Let's take this offline.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Loder Sent: Friday, October 20, 2006 9:15 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Linked Attributes Replication I find nothing. adfind -h Domain1GC -gc -b dc=Domain2,dc=x,dc=y -f "name=UserABC" manager AdFind V01.32.00cpp Joe Richards ([EMAIL PROTECTED]) October 2006 Using server: Domain1GC:3268 Directory: Windows Server 2003 dn:CN=UserABC,OU=USERIDS,dc=Domain2,dc=x,dc=y >manager: CN=Manager123,OU=USERIDS,DC=Domain1,DC=x,DC=y 1 Objects returned adfind -h Domain1GC -gc -b CN=Manager123,OU=USERIDS,DC=Domain1,DC=x,DC=y AdFind V01.32.00cpp Joe Richards ([EMAIL PROTECTED]) October 2006 Using server: Domain1GC:3268 Directory: Windows Server 2003 ldap_get_next_page_s: [Domain1GC] Error 0x20 (32) - No Such Object Best Match of: 'OU=USERIDS,DC=Domain1,DC=x,DC=y' 0 Objects returned --- Eric Fleischman <[EMAIL PROTECTED]> wrote: > You can certainly kick GC off by hand to clear that > up. > If you have the problem on a GC though, how are you > to blame a phantom? > If you navigate to the partial NC on the GC, do you > see the object? I > assume the answer is yes (but if not please let me > know what you do > see). > > ~Eric > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of David Loder > Sent: Friday, October 20, 2006 8:06 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Linked Attributes > Replication > > joe and I talked offline. Neither of us think it's > a > lingering object (but that was his first guess too). > > He was thinking it was a phantom but I'm not sure > since I see it in a GC - which never has a need to > create a phantom. > > Layout is a follows. > > Domain0 is empty root, with child domains 1-6. > > Manager previously existed in Domain1. User still > exists in Domain2. > > Manager has been verified to not exist on any DC in > Domain1. > > Some (not all) of Domain2's DCs and GCs show the > user > having a manager. Some (not all) of Domain1's GCs > show the user having a manager. Some (not all) of > Domain3's GCs show the user having a manager. None > of > Domain0's GCs or 4-6 show the user having a manager. > > Around the time this happened back in 2003 there had > been some incorrect Infrastructure Master > placements. > However, Domain2's IM appears to have been correctly > configured. Not sure if that is just a red-herring > to > lead us down the phantom path. > > > --- Eric Fleischman <[EMAIL PROTECTED]> > wrote: > > > >From the data provided below it sounds like you > > have a lingering object > > & a lingering link value...not tragic, pretty > > straight forward to clean > > up. If you could be more specific as to domain > > layout & in which domain > > each user resides we could likely provide steps to > > fix this up. > > > > If you search KB for lingering object you'll find > > all sorts of mention > > of them. I say that you must have a lingering > object > > as link values need > > point so some object (they are nothing more than a > > DNT pointer really) > > so it sounds like you have an object in the > partial > > NC on the GC which > > still represents that manager. > > > > ~Eric > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of David Loder > > Sent: Thursday, October 19, 2006 8:36 AM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Linked Attributes Replication > > > > We've found something unusual in our forest and > are > > hoping someone may have insight as to root-cause. > > > > Sometime back in 2003, when our forest was running > > W2K > > SP3, someone's manager was deleted, and that event > > was > > faithfully replicated around the originating > domain > > and the forest GCs. The manager doesn't exist > > anywhere. > > > > Fast forward to today, forest now running W2K3 > SP1. > > About 20% of the DCs (both originating domain DCs > > and > > forest GCs) show that the user still has a manager > > because the manager attribute contains a DN that > no > > longer exists in the forest. > > > > Let me repeat that statement. If I look at GC_1 > it > > shows the employee's manager is <not set>. If I > > look > > at GC_2 it shows manager is > > CN=Someone_that_no_longer_exists_in_the_forest. > Yet > > both GC_1 and GC_2 show the same metadata for the > > manager attribute. > > > > At this point we're theorizing that when the > user's > > manager was deleted, that change was faithfully > > replicated around the forest. However, the linked > > attribute update is not a replicated event - each > DC > > is personally responsible for updating the > backlink, > > and we had one W2K DC that didn't do it. Fast > > forward > > to today where 100% of the DCs have been > reinstalled > > and repromoed as W2K3. Depending on which DC they > > sourced their promo from we now have the > > "corruption" > > spread we see today where some 20% of the DCs have > > the > > incorrect value. > > > > Has anyone else ever encountered this or have some > > idea what may that caused the initial > "corruption"? > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > > protection around > > http://mail.yahoo.com > > List info : http://www.activedir.org/List.aspx > > List FAQ : > http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.activedir.org/ml/threads.aspx > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : > http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.activedir.org/ml/threads.aspx > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
