Go Premium for a chance to win a PS4. Enter to Win


Replication between two sites where tombstoned greater than 60 days

Posted on 2009-05-17
Medium Priority
Last Modified: 2012-06-21
Hi gurus,

I am in an awkward situation.

For the first time I am personally visiting a site that is set up as a child domain of our main domain.
The child is based in Australia.

I knew we had AD issues, but nothing quite like what I've walked in to.
issues I've found so far include:
- child domain Sites and Services showing incorrect data
- child domain not able to replicate with parent, or other child domain

Due to the size of the company, there is only 1 DC in the child domain.  However I have a new server to install that I want to seize all DC roles onto, and maybe use the "current old" DC as a secondary.
This DC's event viewer is full of Event IDs 1084, 1926 and 1800.

DNS is setup as the following
Primary Zone AD
Child Domain = stub
Primary Zone AD
Parent Domain = stub

I can ping each DC from each other.
From child DC I can get to parent DC via \\servername and I can see and access shares.
From parent DC I can NOT get to child DC via \\servername, I get the error "No network provider accepted the given network path"

Sorry for the long post, and no doubt there will be more information dependent on the questions asked, I'm wondering if there is a way to force the replication so that everything from the parent DC overwrites the data on the child DC, except the site information, and then the correct site information from child replicates back to parent and overwrites any data on there.
Easier said than done I presume....

Kind Regards
Question by:taffevans
  • 4
  • 2

Author Comment

ID: 24408752
To add:

Event Viewer in the UK (parent) shows Event ID's 1925 and 2042.

Sites and Services in the UK is correct, however it shows for the site "australia" that there is replication to the DC in the UK, but not from it to the Australia DC.

LVL 71

Expert Comment

by:Chris Dent
ID: 24419833

You may be interested in this:


It should allow you to replicate changes from the parent domain to the child.

I strongly advise you take a system state backup of both domains prior to following those steps.


Author Comment

ID: 24428708
Hi Chris, Thanks for the reply.

I think I've tracked the problem down.  There seems to be an invalid domain on the Australia "copy" of AD, when I run NTDSUTIL and do a metadata cleanup, I see an extra domain for Thailand.

I'm now only getting errors when replicating with ID 1800, and 1801, both representing that "invalid" domain

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1801
Date:            20/05/2009
Time:            14:54:14
Computer:      AUS-SYD-DC1
The partition DC=bangkok\0ACNF:ce60523b-c27d-4624-92f2-170b28d08be5,DC=company,DC=local should be hosted at site CN=SYDNEY,CN=Sites,CN=Configuration,DC=comapny,DC=local, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I have tried to remove this domain, but it seems that AD has linked it into the correct Bangkok domain.

When I run NTDSUTIL on any other domain (we have 1 parent, 3 child), I do not see this extra Bangkok domain.

Just trying to find how to "cleanse" it.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 71

Accepted Solution

Chris Dent earned 1500 total points
ID: 24429601

You might check for partitions if the domain is not listed at all.

I take it you followed this KB article (in spirit if not exactly :)) to remove the orphaned domain:


It is possible to check for the partition itself (hopefully) with....

Domain Management
Connect To Server <TheAUDC>
Select Operation Target
List Naming Contexts

Otherwise, fire up ADSIEdit.msc, expand Configuration and Partitions, see if the partition is listed there.

As for removing it, I'm reluctant to advise you try and delete it, if only because it's not my network and I'm not the one who will have to fix it should it make it unhappy. I haven't come across any explicit MS KB articles on it, so you may consider contacting Product Support Services (unless you're happy with any risk associated with removing the partition).


Author Comment

ID: 24437166
Unfortunately tried that.  Comes up with an error saying I need to connect to the Parent FSMO role holder (which is in the UK), and running NTDSUTIL on there doesn't show that odd domain.

I put in the new DC here in Aus, and removed AD from the old one.  It seemed to run OK and no errors, but the Sites and Services in UK (parent) don't show the new server.  I've removed the old one, now trying to work out how to get it seen.

I've added "Replicate with Corrupt and Divergent Partners" registry key to all servers, just to try and force it through, I can then deal with lingering objects afterwards.

In an ideal world I would of just removed the Sydney domain and started again!

Author Comment

ID: 24437739
I've managed to get rid of that partition by using

Was a bit tedious, but with changing "Strict Replication" to 0 and then rebooting the UK DC and the Oz DC, it finally removed that partition.

The issue (another one) now is that the UK KCC Sites and Services doesn't see the new server, I think it was because of the above issue (the new Oz DC couldn't declare itself as a GC because of that partition not being able to be replicated from anywhere).

Thanks for the pointers, slowly getting there! :)

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question