Active Directory 复制发现下列分区中存在的对象已经从本地域控制器(DC) Active Directory 数据库中删除。在逻辑删除生存时间过期之前，部分直接或可传递的复制伙伴没有复制该删除。已经从 Active Directory 分区删除并垃圾收集的对象，如果仍然存在于同一域中其他 DC 的可写入分区中或林中其他域中的全局编录服务器的只读分区中，被称作“延迟对象”。

此事件被记录到日志，因为源 DC 包含的延迟对象不存在于本地 Active Directory 数据库上。此复制被阻止。

解决此问题的最佳方案是标记并删除林中的所有延迟对象，

源 DC (传输特定的网络地址):

be240ab2-9df4-4075-8342-066a8bf2158f._msdcs.chinahikari.com

对象:

CN=杨善根\0ADEL:2ba287eb-d6de-4563-998a-cedf6d16c305,CN=Deleted Objects,DC=chinahikari,DC=com

对象 GUID:

2ba287eb-d6de-4563-998a-cedf6d16c305

用户操作:

删除延迟对象:

该操作将从此错误(可以在 http://support.microsoft.com/?id=314282 找到)恢复。

如果源和目标 DC 都是 Windows Server 2003 DC，那么请安装包含在安装 CD 上的支持工具。要查看实际上不执行删除的要删除的对象，请运行 "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE"。源 DC 上的事件日志将枚举所有延迟对象。要从源域控制器删除延迟对象，请运行 "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>"。

如果源或域控制器之一是 Windows 2000 Server DC，那么可以在 http://support.microsoft.com/?id=314282 找到更多有关如何删除源 DC 上的延迟对象的信息，或从您的 Microsoft 支持专家获得这些信息。

如果需要 Active Directory 复制立即工作(不计成本)并且没有时间删除延迟对象，请通过取消下列注册表项设置，启用松散复制一致性:

Registry Key:

HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict Replication Consistency

共享公共分区的 DC 之间的复制错误可能导致 DC 之间的用户和计算机帐户、信任关系、他们的密码、安全组、安全组成员关系和其他 Active Directory 配置数据不同，这将影响登录、查找相关对象和执行其他重要操作。一旦解决了复制错误，这些不一致将解决。未能在逻辑删除生存时间内入站复制删除的对象的 DC 将保持不一致，除非管理员手动从每一个本地 DC 删除延迟对象。

延迟对象可能被阻止，从而确保林中所有域控制器运行 Active Directory，经由生成树连接拓扑连接，而且在逻辑删除生存时间过期之前执行入站复制。

有关更多信息，请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。

同时在DC服务器上dcdiag测试结果如下：

C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ADSERVER

Starting test: Connectivity

......................... ADSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ADSERVER

Starting test: Replications

[HYSH03] DsBindWithSpnEx() failed with error 1753,

终结点映射器中没有更多的终结点可用。.

[Replications Check,ADSERVER] A recent replication attempt failed:

From HYSH03 to ADSERVER

Naming Context: DC=chinahikari,DC=com

The replication generated an error (8606):

没有给定足够的属性以创建对象。这个对象可能不存在因为它可能已经删除域

垃圾收集。

The failure occurred at 2012-06-03 18:59:47.

The last success occurred at 2012-06-02 17:17:57.

306 failures have occurred since the last success.

REPLICATION-RECEIVED LATENCY WARNING

ADSERVER: Current time is 2012-06-03 19:17:31.

DC=chinahikari,DC=com

Last replication recieved from HYSH03 at 2012-06-02 17:17:57.

......................... ADSERVER passed test Replications

Starting test: NCSecDesc

......................... ADSERVER passed test NCSecDesc

Starting test: NetLogons

......................... ADSERVER passed test NetLogons

Starting test: Advertising

......................... ADSERVER passed test Advertising

Starting test: KnowsOfRoleHolders

......................... ADSERVER passed test KnowsOfRoleHolders

Starting test: RidManager

......................... ADSERVER passed test RidManager

Starting test: MachineAccount

......................... ADSERVER passed test MachineAccount

Starting test: Services

Dnscache Service is stopped on [ADSERVER]

......................... ADSERVER failed test Services

Starting test: ObjectsReplicated

......................... ADSERVER passed test ObjectsReplicated

Starting test: frssysvol

......................... ADSERVER passed test frssysvol

Starting test: frsevent

......................... ADSERVER passed test frsevent

Starting test: kccevent

......................... ADSERVER passed test kccevent

Starting test: systemlog

An Error Event occured. EventID: 0x40000005

Time Generated: 06/03/2012 19:07:37

(Event String could not be retrieved)

......................... ADSERVER failed test systemlog

Starting test: VerifyReferences

......................... ADSERVER passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CrossRefValidation

......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones

Starting test: CrossRefValidation

......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Running partition tests on : chinahikari

Starting test: CrossRefValidation

......................... chinahikari passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... chinahikari passed test CheckSDRefDom

Running enterprise tests on : chinahikari.com

Starting test: Intersite

......................... chinahikari.com passed test Intersite

Starting test: FsmoCheck

......................... chinahikari.com passed test FsmoCheck

以上在我的域控制器报的错误，同时截图如下：

根据以上大篇幅的提示中蓝色加粗的部分的说明让我感觉兴奋，立即在PDC（ADServer）上打开注册表按照其提示找到 Strict Replication Consistency 并把其值改为0（原值为1），以为问题得到解决，再次dcdiag（这次是在BDC[hysh03]上运行）却让人既高兴又失望，高兴的是不再提示“没有给定足够的属性以创建对象。这个对象可能不存在因为它可能已经删除域垃圾收集。”，失望的是新的错误又产生“Active Directory 不能与此服务器复制，因为距上一次与此服务器复制的时间已经超过了tombstone 生存时间。”dcdiag的结果如下：

C:\Documents and Settings\administrator.CHINAHIKARI>dcdiag

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\HYSH03

Starting test: Connectivity

......................... HYSH03 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\HYSH03

Starting test: Replications

[Replications Check,HYSH03] A recent replication attempt failed:

From ADSERVER to HYSH03

Naming Context: CN=Schema,CN=Configuration,DC=chinahikari,DC=com

The replication generated an error (8614):

Active Directory 不能与此服务器复制，因为距上一次与此服务器复制的时

间已经超过了 tombstone 生存时间。

The failure occurred at 2012-06-04 14:55:56.

The last success occurred at 2012-06-01 08:49:32.

79 failures have occurred since the last success.

[ADSERVER] DsBindWithSpnEx() failed with error -2146893022,

目标主要名称不正确。.

[Replications Check,HYSH03] A recent replication attempt failed:

From ADSERVER to HYSH03

Naming Context: CN=Configuration,DC=chinahikari,DC=com

The replication generated an error (8614):

Active Directory 不能与此服务器复制，因为距上一次与此服务器复制的时

间已经超过了 tombstone 生存时间。

The failure occurred at 2012-06-04 15:20:02.

The last success occurred at 2012-06-01 08:49:32.

208 failures have occurred since the last success.

[Replications Check,HYSH03] A recent replication attempt failed:

From ADSERVER to HYSH03

Naming Context: DC=chinahikari,DC=com

The replication generated an error (8614):

Active Directory 不能与此服务器复制，因为距上一次与此服务器复制的时

间已经超过了 tombstone 生存时间。

The failure occurred at 2012-06-04 15:22:59.

The last success occurred at 2012-06-01 08:39:00.

13710 failures have occurred since the last success.

REPLICATION-RECEIVED LATENCY WARNING

HYSH03: Current time is 2012-06-04 15:23:06.

CN=Schema,CN=Configuration,DC=chinahikari,DC=com

Last replication recieved from ADSERVER at 2011-06-01 08:49:32.

WARNING: This latency is over the Tombstone Lifetime of 180 days

CN=Configuration,DC=chinahikari,DC=com

Last replication recieved from ADSERVER at 2011-06-01 08:49:32.

WARNING: This latency is over the Tombstone Lifetime of 180 days

DC=chinahikari,DC=com

Last replication recieved from ADSERVER at 2011-06-01 08:39:00.

WARNING: This latency is over the Tombstone Lifetime of 180 days

......................... HYSH03 passed test Replications

Starting test: NCSecDesc

......................... HYSH03 passed test NCSecDesc

Starting test: NetLogons

......................... HYSH03 passed test NetLogons

Starting test: Advertising

......................... HYSH03 passed test Advertising

Starting test: KnowsOfRoleHolders

Warning: ADSERVER is the Schema Owner, but is not responding to DS RPC

Bind.

[ADSERVER] LDAP bind failed with error 8341,

出现了一个目录服务错误。.

Warning: ADSERVER is the Schema Owner, but is not responding to LDAP Bi

nd.

Warning: ADSERVER is the Domain Owner, but is not responding to DS RPC

Bind.

Warning: ADSERVER is the Domain Owner, but is not responding to LDAP Bi

nd.

Warning: ADSERVER is the PDC Owner, but is not responding to DS RPC Bin

Warning: ADSERVER is the PDC Owner, but is not responding to LDAP Bind.

Warning: ADSERVER is the Rid Owner, but is not responding to DS RPC Bin

Warning: ADSERVER is the Rid Owner, but is not responding to LDAP Bind.

Warning: ADSERVER is the Infrastructure Update Owner, but is not respon

ding to DS RPC Bind.

Warning: ADSERVER is the Infrastructure Update Owner, but is not respon

ding to LDAP Bind.

......................... HYSH03 failed test KnowsOfRoleHolders

Starting test: RidManager

......................... HYSH03 failed test RidManager

Starting test: MachineAccount

......................... HYSH03 passed test MachineAccount

Starting test: Services

......................... HYSH03 passed test Services

Starting test: ObjectsReplicated

......................... HYSH03 passed test ObjectsReplicated

Starting test: frssysvol

......................... HYSH03 passed test frssysvol

Starting test: frsevent

......................... HYSH03 passed test frsevent

Starting test: kccevent

An Error Event occured. EventID: 0xC00007FA

Time Generated: 06/04/2012 15:10:29

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC00007FA

Time Generated: 06/04/2012 15:12:00

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC00007FA

Time Generated: 06/04/2012 15:12:14

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC00007FA

Time Generated: 06/04/2012 15:20:02

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC00007FA

Time Generated: 06/04/2012 15:20:14

(Event String could not be retrieved)

......................... HYSH03 failed test kccevent

Starting test: systemlog

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:24:20

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:29:28

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:30:51

(Event String could not be retrieved)

An Error Event occured. EventID: 0xC0002719

Time Generated: 06/04/2012 14:30:51

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:34:36

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:36:14

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:55:56

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:56:14

(Event String could not be retrieved)

An Error Event occured. EventID: 0x0000168E

Time Generated: 06/04/2012 14:56:20

Event String: The dynamic registration of the DNS record

An Error Event occured. EventID: 0xC0001B6F

Time Generated: 06/04/2012 14:56:59

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 14:57:30

(Event String could not be retrieved)

An Error Event occured. EventID: 0x0000165B

Time Generated: 06/04/2012 14:57:47

Event String: The session setup from computer 'JSB_06' failed

An Error Event occured. EventID: 0x000016AD

Time Generated: 06/04/2012 15:00:04

Event String: The session setup from the computer JSB_06 failed

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:13:40

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:16:25

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:18:14

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:19:51

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:22:56

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:22:57

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:23:06

(Event String could not be retrieved)

An Error Event occured. EventID: 0x40000004

Time Generated: 06/04/2012 15:23:06

(Event String could not be retrieved)

......................... HYSH03 failed test systemlog

Starting test: VerifyReferences

......................... HYSH03 passed test VerifyReferences

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Running partition tests on : chinahikari

Starting test: CrossRefValidation

......................... chinahikari passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... chinahikari passed test CheckSDRefDom

Running enterprise tests on : chinahikari.com

Starting test: Intersite

......................... chinahikari.com passed test Intersite

Starting test: FsmoCheck

......................... chinahikari.com passed test FsmoCheck

经过多番摸索和查找，最后终于找到一个解决办法：

在运行中用Regedit命令打开注册表，分别作如下修改（以下操作本人是在BDC上完成的，按理论来说在PDC做也是可以的）：

Value Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Value Name: Allow Replication With Divergent and Corrupt Partner（如没有此键值可以直接增加）
Value Type: REG_DWORD
Value Data: 1

Value Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value Name: Strict Replication Consistency
Value Type: REG_DWORD
Value Data: 0

然后利用dssite.msc管理控制台强制AD立即复制，操作如下：

点击“立即复制副本”后会迅速提示复制完成。复制成功后，请在注册表中做如下调整：

删除：

Value Path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

Value Name: Allow Replication With Divergent and Corrupt Partner
Value Type: REG_DWORD
Value Data: 1

将以下注册表设定值恢复成1：
Value Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value Name: Strict Replication Consistency
Value Type: REG_DWORD
Value Data: 1

然后重启服务器，再dcdiag或者replmon发现均正常。

阅读┊ 评论 ┊ 收藏 ┊转载 ┊ 喜欢 ▼ ┊打印┊举报/Report

前一篇：Active Directory 数据库文件详解

后一篇：按角色为服务器备份

[发评论]

评论加载中，请稍候...

发评论

评论并转载此博文

发评论

以上网友发言只代表其个人观点，不代表新浪网的观点或立场。

< 前一篇Active Directory 数据库文件详解

后一篇 >按角色为服务器备份

新浪BLOG意见反馈留言板　电话：4000520066 提示音后按1键（按当地市话标准计费）　欢迎批评指正