Active Directory Domain Services Replication encountered the existence of objects in the following partition
that have been deleted from the local domain controllers (DCs) Active Directory Domain Services database. Not
all direct or transitive replication partners replicated in the deletion before the tombstone
lifetime number of days passed. Objects that have been deleted and garbage
collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same
domain, or read-only partitions of global catalog servers in other domains in the forest are known as
"lingering objects".
Source domain controller:
%1
Object:
%2
Object GUID:
%3
This event is being logged because the source DC contains a lingering object which does not
exist on the local DCs Active Directory Domain Services database. This replication attempt has been blocked.
The best solution to this problem is to identify and remove all lingering objects in the forest.
User Action:
Remove Lingering Objects:
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the
installation CD. To see which objects would be deleted without actually performing the
deletion run "repadmin /removelingeringobjects /ADVISORY_MODE".
The event logs on the source DC will enumerate all lingering objects. To remove lingering objects
from a source domain controller run
"repadmin /removelingeringobjects ".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to
remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from
your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have
time to remove lingering objects, enable loose replication consistency by unsetting the following
registry key:
Registry Key:
HKLM\%5\%4
Replication errors between DCs sharing a common partition can prevent user and computer accounts,
trust relationships, their passwords, security groups,
security group memberships and other Active Directory Domain Services configuration data to vary between DCs,
affecting the ability to log on, find objects of interest and perform other critical operations.
These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound
replicate deleted objects within tombstone lifetime number of days will remain inconsistent until
lingering objects are manually removed by an administrator from each local DC.
Lingering objects may be prevented by ensuring that all domain controllers in the forest are
running Active Directory Domain Services, are connected by a spanning tree connection topology and perform
inbound replication before Tombstone Live number of days pass.