I suspect ... and winging it here ... if you truly have a DC _that isn't a GC_ for the domain (domain2 I believe) of the user object with the dangling manager link ... move IM for domain2 to that DC ... wait four days for IM to make the rounds ... he should [re?]generate a infrastructure update ... watch event logs to see if AD is having trouble with IM duties ... possibly regularly query AD for new infrastructure update objects, hint they're deleted objects ... see if the problem rectifies itself ...
If domain2's IM is already on (for 4+ days) a DC with the dangling manager link, then in theory you've already unintentionally followed my suggestion, and well the problem is non-obvious to me ... -BrettSh This posting is provided "AS IS" with no warranties, and confers no rights. On Fri, 20 Oct 2006, David Loder wrote: > joe and I talked offline. Neither of us think it's a > lingering object (but that was his first guess too). > He was thinking it was a phantom but I'm not sure > since I see it in a GC - which never has a need to > create a phantom. > > Layout is a follows. > > Domain0 is empty root, with child domains 1-6. > > Manager previously existed in Domain1. User still > exists in Domain2. > > Manager has been verified to not exist on any DC in > Domain1. > > Some (not all) of Domain2's DCs and GCs show the user > having a manager. Some (not all) of Domain1's GCs > show the user having a manager. Some (not all) of > Domain3's GCs show the user having a manager. None of > Domain0's GCs or 4-6 show the user having a manager. > > Around the time this happened back in 2003 there had > been some incorrect Infrastructure Master placements. > However, Domain2's IM appears to have been correctly > configured. Not sure if that is just a red-herring to > lead us down the phantom path. > > > --- Eric Fleischman <[EMAIL PROTECTED]> > wrote: > > > >From the data provided below it sounds like you > > have a lingering object > > & a lingering link value...not tragic, pretty > > straight forward to clean > > up. If you could be more specific as to domain > > layout & in which domain > > each user resides we could likely provide steps to > > fix this up. > > > > If you search KB for lingering object you'll find > > all sorts of mention > > of them. I say that you must have a lingering object > > as link values need > > point so some object (they are nothing more than a > > DNT pointer really) > > so it sounds like you have an object in the partial > > NC on the GC which > > still represents that manager. > > > > ~Eric > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of David Loder > > Sent: Thursday, October 19, 2006 8:36 AM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Linked Attributes Replication > > > > We've found something unusual in our forest and are > > hoping someone may have insight as to root-cause. > > > > Sometime back in 2003, when our forest was running > > W2K > > SP3, someone's manager was deleted, and that event > > was > > faithfully replicated around the originating domain > > and the forest GCs. The manager doesn't exist > > anywhere. > > > > Fast forward to today, forest now running W2K3 SP1. > > About 20% of the DCs (both originating domain DCs > > and > > forest GCs) show that the user still has a manager > > because the manager attribute contains a DN that no > > longer exists in the forest. > > > > Let me repeat that statement. If I look at GC_1 it > > shows the employee's manager is <not set>. If I > > look > > at GC_2 it shows manager is > > CN=Someone_that_no_longer_exists_in_the_forest. Yet > > both GC_1 and GC_2 show the same metadata for the > > manager attribute. > > > > At this point we're theorizing that when the user's > > manager was deleted, that change was faithfully > > replicated around the forest. However, the linked > > attribute update is not a replicated event - each DC > > is personally responsible for updating the backlink, > > and we had one W2K DC that didn't do it. Fast > > forward > > to today where 100% of the DCs have been reinstalled > > and repromoed as W2K3. Depending on which DC they > > sourced their promo from we now have the > > "corruption" > > spread we see today where some 20% of the DCs have > > the > > incorrect value. > > > > Has anyone else ever encountered this or have some > > idea what may that caused the initial "corruption"? > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > http://mail.yahoo.com > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.activedir.org/ml/threads.aspx > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.activedir.org/ml/threads.aspx > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
