jeudi 15 mars 2012

Strict replication consistency should be enabled on all domain controllers in this forest

You run a BPA on your "Active Directory Domain Services" role and you obtain this warning:

Strict replication consistency should be enabled on all domain controllers in this forest
Issue: Strict replication consistency is not enabled on the domain controller SERVERNAME
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=142189
(When a domain controller in your Active Directory environment is disconnected from the replication topology for an extended period of time, all objects that are deleted from AD DS on all other domain controllers might remain on the disconnected domain controller. Such objects are called lingering objects. When this domain controller is reconnected to the replication topology, it acts as a source replication partner that has one or more objects that its destination replication partners no longer have. Problems occur when these lingering objects on the source domain controller are updated and these updates are sent by replication to the destination domain controllers. A destination domain controller can respond in one of two ways:

    If the destination domain controller has strict replication consistency enabled, it recognizes that it cannot update the object (because the object does not exist), and it locally halts inbound replication of the directory partition from that source domain controller.

    If the destination domain controller does not have strict replication consistency enabled, it requests the full replica of the updated object, which introduces a lingering object into the directory.)

What I do:

1) You have to remove lingering objects

/removelingeringobjects <Dest_DSA_LIST> <Source DSA GUID> <NC> [/ADVISORY_MODE]

Dest_DSA_LIST (you can enter the dns name of the server or the distinguished name)

DSA_GUID : To find this one, type :

                      repadmin /showrepl

                     And copy the DSA object GUID value
NC: It's your naming context (example: DC=CONTOSO,DC=COM)

The Advisory_mode logs lingering objects in Event ID 1388 or 1988 (http://technet.microsoft.com/en-us/library/cc780362%28v=ws.10%29.aspx)

2) Enable strict replication consistency

The syntax is : repadmin /regkey DC_LIST {+|-} key

--> I used "repadmin /regkey SERVENAME +strict" 


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)