In multi-domain environment, there are often problems with replication, caused by the loss of communication, time differences which resulted in an Active Directory assets appear Ghosts (lingering objects), which in turn also inhibit replication. In this article, I show an example of how to create an cmd file for cleaning Ghosts (lingering objects).
Download create_lingering_cmd.ps1
1. Go to root DNS Server and on zone property Allow zone transfers to any server
2. Open
cmd nslookup tool and type command "ls -t cname youtdomain.com"
3. Go to root DNS Server and on zone property Only to servers listed on the Name Servers tab
4. Copy result where line contain _.msdcs to notepad and replace (Ctrl - H) text "._msdcs CNAME "
5. Save file with name "guids.csv"
6. Copy "guids.csv" to PC with powershell and create powershell csript
Download create_lingering_cmd.ps1
1. Go to root DNS Server and on zone property Allow zone transfers to any server
4. Copy result where line contain _.msdcs to notepad and replace (Ctrl - H) text "._msdcs CNAME "
$guids = import-csv -header dcguid, dcname ".\guids.csv" -delimiter " "
$path_cmd_file = ".\lingering.cmd"
Clear-Content -path $path_cmd_file
$cmd_file = "@echo off"
Add-Content -path $path_cmd_file -value "@echo off"
foreach ($guid in $guids)
{
$guid.dcname -match '^([^.]+).(.+)' > $nul
$parts = $matches[2].Split(".")
$dcname_dn = "dc="
$i = 1
foreach ($part in $parts)
{
if ($i -ne $parts.count) { $dcname_dn += $part + ",dc=" }
else { $dcname_dn += $part }
$i++
}
$comm = "repadmin /removelingeringobjects * " + $guid.dcguid + " " + $dcname_dn
$cmd_file += "`n$comm"
Add-Content -path $path_cmd_file -value $comm
}
$cmd_file += "`npause"
Add-Content -path $path_cmd_file -value "pause"
$cmd_file
7. Powershell script create cmd file "lingering.cmd". Now you you can copy this cmd file, repadmin tool to Domain Controller and run
No comments:
Post a Comment