Update I tried using the `Lingering Object Liquidator' tool, but am left with the same primary question (and changed the question). See comments for details
I'm seeing Event Id 2042 in my Directory Services event log. The pertinent failure is as shown in the screen shot below. It was produced using the csv
option of repadmin showrepl
To fix it, I'm using Event ID 2042: It has been too long since this machine replicated. However, the Identify lingering objects
portion of the instructions is confusing me on two counts.
Confusion #1
I'm not sure which of my DCs is authoritative, so I decided to start by running repadmin /removelingeringobjects /advisory_mode
on elabgatdc02. I ran repadmin /removelingeringobjects elabgatdc01.elabgat.gov {DSA object GUID for elabgatdc02} DC=DomainDnsZones,DC=elabgat,DC=gov /advisory_mode
The result of running this command was:
RemoveLingeringObjects successful on elabgatdc01.elabgat.gov.
This looks like the command actually ran instead of just giving /advisory_mode
advice.
Question #1: Is this the expected output for /advisory_mode
advice?
Confusion #2
The last paragraph of the instructions (The pertinent portion of the instructions are in blockquote below) tell me to repeat the previous steps on additional domain controllers until you determine the domain controller that you believe has the latest changes
. But, the instructions don't say how the output of the repadmin /removelingeringobjects /advisory_mode
command identifies this machine as being the authoritative machine (or not).
Question #2: Assuming that the output of the command described in Confusion #1 is as expected, how does it inform me that the DC is authoritative (or not)?
Pertinent portion of the Identify lingering objects
instructions
You must first identify an authoritative domain controller. If you know that a specific domain controller has the latest changes, you can use that domain controller as the authoritative domain controller. Otherwise, you may have to complete the following procedure on multiple domain controllers until you identify a domain controller that you believe has the latest changes. Then, you can use that domain controller as your authoritative domain controller.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about default group memberships at Active Directory Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkID=150761). Identify lingering objects
On a domain controller that you expect to have the latest changes, open an elevated Command Prompt window. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
Run the repadmin command in advisory mode. This makes it possible for you to assess the lingering objects without actually removing anything.
{omitted the tutorial for the parameters for the repadmin command}
The following is an example command for identifying lingering objects: repadmin /removelingeringobjects dc1.contoso.com 4a8717eb-8e58-456c-995a-c92e4add7e8e dc=contoso,dc=com /advisory_mode
If necessary, repeat the previous steps on additional domain controllers until you determine the domain controller that you believe has the latest changes. Use that domain controller as your authoritative domain controller. Run the repadmin /removelingeringobjects command without the /advisory_mode switch to actually remove lingering objects. Repeat the command as necessary to remove lingering objects from each domain controller that has them.