Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Replication between two sites where tombstoned greater than 60 days

Posted on 2009-05-17
Medium Priority
Last Modified: 2012-06-21
Hi gurus,

I am in an awkward situation.

For the first time I am personally visiting a site that is set up as a child domain of our main domain.
The child is based in Australia.

I knew we had AD issues, but nothing quite like what I've walked in to.
issues I've found so far include:
- child domain Sites and Services showing incorrect data
- child domain not able to replicate with parent, or other child domain

Due to the size of the company, there is only 1 DC in the child domain.  However I have a new server to install that I want to seize all DC roles onto, and maybe use the "current old" DC as a secondary.
This DC's event viewer is full of Event IDs 1084, 1926 and 1800.

DNS is setup as the following
Primary Zone AD
Child Domain = stub
Primary Zone AD
Parent Domain = stub

I can ping each DC from each other.
From child DC I can get to parent DC via \\servername and I can see and access shares.
From parent DC I can NOT get to child DC via \\servername, I get the error "No network provider accepted the given network path"

Sorry for the long post, and no doubt there will be more information dependent on the questions asked, I'm wondering if there is a way to force the replication so that everything from the parent DC overwrites the data on the child DC, except the site information, and then the correct site information from child replicates back to parent and overwrites any data on there.
Easier said than done I presume....

Kind Regards
Question by:taffevans
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2

Author Comment

ID: 24408752
To add:

Event Viewer in the UK (parent) shows Event ID's 1925 and 2042.

Sites and Services in the UK is correct, however it shows for the site "australia" that there is replication to the DC in the UK, but not from it to the Australia DC.

LVL 71

Expert Comment

by:Chris Dent
ID: 24419833

You may be interested in this:

It should allow you to replicate changes from the parent domain to the child.

I strongly advise you take a system state backup of both domains prior to following those steps.


Author Comment

ID: 24428708
Hi Chris, Thanks for the reply.

I think I've tracked the problem down.  There seems to be an invalid domain on the Australia "copy" of AD, when I run NTDSUTIL and do a metadata cleanup, I see an extra domain for Thailand.

I'm now only getting errors when replicating with ID 1800, and 1801, both representing that "invalid" domain

Event Type:      Warning
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1801
Date:            20/05/2009
Time:            14:54:14
Computer:      AUS-SYD-DC1
The partition DC=bangkok\0ACNF:ce60523b-c27d-4624-92f2-170b28d08be5,DC=company,DC=local should be hosted at site CN=SYDNEY,CN=Sites,CN=Configuration,DC=comapny,DC=local, but has not been instantiated yet. However, the KCC could not find any hosts from which to replicate this partition.

For more information, see Help and Support Center at

I have tried to remove this domain, but it seems that AD has linked it into the correct Bangkok domain.

When I run NTDSUTIL on any other domain (we have 1 parent, 3 child), I do not see this extra Bangkok domain.

Just trying to find how to "cleanse" it.
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

LVL 71

Accepted Solution

Chris Dent earned 1500 total points
ID: 24429601

You might check for partitions if the domain is not listed at all.

I take it you followed this KB article (in spirit if not exactly :)) to remove the orphaned domain:

It is possible to check for the partition itself (hopefully) with....

Domain Management
Connect To Server <TheAUDC>
Select Operation Target
List Naming Contexts

Otherwise, fire up ADSIEdit.msc, expand Configuration and Partitions, see if the partition is listed there.

As for removing it, I'm reluctant to advise you try and delete it, if only because it's not my network and I'm not the one who will have to fix it should it make it unhappy. I haven't come across any explicit MS KB articles on it, so you may consider contacting Product Support Services (unless you're happy with any risk associated with removing the partition).


Author Comment

ID: 24437166
Unfortunately tried that.  Comes up with an error saying I need to connect to the Parent FSMO role holder (which is in the UK), and running NTDSUTIL on there doesn't show that odd domain.

I put in the new DC here in Aus, and removed AD from the old one.  It seemed to run OK and no errors, but the Sites and Services in UK (parent) don't show the new server.  I've removed the old one, now trying to work out how to get it seen.

I've added "Replicate with Corrupt and Divergent Partners" registry key to all servers, just to try and force it through, I can then deal with lingering objects afterwards.

In an ideal world I would of just removed the Sydney domain and started again!

Author Comment

ID: 24437739
I've managed to get rid of that partition by using

Was a bit tedious, but with changing "Strict Replication" to 0 and then rebooting the UK DC and the Oz DC, it finally removed that partition.

The issue (another one) now is that the UK KCC Sites and Services doesn't see the new server, I think it was because of the above issue (the new Oz DC couldn't declare itself as a GC because of that partition not being able to be replicated from anywhere).

Thanks for the pointers, slowly getting there! :)

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question