Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tombstone lifetime. HELP!!!!!

Status
Not open for further replies.
kabutomz

kabutomz

IS-IT--Management
Jul 14, 2003
7
US
We have a child domain in a remote site. Router was filtering tcp port 135 so no more replication over there for a while (more than 60 days). now child domain is outdated. i've tried replicate changes using Sistes & Services and replmon but it doesn't work.

Several event erros at Directory Services : 1925, 1926, 2042

How can i force replication from updated domains?
 
Sort by date Sort by votes
2003 won't let you. There may be a registry key that will force it, but you don't want to do that.

Basically that child domain is hosed. You basically have two options. Ignore it, and keep going with no replication, which essentially isloates the child domain; or rebuild the child domain.
 
Upvote 0 Downvote
I was wondering about set Strict Replication Consistency key under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters to 0
 
Upvote 0 Downvote
Kabutomz,

too late for that with a 60 day gap in replication. Once you get past 30, replication is totally out of date. You do have an option though, provided your intact schema and forest master systems still know about the child domain?

If so, you can bring up a new domain controller for the child domain (any temp box will do - if ther are already other DC's for the child domain, skip this step!), and then dcpromo down and then back up the box in question. Once it has replicated the domain info from the temp domain controller or other ad servers, you can remove the temp domain controller, and run on the rebuilt one.

Have you run an NTDSUTIL on your TLD to see if it knows who controls the FISMO roles for the Child domain? It it does, you may be able to seize them and perform the steps above...

Not elegant, but it does work, having done it before on many occasions...

Hope it helps,
LM
 
Upvote 0 Downvote
That won't work.

If you really want to do this, you can set the following registry key to 1:

HKLM\System\CurrentControlSet\Services\NTDS\Parameters
Allow Replication With Divergent and Corrupt Partner

Make sure you have the spaces, and don't use quotes.

Then force replication, and pray you don't get any lingering objects. You should also return the registry key to 0 as soon as possible after forcing replication
 
Upvote 0 Downvote
By the way, I am not reponsible for this making a complete mess out of your entire forest.

Enjoy... ;)
 
Upvote 0 Downvote
I forgot to mention, you enable that key on another DC (most likely in the parent domain) that replicates with a DC in the orphaned child domain.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
645
gbaughma
gbaughma
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
262
on3mansh0w
on3mansh0w
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
278
MarkSweetland
MarkSweetland
amanua
  • Locked
  • Question
tombstone lifetime exceeded
Replies
2
Views
95
dberg35
dberg35
suncit
  • Locked
  • Question
AD Corruption? Thanks for your help.
Replies
1
Views
150
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top