Tombstone lifetime
When you delete an object from the Active Directory (AD) database, it’s marked as a tombstone object instead of being fully removed. By default, each tombstone object remains in the database for 180 days. Once this tombstone’s lifetime value is exceeded, the tombstone object is automatically deleted by the garbage collection process. Administrators can change the default tombstone lifetime value by using the ADSI Edit tool.
Lingering Object Liquidator (LoL)
automates the discovery and removal of lingering objects from an Active Directory Domain Services forest.
Divergent replication
The normal state of replication is one in which changes to objects and their attributes converge in a way that domain controllers receive the latest information. When a partner domain controller is discovered to be passing older changes, the changes from the partner are deemed to be “divergent.” The partner is said to be engaged in “divergent replication.” Domain controllers will normally stop replicating with any partner that is deemed to be engaged in divergent replication.
If you have replication issue between 2 DC`s and you have Event ID: 2042 in event viewer this step will help you fix the replication:
- Run
repadmin /showreplto be sure the issue exists - Download Lingering Object in system Liquidator (LoL) – Link
- Remove lingering objects ( must be domain admin )
- Run
repadmin /regkey <hostname> +allowDivergent - Check how many days replication not work if it more then tombstone days then increase tombstone
- Increase tombstone – enter ADSI edit in DC –> connect to node –>
- Expand Configuration CN=Configuration\Services\WindowsNT\Directory Service\
- Properties on “Directory Service” and find tombstone lifetime
- Increase to many days as was last replication
- Run
repadmin /syncall - Run
repadmin /regkey <hostname> -allowDivergent
