Cela va take certains time to fix.
To stop tous replication, run:
repadmin /options +DISABLE_OUTBOUND_REPL
On tous DCs. Remember that le ci-dessus setting does pas prevent manual replication actions such as an admin (you) running repadmin /syncall /APed, etc. But c'est a good thing parce que it allows you to get tous votre DCs back into sync totally avant re-enabling regular replication.
Repadmin determines that c'est a lingering object si le object exists on ServerA mais pas on ServerB, où ServerB is le reference DC. The difference entre replicating newly created objects et replicating updates to déjà existing objects is le key. Replicating newly created objects = good. Replicating updates to déjà existing objects = good. Replicating updates to objects that ne exist on le destination DC = bad.
You seulement need to lather, rinse, repeat jusqu'à tous DCs match up avec votre one good reference DC. Then turn on strict consistency everywhere, alors re-enable replication. Yes, you do exécutez le risk of deleting legitimate objects that were created on autre remote DCs that have pas replicated to votre reference DC.
From le great "How the Active Directory Replication Model Works" article:
Replication Consistency Setting
If le attributes on a lingering object jamais change, le object is
jamais considered for replication. Cependant, si an attribute changes,
le attribute is considered for outbound replication. Because the
destination domain controller does pas hold le object for the
attribute that is being replicated, an update cannot be performed. How
this condition is resolved depends on le replication consistency
setting on le domain controller.
A registry setting on domain controllers that are running Windows
Server 2003 ou Windows 2000 Server avec SP3 provides a consistency
value that determines si a domain controller replicates and
reanimates an updated object that has been deleted depuis tous other
replicas, ou si replication of such objects is blocked. The
par défaut settings are différent on domain controllers that are running
Windows 2000 Server avec SP3 et Windows Server 2003.
Strict Replication Consistency
To avoid problems avec reanimating objects that have been deleted, a
domain controller that is running Windows Server 2003 in a newly
created (not upgraded) Windows Server 2003 forest blocks inbound
replication par défaut quand it receives an update to an object that it
does pas have.
Note • Active Directory replication uses update tracking to
differentiate entre replicating a newly created object et updating
an attribute for an existing object. Replication of a lingering object
is an attempt to update an attribute ou attributes of an object that
le destination domain controller cannot update parce que le object
does pas exist.
Replication is halted in le directory partition for le object until
le lingering object is removed depuis le source domain controller or
le strict replication consistency setting is disabled.
When ServerB says to ServerA: "Hey, certains updates have been made to existing objectA." Then ServerA says: "Wait what? Je ne even have objectA at all. Send me le entire object!" If no strict consistency. If strict consistency, ServerA says: "Wait what? How do you expect me to update an object that ne exist? Go get bent!"
To find si you have lingering objects on a domain controller:
repadmin /removelingeringobjects ServerName ServerGUID DirectoryPartition /advisory_mode
ServerGUID is le known good reference DC. Je sais you déjà know this... et how to script le ci-dessus line to run it on tous DCs... (foreach ($DC In $(Get-ADDomain).ReplicaDirectoryServers) { })...
Vous devez a good source DC to compare against, bottom line. If you ne have a known good source DC ou ne know, you juste have to pick one. It should be a writable GC of course. C'est relative - si tous domain controllers agree on le existence of an object, et that object's attributes... alors c'est pas a lingering object.
foreach($GC In $(Get-ADForest).GlobalCatalogs) { repadmin /removelingeringobjects $_.name 85d158d2-a006-4fff-b1e5-f9b6eaabab2b '$directoryPartition'
C'est resyncing that directory partition of chaque GC in le forest avec le known good source qui you need to specify as le GUID.
Then après you've got tous votre domain controllers once again tous in agreement, et replication is happy... alors you go et start flipping on strict consistency on tous of them.
Edit: This is Microsoft's party line on le issue, et what they'll likely talk you through were you to call them.
Finally, this may be more trouble to fix than c'est worth sauf si c'est causing you problems. I hate to say it, mais AD can encore function normally avec lingering objects in it.
