Active Directory: Removing Lingering Objects
Applies to
Windows Server 2003, Windows Server 2003 R2 , Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.
Introduction
Lingering Object is a very common problem in every Active Directory infrastructure. You can follow the steps for Windows 2008, 2008 R2, 2012, 2012 R2. Events are also same for all mentioned Windows versions.
Reason for create the Lingering Object:
- Replication issue for long time.
- DC shutdown for long time (Near to tombstone period).
Use Repadmin for finding the LOs
Run "Repadmin /replsummary *" & got 8606 error and that is indicating Lingering objects are present in DC/DCs.
Use dssite.msc for finding the LOs. Highlighted Server having LOs.
1988 is the SIGNATURE event ID for LO.
Use eventvwr for finding the LOs. Highlighted Server having LOs. You can ping that DSA GUID for getting the server NAME & IP ; where LOs are present.
Find which partition having the LOs
Here we have the LOs in domain partition. See the following text. Domain partition is missing with successful replication In the below output.
==== INBOUND NEIGHBORS ======================================
DC=contoso,DC=com
Default-First-Site-Name\ANA-DC02 via RPC
DC object GUID: 72e45261-64ab-4c07-9738-89af4caccf15
Last attempt @ 2015-04-25 16:47:14 failed, result 8606 (0x219e):
Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.
11 consecutive failure(s).
Last success @ 2015-04-25 16:14:51.
CN=Configuration,DC=contoso,DC=com
Default-First-Site-Name\ANA-DC02 via RPC
DC object GUID: 72e45261-64ab-4c07-9738-89af4caccf15
Last attempt @ 2015-04-25 16:17:02 was successful.
CN=Schema,CN=Configuration,DC=contoso,DC=com
Default-First-Site-Name\ANA-DC02 via RPC
DC object GUID: 72e45261-64ab-4c07-9738-89af4caccf15
Last attempt @ 2015-04-25 16:17:02 was successful.
DC=DomainDnsZones,DC=contoso,DC=com
Default-First-Site-Name\ANA-DC02 via RPC
DC object GUID: 72e45261-64ab-4c07-9738-89af4caccf15
Last attempt @ 2015-04-25 16:34:15 was successful.
DC=ForestDnsZones,DC=contoso,DC=com
Default-First-Site-Name\ANA-DC02 via RPC
DC object GUID: 72e45261-64ab-4c07-9738-89af4caccf15
Last attempt @ 2015-04-25 16:19:24 was successful.
Source: Default-First-Site-Name\ANA-DC02
******* 11 CONSECUTIVE FAILURES since 2015-04-25 16:14:51
Last error: 8606 (0x219e):
Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.
Check the LOs -RUN repadmin /removelingeringobjects with ADVISORY_MODE
Deleting the LOs- RUN repadmin /removelingeringobjects without ADVISORY_MODE
Events after the Deletion of LOs
Another way for Remove the Lingering Objects
You can simply Demote & Promote the effected Domain Controller.