Backtrack:  
 
by lunarg on November 20th 2014, at 15:16

Lingering objects in Active Directory are a pest, and require a lot of work to properly dispose of them. Luckily, there's repldiag.exe, part of Active Directory Utils. This particular tool resolves lingering objects by automating the required procedure and set of commands to run to clean up lingering objects.

In normal circumstances, you would have to look up and run various commands to completely clean out the AD database on each DC. Using repldiag.exe does the hard work for you by looking up the DC's and running the clean up on each DC, cross-referencing with the other DC's, and it does so by using the built-in commands and API's (such as those used by repladmin and other commands).

How to do it?

Download repldiag.exe (available separately) for free from their home page: http://activedirectoryutils.codeplex.com/, and place it on a DC to which you have access to. Note that you need to be domain admin in order to run this tool.

Open a command prompt and run the tool as so:

repldiag.exe /RemoveLingeringObjects

The tool will start with information gathering, and subsequently check each of the DC for lingering objects. If it finds any, it'll clean the out.

Because the tool merely automates the procedure, and it's using built-in Windows commands in order to do so, logging will be available in the Directory Service Event log on each cleaned DC. There's no centralized logging, so in order to find out where lingering objects were found and deleted, you need to check the event log on each DC.

 
 
« August 2021»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »