During an Active Directory Lightweight Directory Services replication request, the local domain controller (DC) identified ...

During an Active Directory Lightweight Directory Services replication request, the local domain controller (DC) identified
an untrusted client which has received replication data from the local DC using already-acknowledged USN
tracking numbers. Read-only DCs and DirSync clients are examples of untrusted clients.



Because the client believes it is has a more up-to-date Active Directory Lightweight Directory Services database than the
local DC, the client will not apply future changes to its copy of the Active Directory Lightweight Directory Services
database or replicate them to its direct and transitive replication partners that originate from this
local DC.



If not resolved immediately, this scenario will result in inconsistencies in the Active Directory Lightweight Directory Services databases
of this source DC and one or more direct and transitive replication partners. Specifically the
consistency of users, computers and trust relationships, their passwords, security groups,
security group memberships and other Active Directory Lightweight Directory Services configuration data may vary, affecting the ability to log on,
find objects of interest and perform other critical operations.



To determine if this misconfiguration exists, query this event ID using http://support.microsoft.com
or contact your Microsoft product support.



The most probable cause of this situation is the improper restore of Active Directory Lightweight Directory Services on the
local domain controller or the remote Read-Only domain controller.



User Actions:

If this situation occurred because of an improper or unintended restore, forcibly demote the affected DC.



Untrusted client:
%1

Partition:
%2

USN reported by non-DC client:
%3

USN reported by Local DC:
%4