Improve company productivity with a Business Account.Sign Up


Replication between two sites where tombstoned greater than 60 days

Posted on 2009-05-17
Medium Priority
Last Modified: 2012-06-21
Hi gurus,

I am in an awkward situation.

For the first time I am personally visiting a site that is set up as a child domain of our main domain.
The child is based in Australia.

I knew we had AD issues, but nothing quite like what I've walked in to.
issues I've found so far include:
- child domain Sites and Services showing incorrect data
- child domain not able to replicate with parent, or other child domain

Due to the size of the company, there is only 1 DC in the child domain.  However I have a new server to install that I want to seize all DC roles onto, and maybe use the "current old" DC as a secondary.
This DC's event viewer is full of Event IDs 1084, 1926 and 1800.

DNS is setup as the following
Primary Zone AD
Child Domain = stub
Primary Zone AD
Parent Domain = stub

I can ping each DC from each other.
From child DC I can get to parent DC via \\servername and I can see and access shares.
From parent DC I can NOT get to child DC via \\servername, I get the error "No network provider accepted the given network path"

Sorry for the long post, and no doubt there will be more information dependent on the questions asked, I'm wondering if there is a way to force the replication so that everything from the parent DC overwrites the data on the child DC, except the site information, and then the correct site information from child replicates back to parent and overwrites any data on there.
Easier said than done I presume....

Kind Regards
Question by:taffevans
  • 4
  • 2

Author Comment

ID: 24408752
To add:

Event Viewer in the UK (parent) shows Event ID's 1925 and 2042.

Sites and Services in the UK is correct, however it shows for the site "australia" that there is replication to the DC in the UK, but not from it to the Australia DC.

LVL 71

Expert Comment

by:Chris Dent
ID: 24419833

You may be interested in this:

It should allow you to replicate changes from the parent domain to the child.

I strongly advise you take a system state backup of both domains prior to following those steps.


Author Comment

ID: 24428708
Hi Chris, Thanks for the reply.

I think I've tracked the problem down.  There seems to be an invalid domain on the Australia "copy" of AD, when I run NTDSUTIL and do a metadata cleanup, I see an extra domain for Thailand.

I'm now only getting errors when replicating with ID 1800, and 1801, both representing that "invalid" domain

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1801
Date:            20/05/2009
Time:            14:54:14
Computer:      AUS-SYD-DC1
The partition DC=bangkok\0ACNF:ce60523b-c27d-4624-92f2-170b28d08be5,DC=company,DC=local should be hosted at site CN=SYDNEY,CN=Sites,CN=Configuration,DC=comapny,DC=local, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

For more information, see Help and Support Center at

I have tried to remove this domain, but it seems that AD has linked it into the correct Bangkok domain.

When I run NTDSUTIL on any other domain (we have 1 parent, 3 child), I do not see this extra Bangkok domain.

Just trying to find how to "cleanse" it.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

LVL 71

Accepted Solution

Chris Dent earned 1500 total points
ID: 24429601

You might check for partitions if the domain is not listed at all.

I take it you followed this KB article (in spirit if not exactly :)) to remove the orphaned domain:

It is possible to check for the partition itself (hopefully) with....

Domain Management
Connect To Server <TheAUDC>
Select Operation Target
List Naming Contexts

Otherwise, fire up ADSIEdit.msc, expand Configuration and Partitions, see if the partition is listed there.

As for removing it, I'm reluctant to advise you try and delete it, if only because it's not my network and I'm not the one who will have to fix it should it make it unhappy. I haven't come across any explicit MS KB articles on it, so you may consider contacting Product Support Services (unless you're happy with any risk associated with removing the partition).


Author Comment

ID: 24437166
Unfortunately tried that.  Comes up with an error saying I need to connect to the Parent FSMO role holder (which is in the UK), and running NTDSUTIL on there doesn't show that odd domain.

I put in the new DC here in Aus, and removed AD from the old one.  It seemed to run OK and no errors, but the Sites and Services in UK (parent) don't show the new server.  I've removed the old one, now trying to work out how to get it seen.

I've added "Replicate with Corrupt and Divergent Partners" registry key to all servers, just to try and force it through, I can then deal with lingering objects afterwards.

In an ideal world I would of just removed the Sydney domain and started again!

Author Comment

ID: 24437739
I've managed to get rid of that partition by using

Was a bit tedious, but with changing "Strict Replication" to 0 and then rebooting the UK DC and the Oz DC, it finally removed that partition.

The issue (another one) now is that the UK KCC Sites and Services doesn't see the new server, I think it was because of the above issue (the new Oz DC couldn't declare itself as a GC because of that partition not being able to be replicated from anywhere).

Thanks for the pointers, slowly getting there! :)

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question