Hi All, I have just had to rebuild 2 DC's due to h/w faults. We done a metadata cleanup and removed all reference of the DC's. Then rebuild / install using same name and done DCPROMO back into domain - all working. However, in repadmin /showreps - it displays mysite\server1\0ADEL:bbbs323-2323-2323r-324343a (deleted DSA) via RPC I presume the guid is the guid of the old DC also in replmon the old DC's shows up as retired partners **deleted server #1 and **deleted server #2 apart from that the AD replication looks OK. but how can i get rid of these deleted DSA and ** deleted server # objects ? Many thanks in advance ! ECL
what is the OS? W2K (guessing from the showreps option) never mind that..... that will go away... in replmon you are not actually seeing the DC itself, you are seeing ITS database instance! (invocation ID) for example type (w2k3 command, but the w2k command is similar) REPADMIN /SHOWUTDVEC * CN=configuration,DC=YOURDOMAIN,DC=YOURTLD there you will see DCs by name and by GUID. The one by GUID are database instances on DCs that do not exist anymore.... some more details: * a DC has 2 identities..(execute REPADMIN /SHOWREPS and you will see both at the beginning) * The DC itself, which is used to replicate with and thus never changes (objectGUID or DSA GUID) * The database instance which is used to identify where changes originated. this changes when the DC is restored (invocation ID) -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
Hi Jorge, Thanks for your reply. But how do I fix it or remove the old objects ? so repadmin and replmon is clean. Yes I am on windows 2003 Thanks ECL
Hi -A special container, which is not visible in the UI, to which objects are moved when they are deleted. The deleted objects are stored as tombstones, which are eventually removed by garbage collection. The contents of the Deleted Objects container are visible if you search by using the 1.2.840.113556.1.4.417 control, which enables you to see deleted objects. -When data is deleted from Active Directory, the data cannot simply disappear from the directory because the deletion must be replicated. Therefore, instead of deleting an object physically from the database, the directory service removes most of the attributes and then tags the object as a tombstone by setting the isDeleted attribute value to TRUE, which means that the object has been logically deleted from the directory but not yet completely removed. Tombstones are replicated to communicate object deletions. The isDeleted attribute value alerts replication partners that the object has been deleted. Objects that are identified as tombstones are moved to the hidden Deleted Objects container of their respective directory partition. Tombstones remain in the directory for a default period of 60 days, which is referred to as the tombstone lifetime. -Garbage collection is a housekeeping process that runs on every domain controller to permanently remove expired tombstones from the directory database. Although they represent deleted objects, tombstones take up space in every directory partition replica. Eventually, the tombstones themselves must be deleted to keep the directory database from growing without limit. At regular intervals, objects that are no longer needed by the directory service are deleted as "garbage." -Garbage collection runs independently on each domain controller. When the garbage collection process occurs, the process finds the set of tombstones whose originating deletion occurred more than a tombstone lifetime ago, and then it deletes each tombstone in that set. Note:You cannot purge tombstones before the expiration of the tombstone lifetime, the garbage collection interval determines how often a domain controller examines its database for expired tombstones that can be collected. This interval is set in the garbageCollPeriod attribute. The default setting is 12 hours, and the minimum setting is 1 hour. -- I hope that the information above helps you Good Luck Jorge Silva MCSA Systems Administrator
the REPADMIN part will go away 14 days after the cleanup the REPLMON part will remain and that will never leave AD (by design) as that is a part of AD replication so that is does where each change was originated and read my earlier post again -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
