Active Directory

Reconnect Orphaned Child domain to parent Domain

In one case I face a child domain that didn’t replicate with any other domain in the environment for a period that is bigger than the tombstone lifetime period which is (60 days in Windows server 2003 Domain Controllers, 180 in Windows server 2003 SP1 and above)

Note: the follosing solution is for this specific case, allowing lingering objects to your Active Directory is really a bad action, and don’t do it unless you really have to.

  1. Restore the Link between the domains and ensure that site link is created.
  2. If you tried to run replication between the two domains, it will not work as each domain refuse replication older than 180 days, so you’ll need to enable replication for periods more than that
    1. From CMD run the following repadmin /regkey * +allowDivergent
  3. By running the above command you may face lingering objects, to detect and remove them
    1. You will need determine a clean DC to replicate from it to all other DCs the command is repadmin /removelingeringobjects ServerName ServerGUID DirectoryPartition /advisory_mode
      1. Where Servername is the DNS name or the distinguished name of the domain controller that has or might have lingering objects.
      2. ServerGUID is the GUID of the has an up-to-date writable replica of the directory partition to get the GUID use the following repadmin /showrepl DomainControllerName
  • The distinguished name of the domain directory partition (Schema, Configuration, Domain…Etc.) That might have lingering objects. For example, “DC=RegionalDomainName,DC=ForestRootDomainName,DC=com.”
  1. Stop the Replication of Old Replicas repadmin /regkey * -allowDivergent

** Tools that can help you in the above task:

Lingering Object Liquidator (to detect and delete Lingering objects from GUI) can be downloaded from http://connect.microsoft.com,

Ref: http://blogs.technet.com/b/askds/archive/2014/09/15/remove-lingering-objects-that-cause-ad-replication-error-8606-and-friends.aspx

Active Directory Replication Status Tool, you can download it from http://www.microsoft.com/en-us/download/details.aspx?id=30005

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s