On your Microsoft Windows Server 2003-based domain
controller, the following Error event is logged in the Directory Service event
Source: NTDS Replication
Event ID: 1988
User: NT AUTHORITY\ANONYMOUS LOGON
The local domain
controller has attempted to replicate the following object from the following
source domain controller. This object is not present on the local domain
controller because it may have been deleted and already garbage collected.
Replication will not
continue with the source domain controller until the situation has been
This issue occurs if the source domain controller has
outdated objects that have been out of replication for more than one tombstone
lifetime. The source domain controller is identified in the event message.
These outdated objects are referred to as lingering objects. A domain
controller that was offline for longer than the value of the tombstone lifetime
setting may contain objects that have been deleted on other domain controllers
or global catalog servers. The default tombstone lifetime value is 60 days.
Additionally, tombstones for these objects may no longer exist. When you bring
the outdated domain controller back online, it cannot be notified of the object
To resolve this issue, you can use the Repadmin tool to
remove lingering objects from a directory partition. The repadmin /removelingeringobjects
command does the following:
- Designates an up-to-date domain controller as the
authority. This domain controller acts as the authoritative directory replica.
- Compares the Active Directory Directory service database
objects on the authoritative server with the objects that are on the source
replication partner that contains the lingering objects.
- Either removes the lingering objects or logs the potential
deletions to the Directory Services event log. The behavior depends on whether
you use the /advisory_mode parameter.
To use the repadmin /removelingeringobjects
command, follow these steps.Note
To use the repadmin /removelingeringobjects
command, both the source domain controller and the destination
domain controllers must be running Windows Server 2003.
- Install the Repadmin tool. The Repadmin tool is included
with the Windows Server 2003 Support Tools that are included with the Windows
Server 2003 CD-ROM. To install the support tools, double-click
Suptools.msi in the
- At the command prompt, type repadmin
/advisory_mode, and then press ENTER.
Note The /advisory_mode parameter is optional. You can use this parameter to make sure
that the lingering object that is reported in event ID 1988 exists in the
Active Directory database on the server that you suspect has the lingering
objects. When you use this parameter, the lingering objects are not removed.
Instead, the /advisory_ mode parameter lets you view the results of the command before you
take action to remove any objects from the folder. We recommend that you always
use the /advisory_ mode parameter before you use Repadmin to delete the lingering
is the domain name system (DNS) name or IP address of the domain controller
that has lingering objects. In the event ID 1988, this value is the server that
is identified in the source domain controller field.
Note You can use the dc_list parameter if you want to specify multiple destination domain
controllers that have lingering objects. Because lingering object removal is
not replicated to other domain controllers, you must run the repadmin /removelingeringobjects command against all destination domain controllers and global
catalog servers that have lingering objects. For more information about the dc_list parameter, type repadmin /listhelp at the command prompt, and then press ENTER.
is the object GUID of the source domain controller that you are using as the
authoritative server. To obtain the object GUID of the source domain
controller, use one of the following methods.
Method oneAt a command prompt, type repadmin /showrepl /v
name of the authoritative server, and
then press ENTER. The object GUID of the domain controller is listed in the
DC object GUID field.
Method twoUse the Active Directory Sites and Services tool to locate the
object GUID of the source domain controller. To do this, follow these steps:
- Click Start, point to
Administrative Tools, and then click Active Directory
Sites and Services.
- Expand Sites, expand the site
where your authoritative domain controller is located, expand
Servers, and then expand the domain controller.
- Right-click NTDS Settings, and
then click Properties.
- View the value in the DNS Alias
box. The GUID that appears in front of
_msdcs.forest_root_name.com is the
object GUID of the domain controller. The Repadmin tool only requires the GUID.
Do not include the
component in the Repadmin syntax.
- Directory_partition is the
distinguished name (DN) of the directory partition that contains the lingering
objects. This is part of the
object_distinguished_name in the event
- Repeat the procedure for the following partitions, as
Example of the command syntax
The following is an example of the repadmin /removelingeringobjects
command syntax for the fictional Example.com domain:
C:\>repadmin /removelingeringobjects domain_controller.example.com A0AE6093-15F5-4DB8-836B-4495E3A15396 dc=example,dc=com /advisory_mode
If the command runs successfully, you receive the following
To access the Repadmin tool advanced help, you can
use the /experthelp
Events that are associated with lingering object removal
When you remove the lingering objects, the domain controller with
the lingering objects records all removal information. This information
includes the source domain controller, the objects that are removed, and a
total count of all the objects that are removed. During lingering object
removal the following events are logged to the Directory Service log:
Event ID: 1937
Event source: NTDS
Lingering Object Removal has
been initiated on this domain controller (DC). All objects on this DC will have
their existence verified on the following source DC. Objects that have been
deleted and garbage collected from the source DC will be DELETED from this DC
if they still exist. Subsequent event logs will list all deleted objects.
Event ID: 1945
Removal will DELETE the following object. Its deletion and garbage collection
was detected on the source domain controller (DC) without replicating the
deletion to this DC.
Event ID: 1939
Removal has executed successfully on this domain controller (DC). All objects
on this DC have had their existence verified on the source DC. Objects that had
been deleted and garbage collected from the source DC were DELETED from this
DC. Previous event logs list all such objects.
Lingering Objects Deleted 23
For more information about lingering
object removal in Windows Server 2003, see the "Lingering Object Removal" topic
on the following Microsoft Web site:
Falsely reported lingering objects
If you check the domain controller by using the Repadmin tool together with the removelingeringobjects
syntax in advisory mode, you may find that some objects that have been deleted are reported as lingering in the following directory service event log:
Event Type: Information
Event ID: 1946
Event source: NTDS
MyDC Description: Active Directory has identified the following lingering object on the local domain controller in advisory mode. The object had been deleted and garbage collected on the following source domain controller yet still exists on the local domain controller.
Objects,DC=Contoso,DC=com Object GUID: object_GUID
This event may be logged when a deleted object is already garbage collected on the source domain controller, but the deleted object is not yet garbage collected on the destination domain controller. In this case, the Repadmin tool detects the objectGuid of the object and reports it as a lingering object. Additionally, the objectGuid of the object is still present on the destination domain controller, but the objectGuid of the object is not present on the source domain controller. Because this object will be removed during the next Garbage Collection cycle, you can safely ignore all NTDS replication 1946 events that contain the object GUID.
When an object is deleted, the isDeleted
attribute is set to TRUE
. This change of the isDeleted
attribute is the last object change that is replicated. Garbage collection refers to the removal of an object from the NTDS database. Garbage collection is a local process on the domain controller. This final change is not replicated. In some cases, an object is reported as lingering when it was created on the destination domain controller, but the object has not yet been replicated to the source domain controller. You can check this by using the Repadmin tool together with the removelingeringobjects
syntax after the typical replication delay time span. If the object is not reported as lingering, you may also safely ignore it as a falsely reported lingering object.