Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

«
»

(2005-11-24) What Happens When The Disconnection Of A DC Exceeds The Tombstone Lifetime?

Posted by Jorge on 2005-11-24


DCs protect themselves against Lingering Objects in 2 ways:
(1) By implementing strict replication
(2) By isolating DCs that have NOT replicated with other DCs for more than the tombstone lifetime

AD (1)
When an object is created on some DC that object is replicated to other DCs. When an update is made to an attribute of some object that update is also replicated to the other DCs. The new value of the attribute is applied to the object in the local replica of other DCs.
Lingering objects may exist on some DC(s) if they have not replicated with other DCs within the period of the tombstone lifetime. When an update is made on a certain DC to a lingering object that update is replicated to other DCs. However the update can not be applied to an object on those other DCs as the (lingering) object does not exist on those DCs. Two situations can occur:
When strict replication is enabled on the target DC (the receive one) it will not allow to replication for that update. This will be reported through event ID 1988
When strict replication is disabled on the target DC (the receive one) it will request the full object from the source DC (the sending one) and apply the update. This will be reported through event ID 1388.
The registry "strict replication consistency" is for when a certain DC detects the existence of lingering object on a (source) replication partner in a certain partition. If it is set to 0 the DC that does not contain the lingering object will still replicate it in. If it is set to 1 to will halt the replication with the DC for that partition.

AD (2)
DCs keep track of the last time these DCs successfully replicated with each other. If the time between a certain replication cycle exceeds the tombstone lifetime the DCs do not trust each other as lingering objects MAY exist. To protect themselves, replication is not allowed and therefore halted. This reported through event ID 2042.
By default the value of "Allow Replication With Divergent and Corrupt Partner" is set to 0 (zero). When not specified it defaults to that value. To allow replication between those DCs the value must be set to 1, but before doing that any existing lingering object MUST BE removed/cleaned (e.g. repadmin)
DCs will also report event ID 1864 if they have not replicated for a certain time with a certain DC!

Although it is possible to clean lingering objects it is safer to demote the faulty DC and promoted it again.

The first option (1) is available for W2K (SP4) and W2K3 DCs. Strict replication is default on W2K3 DCs, but not on W2K DCs. Think about it when upgrading a W2K DC to a W2K3 DC to enable strict replication.

The second option (2) is only available for W2K3 DCs.

For more information on exceeding the tombstone lifetime or lingering objects see:

* Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
–> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/4a1f420d-25d6-417c-9d8b-6e22f472ef3c.mspx

* Event ID 1388 or 1988: A lingering object is detected
–> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/77dbd146-f265-4d64-bdac-605ecbf1035f.mspx

* A deleted account remains in the Address Book, e-mail is not received, or a duplicate account exists
–> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/9b1c2595-4fe2-457a-8868-a9025a307c63.mspx

* Event ID 2042: It has been too long since this machine replicated
–> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/34c15446-b47f-4d51-8e4a-c14527060f90.mspx

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisement

This entry was posted on 2005-11-24 at 15:47 and is filed under Active Directory Domain Services (ADDS). You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “(2005-11-24) What Happens When The Disconnection Of A DC Exceeds The Tombstone Lifetime?”

  1. (2014-11-25) Troubleshooting Issues With Lingering Objects And Solving It « Jorge's Quest For Knowledge! said

    2014-11-25 at 23:01

    […] (2005-11-24) What Happens When The Disconnection Of A DC Exceeds The Tombstone Lifetime? […]

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»
 
%d bloggers like this: