Windows – Fix AD Active directory replication
Clean old Domain Controller from DNS
Check server Time
- repadmin /syncall
netdom query fsmo
dcdiag /c /v
repadmin /showrepl *
repadmin /showattr . “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=your_domain,DC=local” /atts:tombstonelifetime
3. Adjust Active Directory Tombstone Lifetime
To change the tombstone lifetime attribute
NOTE: To perform this procedure, you will need the ADSI Edit utility. In Windows Server 2008 and above, this component is installed together with the AD DS role, or it can be downloaded and installed along with Remote Server Administration Tools. Refer to Install ADSI Edit for detailed instructions on how to install the ADSI Edit utility.
- On any domain controller in the target domain, navigate to Start → Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) → ADSI Edit.
- Right-click the ADSI Edit node and select Connect To. In the Connection Settings dialog, enable Select a well-known Naming Context and select Configuration from the drop-down list.
- Navigate to Configuration <Your_Root_Domain_Name → CN=Configuration,DC=<name>,DC=<name> → CN=Services → CN=Windows NT → CN=Directory Service. Right-click it and select Properties from the pop-up menu.
- In the CN=Directory Service Properties dialog, locate the tombstoneLifetime attribute in the Attribute Editor tab.
- Click Edit. Set the value to “730” (which equals 2 years).