Recently I have been working with a premier customer in South Africa to cleanup their forest from lingering objects.
It is a complex environment with 15 domains,30+ sites and 130+ DCs where power failures and network related issues frequently disrupt AD operations.
So I wanted to share with you the method I used to remove lingering objects and hopefully you find it useful somehow.
First download repldiag from http://activedirectoryutils.codeplex.com/releases/view/13664 as it will save you a lot of typing.
Then create a .bat file similar to the following:
/enable Strict Replication Consistency across the forest
repadmin /regkey * +strict
/dump all repldiag commands to a .txt file (repldiag enumerates all domains, finds all DCs and creates all necessary repadmin commands for removing lingering objects)
repldiag /removelingeringobjects /outputrepadmincommandlinesyntax >output.txt
/dump domain specific repldiag commands to a .bat file (this way you may cleanup one domain at a time)
findstr "domain_a" output.txt >domain_a.bat
findstr "domain_n" output.txt >domain_n.bat
/call all .bat files in order to remove lingering objects
/Then run repadmin /showrepl against all DCs in each domain and pipe it to a .txt file
repadmin /showrepl *.domain_a /errorsonly > domain_a.txt
repadmin /showrepl *.domain_n /errorsonly> domain_n.txt
/Look for "failed, result 8606 (0x219e): Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected."
/Identify the destination DC (the DC logging the event), Source DC (the DC that contains lingering objects) and affected Naming Context (the NC that contains lingering objects)
/With the information above force replication to resume on the affected DCs/NCs
repadmin /replicate destination sourceGUID NC /force
as an example:
**output from showrepl**
Repadmin: running command /SHOWREPL against full DC DC1.domain_a.fqdn
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa
DSA invocationID: zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
==== INBOUND NEIGHBORS ======================================
Site30\DC via RPC
DSA object GUID: nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
Last attempt @ 2014-10-16 10:55:42 failed, result 8606 (0x219e):
Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
529 consecutive failure(s).
Last success @ 2014-09-30 07:00:33.
In this example the command to force replication to resume would be
repadmin /replicate DC1.domain_a.fqdn nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn DC=domain_n,DC=fqdn /force
Hope it helps!