This script generate all the repadmin commands to find lingering object on all domain controllers in an Active Directory forest.
You will find below two versions of the script : one using the Microsoft Powershell cmdlet get-adobject (import-module activedirectory), another using the get-qadobject Powershell cmdlet from Quest.
Scripts :
$OutputFileLocation = "c:\temp\repadmin_cmds.txt"
$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -path $OutputFileLocation -append
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$dclist = $myforest.Sites | % { $_.Servers } |% { $_.Name }
$dcs_guid = get-adobject -searchbase 'CN=Sites,CN=Configuration,DC=rootdomain,DC=net' -properties ObjectGUID,distinguishedname -ldapfilter "ObjectClass=nTDSDSA" | % { @{GUID=$_.ObjectGUID;DN=$_.distinguishedname} }
foreach ($dcforestname in $dclist){
foreach ($dc_src_guid in $dcs_guid){
$hostname = ((($dc_src_guid.DN).split(',')[1]).split('=')[1]).tostring()
$dcfqdn = $dclist -like "$hostname*" | Out-String -Stream
$dclist_arr = ($dcfqdn).split(".")
$dcname = $dclist_arr[0]
$dcdomain = $dclist_arr[1 .. ($dclist_arr.count-1)]
$domain_dn = ""
for ($x = 0; $x -lt $dcdomain.Length ; $x++){
if ($x -eq ($dcdomain.Length - 1)){$Separator = ""}else{$Separator =","}
[string]$domain_dn += "DC=" + $dcdomain[$x] + $Separator
}
$srcdcguid = $dc_src_guid.GUID
"repadmin /removelingeringobjects $dcforestname $srcdcguid $domain_dn /advisory_mode >> lingering_debug.log" | out-host
}
}
Stop-Transcript
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$dclist = $myforest.Sites | % { $_.Servers } |% { $_.Name }
$dcs_guid = get-qadobject -searchroot 'CN=Sites,CN=Configuration,DC=domain,DC=root' -Type nTDSDSA -IncludedProperties guid,dn -DontUseDefaultIncludedProperties | % {@{GUID=$_.guid;DN=$_.dn}}
foreach ($dcforestname in $dclist){
foreach ($dc_src_guid in $dcs_guid){
$hostname = ((($dc_src_guid.DN).split(',')[1]).split('=')[1]).tostring()
$dcfqdn = $dclist -like "$hostname*" | Out-String -Stream
$dclist_arr = ($dcfqdn).split(".")
$dcname = $dclist_arr[0]
$dcdomain = $dclist_arr[1 .. ($dclist_arr.count-1)]
$domain_dn = ""
for ($x = 0; $x -lt $dcdomain.Length ; $x++){
if ($x -eq ($dcdomain.Length - 1)){$Separator = ""}else{$Separator =","}
[string]$domain_dn += "DC=" + $dcdomain[$x] + $Separator
}
write-Host "repadmin /removelingeringobjects $dcforestname" $dc_src_guid.GUID $domain_dn "/advisory_mode >> lingering_debug.log"
}
}
Another tool can be used to find and remove lingering objects : repldiag
Syntax:
prompt > repldiag /?
Replication topology analyzer. From http://www.codeplex.com/ActiveDirectoryUtils.
Version: 2.0.4947.18978
Command Line Options: ReplDiag [/Save] [/CheckForStableReplTopology] [/RemoveLingeringObjects] [/ImportData:<FileName.X
ML>] [/ShowTestCases] [/OverrideDefaultReferenceDC:"dc=namingcontext,dc=com":domainController.namingcontext.com]
/UseRobustDCLocation -Query each and every DC for a list of DCs in
forest. Ensures replication instability does not cause any to be
missed.
/Save -Save out the data from the current environment to XML. File is named
"ReplicationData.xml" and is located in the current directory.
/ImportData -Import the XML that was saved during a prior execution of this
utility. Run one of the other options to do something with the data.
/ShowTestCases -Show detail about test cases.
Lingering Object Cleanup:
/RemoveLingeringObjects -Use the current forest topology to clean all the
NCs in the forest.
WILL NOT CLEAN WINDOWS 2000 SYSTEMS!!!
/AdvisoryMode -Check for lingering objects only, do not clean.
Must be used with /RemoveLingeringObjects.
/OverrideDefaultReferenceDC -Specify reference DC for a naming context when
when removing lingering objects, can be used multiple times for
different NCs.
Only functional if using /RemoveLingeringObjects.
/OutputRepadminCommandLineSyntax -Output the command line syntax for repadmin.
Only active in conjunction with /RemoveLingeringObjects.
Example syntax:
ReplDiag /Save
- Collect the AD replication topology from the environment and save it.
ReplDiag /ImportData:"ReplicationData.xml"
- Load in previously collected data and check replication status.
ReplDiag /RemoveLingeringObjects /OverrideDefaultReferenceDC:"cn=Configuration,dc=forestroot,dc=com":dc1.forestroot.com
/OverrideDefaultReferenceDC:"dc=forestroot,dc=com":dc2.forestroot.com
- Clean lingering objects in the forest. Since cleans happen on a per
NC basis, reference DCs must be overridden on a per NC basis. Each
override must be specified separately on the command line.
Must use the DNS FQDN for the DC.
References
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare
Find and remove lingering object in a forest