I manage a small environment (single forest, single domain) with only two Ws2008 R2 DCs. Recently I started having replicationg issues from DC01 to DC02 due to lingering objects in naming context DC=DomainDnsZones, DC=mydomain, DC=com still existing on DC01.
By using repadmin /removelingeringobjects I am able to clean the old/deleted objects from DC01. The deleted lingering objects have these attributes:
DC=<.....>, CN=Deleted Objects,DC=DomainDnsZones,DC=Mydomain,DC=com
So they are in tombstone.
After I do this, replication goes back to normal. No errors.
After a few hours (usually the next morning) however, the issue is back: new lingering objects appear in DC01 on the same naming context, replication shows errors and I have to clean them up again.
So it seems DNS replication is having issues. Or tombstone isn't working as expected. Any idea where I should look/what can I do?
Active Directory's Tombstone Lifetime is set to 180 days; strict replication consistency is on.
