer
> objects have different GUID associated with them, user conflicts due to
> objects with the same names being in the same containers (shouldn't be an
> issue), possible duplicate SPNs, etc.
>
> Zombies ;-)
>
> How many DCs per domain are we talking and what kind of changes have
> happened in the last two months?
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "John" <homehome16@hotmail.com> wrote in message
> news:42f3a03a.0502160345.3ad5ad1@posting.google.com...
> Paul, Thanks for you help just one more question:
>
> What would happen if I either used the repadmin
> /removelingeringobjects command or edited the registry key?
>
> If no information what changed on the schema or the config. Would it
> work? What would be the worse that could happen?
>
> John
>
>
>
>
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:<Ot2rPu4EFHA.208@TK2MSFTNGP12.phx.gbl>...
> > > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > > this domain? (sub.root.org)
> >
> > No it does not.
> >
> >
> > > Or will we have to rebuild this domain and re-add it to the forest?
> >
> > Yes, this is exactly what you will have to do. You will also need to
> > cleanup this domain and domain controller by following these KBs:
> > -- http://support.microsoft.com/?id=230306
> > -- http://support.microsoft.com/?id=216498
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "John" <homehome16@hotmail.com> wrote in message
> > news:42f3a03a.0502150354.27d52583@posting.google.com...
> > Hi,
> >
> > Problem: One of out DC's (dc.sub.root.org) have not replicated for 60
> > day so therefore has exceeded the tombstone lifetime. This DC is part
> > of a forest. There are no other DC's in that domain.
> >
> > Does the root DC (dc.root.org) of the forest keep a copy of the AD for
> > this domain? (sub.root.org)
> >
> > Or will we have to rebuild this domain and re-add it to the forest?
> >
> > Any advice would be appreciated.
> >
> > This is the log in the Event Log: NTDS Replication Event ID: 2042
> >
> > It has been too long since this machine last replicated with the named
> > source machine. The time between replications with this source has
> > exceeded the tombstone lifetime. Replication has been stopped with
> > this source.
> > The reason that replication is not allowed to continue is that the two
> > machine's views of deleted objects may now be different. The source
> > machine may still have copies of objects that have been deleted (and
> > garbage collected) on this machine. If they were allowed to replicate,
> > the source machine might return objects which have already been
> > deleted.
> > Time of last successful replication:
> > 2004-09-15 00:01:50
> > Invocation ID of source:
> > 03edf844-f834-03ed-c813-2e040c532403
> > Name of source:
> > c38c08ca-48ae-4f30-ac07-2603556726c3._msdcs.tdlg.net
> > Tombstone lifetime (days):
> > 60
> >
> > The replication operation has failed.
> >
> > User Action:
> >
> > Determine which of the two machines was disconnected from the forest
> > and is now out of date. You have three options:
> >
> > 1. Demote or reinstall the machine(s) that were disconnected.
> > 2. Use the "repadmin /removelingeringobjects" tool to remove
> > inconsistent deleted objects and then resume replication.
> > 3. Resume replication. Inconsistent deleted objects may be introduced.
> > You can continue replication by using the following registry key. Once
> > the systems replicate once, it is recommended that you remove the key
> > to reinstate the protection.
> > Registry Key:
> > HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow
> > Replication With Divergent and Corrupt Partner
> >
> > Thanks
> >
> > John
!