Nov 25, 2005

About Lingering Object

  1. What is a lingering object?
    Lingering object is object that exists on only readable GC but not on the writable DC in the domain that contains the object. You can produce a lingering object as follows:
    1) Suppose you have two domains, root.local and child.root.local
    2) Take a GC in root domain offline, let's say it is called gc.root.local
    3) Remove a user account from child.root.local, let's say it's called poorGuy
    4) Wait for more than tombstone time (60 days in Windows 2000, 180 days in Windows 2003)
    5) Put the GC in root domain back to network
    At this point, we still have the poorGuy on gc.root.local. Because the deletion has been actually garbage collected and replicated to all other DCs, gc.root.local is not going to delete poorGuy on itself through replication. And because child.root.local is a read only partition to gc.root.local, you can't delete poorGuy using normal UI. poorGuy is a lingering object now on gc.root.local.
  2. How to remove lingering object?
    Lingering object could cause varity of issues, including email non-delivery, duplicates in GAL, blocking the replication of particular partition.
    Q314282 has a very detailed steps for removing lingering objects. But very few people can get it right at the first few times. Below are key points:
    1) Use the DSA guid that is a DC from writable domain. In above example, select a DC from child.root.local
    2) run the procedure on a GC that contains lingering object
    3) Make sure you delete leaf object before parent object


  1. If both source and destination DCs are Windows 2003, you can use "repadmin /removelingeringobjects" option
  2. For environment that has a lot GC, it's strongly recommended to use script. Otherwise, before you finish removal on the last GC, lingering object may be replicated back to first GC already.
  3. If you really want to use manual procedure, you can disable inbound replication on the GC that you just finish removal. Once you finish removal on all GCs, you can then enable inbound replication again. "repadmin /options +diable_inbound_repl"

Nov 24, 2005

How to analyze "ntfrsutl ds" output

1. Please review "How FRS works" before reading this post. Read report with fixed-width font!
2. For DFS folder that doesn't participate in replication (in other words, the folder has only one subscriber), you won't see it in either nTFRSReplicaSet object(which is under System container) or nTFRSSubscriptions object (which is under computer object)
3. The first part of the output gives us the information such as: from which DC it reads configuration info
4. The second part reads the computer objects. From here you can know to what replica set this computer is a member of. [SUBSCRIBER section]
You can also see all the links in the same section in the form of "rootlink"

NOTE: Again, a root/link is not replication-enabled will not appear under this section

5. The third part reads the information from System container. It starts with a line look like "SETTINGS: DFSSETNAME", followed by the link names "SET: ROOTLINK"
subsection "MEMBER" let you know who are the member servers,
subsection "CXTION" stands for "connection object", which gives you to whom this member server will replicate with

so, it would look like
L___ SET: RootLink
L____ MEMBER (link back to computer object)
L___ CXTION: points to another MEMBER

Nov 5, 2005

Setting Up An Exchange Infrastruture For Small Business Step By Step (Part I)

This post is deleted due to it's length. Please email me for a copy if you are interested.