Verify replication

Posted on 2009-12-30
Last Modified: 2012-05-08
Hi Experts,

Two DCs & Two sites (one DC per site). The DC at HQ (ie FSMO role holder) has not replicated its AD to the other DC because of connectivity issue (more than 3 mths). The DC at HQ is most up-to-date and when connectivity is back online, how do i ensure that the 2nd DC replicate from HQ DC and NOT vice versa?

thanks in advance.  
Question by:kenny_klbn
    LVL 17

    Expert Comment

    by:Premkumar Yogeswaran
    This exceeds the Tombstone Lifetime period.

    You run Replmon, repadmin, DCDiag and Netdiag

    and post the error over here...!
    LVL 17

    Expert Comment

    by:Premkumar Yogeswaran
    Check this link to trouble shoot replication...!
    LVL 17

    Expert Comment

    by:Premkumar Yogeswaran
    LVL 4

    Accepted Solution

    As of my experience in this filed I recommend you to check the FSMO role must be on Good DC and demote and promote the Tombstone DC.

    If you follow any other methods to fix the issue you may get the some other issue related to Active Directory replication and lingering object in near feature. It will not rectify all the stuff.

    For more Reference check the below link

    Chandar Singh
    LVL 38

    Expert Comment

    Hi, good advice, so far:

    So, I am going to monitor this question.

    You will have a tombstoned server.

    You will have to correct the tombstoned server. But before doing so, you will need to figure out what caused the site-to-site disconnect between them. I would start with your site-to-site connection and how DNS is working from one site to the other.

    I would start with DNS troubleshooting. Until DNS is fixed, you will not be able to promote within the domain. Instead, it will become a second domain with the same domain name. These servers will need to see each other's SRV records in DNS to replicate and be on the same domain.

    LVL 7

    Expert Comment


    There is no need to demote and promote the DC, I would consider that the last option. We can deal with this situation with a flick of few registry changes.
    First of all, I am assuming that the DCs are Windows 2003.
    You need to create a registry DWORD on the HQ DC under :
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters called "Strict Replication Consistency" without quotes.
    Give it a value of 1.
    Now Create another DWORD value in same location called :
    "Allow Replication With Divergent and Corrupt Partner" without quotes.

    (As you have told that you only have two DCs, both of them will be tombstoned with each other, you have to make these registry changes on both the DCs one by one and the force the replication)
    Now you will see lingering objects warning. Event 1988 (most probably on the HQ DC).

    To remove lingering objects, run this command:

    repadmin /removelingeringobjects ServerName ServerGUID DirectoryPartition

    you can use the /advisory_mode swith to first see how many lingering objects are there.

    (Lingering objects are the objects that were deleted from the domain but are still present in the DC which was offline and now is trying to replicate them back to the domain).

    Enable strict replication consistency:

    Use Repadmin to remove lingering objects:


    Author Comment

    Hi all,

    thank you for the comments and suggestions. Before i proceed with any of the above recommendations, may i ask how to verify the following:
    When was the last time (day & time) the second DC successfully replicated with the HQ DC?

    thanks in advance.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
    Learn about cloud computing and its benefits for small business owners.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now