We have a child domain which has around 35 domain controllers. We've found some inconsistencies between the number of objects in a few DCs. We've identified some objects to be deleted contacts. They still exist on some DCs but not on others. We're not sure if this is happening with other objects such as groups, other user accounts, or computers.
Is there a way to do these things:
1. Compare status between all the DCs in the domain?
2. For the DCs that do not seem to be synchronized properly, find out which objects exactly are not being synchronized?
A few other things to note:
1. I didn't find any lingering object errors.
2. I know replmon can help, but it's really slow and running it on 35 DCs will take forever.
3. From the domain FSMO role holder, I created a new OU and put some of the objects that should be been deleted into it. This replicated out to all the DCs just fine. This helped us verify replication. However, it did 'recreate' the 'deleted objects' on all the other DCs.
4. AD is windows 2003 in native mode.