Windows – Fix AD Active directory replication

  1. Clean old Domain Controller from DNS

  2. Check server Time

  1. repadmin /syncall


    ipconfig /registerdns

    netdom query fsmo

    repadmin /replsum

dcdiag /c /v

repadmin /showrepl *

ipconfig /flushdns

repadmin /showattr . “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=your_domain,DC=local” /atts:tombstonelifetime

     3.  Adjust Active Directory Tombstone Lifetime

To change the tombstone lifetime attribute

NOTE: To perform this procedure, you will need the ADSI Edit utility. In Windows Server 2008 and above, this component is installed together with the AD DS role, or it can be downloaded and installed along with Remote Server Administration Tools. Refer to Install ADSI Edit for detailed instructions on how to install the ADSI Edit utility.

  1. On any domain controller in the target domain, navigate to Start → Windows Administrative Tools (Windows Server 2016) or Administrative Tools (Windows 2012 R2 and below) → ADSI Edit.
  2. Right-click the ADSI Edit node and select Connect To. In the Connection Settings dialog, enable Select a well-known Naming Context and select Configuration from the drop-down list.

  3. Navigate to Configuration <Your_Root_Domain_Name → CN=Configuration,DC=<name>,DC=<name> → CN=Services → CN=Windows NT → CN=Directory Service. Right-click it and select Properties from the pop-up menu.
  4. In the CN=Directory Service Properties dialog, locate the tombstoneLifetime attribute in the Attribute Editor tab.

  5. Click Edit. Set the value to “730” (which equals 2 years).