Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS Replication|
This is the replication status for the following directory partition on the local domain controller.
Directory partition: CN=Schema,CN=Configuration,DC=uu,DC=local
The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals.
More than 24 hours: <value>
More than a week: <value>
More than one month: <value>
More than two months: <value>
More than a tombstone lifetime: <value>
Tombstone lifetime (days): 60
Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the tombstone lifetime?
I found the non replicating items by using the tool "ADFIND". See EV100064 for more information.
In our case, AD replication was not working between 2 DCs in one site. After lot of troubleshooting the issue got resolved by installing the update in ME948496. This update turns off default SNP features that were changed with SP2.
See this link to "It has been too long since this machine replicated" for instructions on how to re-initiate NTDS replication after the tombstone time period has passed.
See ME899148 if you have installed Service Pack 1 for Windows Server 2003.
From a newsgroup post: "This error can occur if the DC has been offline for more than 60 days, has not replicated with another DC for more than 60 days or if the time on your servers is not set correctly. This server has therefore passed the tombstone lifetime of 60 days and will need to be reinstalled. You should try running dcpromo with the /forceremoval switch and then do a metadata cleanup on AD to remove all traces of that DC. Once this is done, it can be re-promoted if desired. See ME216993 for details on the Active Directory backup useful life.
See ME332199 for details on running the “dcpromo /forceremoval” command.
See ME216498 for details on how to remove data in Active Directory after an unsuccessful domain controller demotion".
|Private comment: Subscribers only. See example of private comment|
|Links: ME216498, ME216993, ME332199, ME899148, ME948496, It has been too long since this machine replicated, EV100064|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated