Another directory server has attempted to replicate into this directory server an object which is not present in the local Active Directory Domain Services database. The object may have been deleted and already garbage collected (a tombstone lifetime or more has passed since the object was deleted) on this directory server. The attribute set included in the update request is not sufficient to create the object. The object will be re-requested with a full attribute set and re-created on this directory server.
This event is being logged because the source DC contains a lingering object which does not
exist on the local DCs copy of Active Directory Domain Services database and the local DC does *not* have the following
registry key enabled to ensure strict replication consistency. Strict replication consistency
prevents lingering objects residing on a source DC from re-replicating to a destination DC
that has already processed the deletion. Since this registry key is not set, the object will
be re-replicated and recreated in the local Active Directory Domain Services database.
The best solution to this problem is to identify and remove all lingering objects in the forest,
starting with the writable and read-only partitions containing the object referenced in this event, and
then enable the following registry key to ensure strict replication consistency.
Source DC (Transport-specific network address):
%4
Object:
%1
Object GUID:
%2
Directory partition:
%3
Destination highest property USN:
%5
User Action:
Verify the continued desire for the existence of this object. To discontinue re-creation of future similar objects, the following registry key should be created.
Registry Key:
HKLM\%7\%6
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the
installation CD. To see which objects would be deleted without actually performing the
deletion run "repadmin /removelingeringobjects /ADVISORY_MODE".
The event logs on the source DC will enumerate all lingering objects. To remove lingering objects
from a source domain controller run
"repadmin /removelingeringobjects ".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to
remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from
your Microsoft support personnel.
Replication errors between DCs sharing a common partition can prevent user and computer accounts,
trust relationships, their passwords, security groups,
security group memberships and other Active Directory Domain Services configuration data to vary between DCs,
affecting the ability to log on, find objects of interest and perform other critical operations.
These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound
replicate deleted objects within tombstone lifetime number of days will remain inconsistent until
lingering objects are manually removed by an administrator from each local DC.
Lingering objects may be prevented by ensuring that all domain controllers in the forest are
running Active Directory Domain Services, are connected by a spanning tree connection topology and perform
inbound replication before Tombstone Live number of days pass.