2012r2 forest and domain level (Started as 2003 way back)
I recently added in 3 new serve 2019 DC and DCPROMOed out 3 server 2012r2 DC - one was removed over a month ago and the latest 2 removed week before last and a few days ago respectively.
Everything seems fine right now, domain behaving itself, DCDIAG on all server clear before DCPROMO and after.
In the Directory Service event log however I am seeing event id 1864 from the last 2 servers I DCPROMOed out.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 31/07/2021 6:45:33 PM
Event ID: 1864
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: NEWDC01.DOMAIN.LAN
Description:
This is the replication status for the following directory partition on this directory server.
Directory partition:
DC=ForestDnsZones,DC=DOMAIN,DC=LAN
This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals.
More than 24 hours:
1
More than a week:
1
More than one month:
0
More than two months:
0
More than a tombstone lifetime:
0
Tombstone lifetime (days):
60
Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled.
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">1864</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2021-07-31T06:45:33.196311700Z" />
<EventRecordID>414</EventRecordID>
<Correlation />
<Execution ProcessID="772" ThreadID="948" />
<Channel>Directory Service</Channel>
<Computer>NEWDC01.DOMAIN.LAN</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
<Data>DC=ForestDnsZones,DC=DOMAIN,DC=LAN</Data>
<Data>1</Data>
<Data>1</Data>
<Data>0</Data>
<Data>0</Data>
<Data>0</Data>
<Data>60</Data>
<Data>24</Data>
</EventData>
</Event>
I run command repadmin /showvector /latency DC=ForestDnsZones,DC=DOMAIN,DC=LAN > C:\temp\latecy.txt
Output:
Caching GUIDs.
..
b1c7652d-b154-4004-87f8-3def8833fa58 @ USN 2592215 @ Time 2010-01-21 15:41:52
2e5bde44-79a9-4e62-b601-863787e03915 @ USN 4371456 @ Time 2011-11-27 09:13:32
e20d3653-d882-4368-b1ea-cbb9947600a4 @ USN 4373648 @ Time 2011-11-27 10:06:39
7dacf212-aee7-4401-89b2-9190bdf2d2e3 @ USN 3324189 @ Time 2011-11-29 20:16:12
39bbcc69-b1a1-48f6-b3e5-2a63b7cc010d @ USN 3372896 @ Time 2011-12-02 21:29:34
e752e0e8-85d0-4a45-91fb-a8411ae127a5 @ USN 3212262 @ Time 2011-12-04 16:47:35
5ea26d33-e493-412e-bbd7-3aa55d7efe18 @ USN 3672027 @ Time 2011-12-07 20:03:15
7e8c35bc-aef0-417f-8a6c-720ec24b5035 @ USN 3312557 @ Time 2011-12-09 19:00:16
a70ce959-e2b5-4dd6-a869-283e9e661c5a @ USN 3334914 @ Time 2011-12-11 11:20:37
4b5bed0e-ede0-44b8-ba56-cadd49af4ea2 @ USN 19424271 @ Time 2012-06-16 09:11:23
e88fa395-e803-401e-aaac-f42d766e48cd @ USN 72278139 @ Time 2018-04-29 14:48:50
442509a6-1373-4c7f-a4a8-21960cc6154e @ USN 45236569 @ Time 2018-09-28 13:03:55
439d25d1-7d3e-4843-8676-9416d2096215 @ USN 9721758 @ Time 2018-10-04 10:46:19
4e72dbea-d2a3-44f4-bad7-9b9eb575a307 @ USN 9119704 @ Time 2018-10-04 12:33:16
72404a91-60a8-41cc-8767-3ccf812e519a @ USN 9662644 @ Time 2018-10-29 09:07:23
ad9a6add-908b-4431-aec3-d9bfc672f7ec @ USN 8631130 @ Time 2018-10-29 10:36:43
45c1b65e-a723-4a08-ba17-a46625c25cd8 @ USN 9696327 @ Time 2018-11-15 14:53:10
77ada289-5db1-4636-8ef6-b312f8a42532 @ USN 13467290 @ Time 2021-05-03 09:09:35
SITEONE\OLDDC01\0ADEL:53861f6c-bc0f-43bb-b770-ab76a97d6938 (deleted DSA) @ USN 267570094 @ Time 2021-07-21 08:30:26
SITETWO\OLDDC02\0ADEL:75abdb7b-8628-441f-8085-97742ee152e4 (deleted DSA) @ USN 120013387 @ Time 2021-07-29 16:18:46
SITETHREE\NEWDC03 @ USN 504995 @ Time 2021-08-01 10:30:10
SITEONE\NEWDC02 @ USN 1441742 @ Time 2021-08-01 10:30:34
SITETWO\NEWDC01 @ USN 221268 @ Time 2021-08-01 10:54:36
I have
- removed old DC records from DNS,
- Attempted NTDSUTIL cleanup (using Windows 2003 and Windows 2008 methods) but servers not found in either
- Checked inside LostAndFound container in ADSIEDIT - nothing there
- Old DCs only visible in AD recycle bin
I can't find the old servers via any of the recommended methods I've read on other posts
Also noting one of the old DCs decommisioned over a month ago is not causing an error
Is this an error I can ignore because it's tied to Tombstone age and will disappear by itself (as I have read on a couple of other posts ?)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 45%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)