Thursday, July 15, 2010

Force replication of AD partitions after tombstone lifetime exceeded / emails issues

If a server has exceed the tombstone lifetime (180 days on WS2008 by default), it will cause issues when brought back on the network.
New users, groups… are not synchronized anymore on this server, and it can cause issues with emails sent to these new users.
If the email server can check for the user in the AD against the bad server, emails won’t be delivered.

Run the following on a good dc :

Repadmin /showrepl

Get the GUI of a good DC :

DC=mydomain,DC=intra
Default-First-Site-Name\GOOD-DC1 via RPC
DSA object GUID: de7429ee-7637-45cb-bbf0-43d17b17831b
Last attempt @ 2010-07-15 12:17:30 was successful.

Then remove objects on the bad DC that not longer exist in the current AD (good DC) :

repadmin /removelingeringobjects bad-dc.mydomain.intra de7429ee-7637-45cb-bbf0-43d17b17831b "dc=mydomain, dc=intra"


Then :

repadmin /replicate bad-dc.mydomain.intra good-dc.mydomain.intra DC=mydomain,DC=intra /force

repadmin /replicate bad-dc.mydomain.intra good-dc.mydomain.intra CN=configuration,DC=mydomain,DC=intra /force

repadmin /replicate bad-dc.mydomain.intra good-dc.mydomain.intra CN=schema,CN=configuration,DC=mydomain,DC=intra /force

This will synchronize the servers for these partitions and you won’t have issues anymore with the accounts of the new users.

But, if the bad DC is planned for a removal I recommend to use the dcpromo /forceremoval method and a metadata cleanup as explained here :
Remove_ad_from_dc
Delete_failed_DC
Posted by at
Reactions: 
Labels:

6 comments:

  1. Brad MeredithMay 12, 2016 at 6:12 PM

    You Sir, are a genius. Well done.

    ReplyDelete
  2. UnknownFebruary 12, 2017 at 8:11 PM

    helpful concise summary - i also had to force ForestDnsZones and DomainDnsZones.
    I also found i could not clear all errors until i ran the force each way - referencing the "good" server.

    ReplyDelete
  3. ferely helsiiNovember 17, 2017 at 7:04 AM

    I constantly like to read a top quality content having accurate info pertaining to the subject and the exact same thing I found in this article. Nice job.ขอใบอนุญาตโฆษณาอาหาร

    ReplyDelete
  4. AnonymousFebruary 6, 2018 at 8:03 AM

    repadmin /removelingeringobjects bad-dc.mydomain.intra de7429ee-7637-45cb-bbf0-43d17b17831b "dc=mydomain, dc=intra"

    Can you please comment if The above step should be run in bad dc or good dc?

    ReplyDelete
  5. AnonymousMarch 29, 2018 at 2:04 PM

    repadmin /removelingeringobjects bad-dc.mydomain.intra de7429ee-7637-45cb-bbf0-43d17b17831b "dc=mydomain, dc=intra"
    Can you please comment if The above step should be run in bad dc or good dc?

    ReplyDelete
  6. MaheshApril 14, 2018 at 9:06 AM


    Really very informative and creative contents. This concept is a good way to enhance the knowledge.
    thanks for sharing. please keep it up.
    Exchange Server training in gurgaon

    ReplyDelete

Subscribe to: Post Comments (Atom)