How to enable strict replication consistency

Hello All,

Hope this post finds you in good health and spirit.
Today we are going to explain about Strict Replication Consistency and how we can enable it on domain controllers. 

Strict Replication Consistency is a registry value that prevents destination domain controllers (DC) from replicating in lingering objects. Lingering objects are objects that have been deleted on one DC but replication failures prevent a partner DC learning of the deletion.

The result is those deleted objects remain “live” on the replication partners. If the replication failure persists for longer than tombstone lifetime but is later corrected, the DC that failed to inbound replicate the deletions will continue to have “live”/lingering objects in its copy of the AD database. When one or more attributes are modified on these “live” objects, that object must replicate outbound. DCs that don’t have Strict Replication Consistency enforced will replicate in these formerly deleted objects, re-animating them.

 

Strict replication is by-default enabled on DC above server 2003. Forest that are upgraded from windows server 2000 to windows server 2003 does not have strict replication consistency enabled for that we need to manually enable.

The setting for replication consistency is stored in the registry in the Strict Replication Consistency entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.

Values for this entry are as follows:

  • Value: 1 (0 to disable)

  • Default: 1 (enabled) in a new Windows Server 2003 forest; otherwise 0.

  • Data type: REG_DWOR

On domain controllers running Windows Server 2003 with Service Pack 1 (SP1), you do not have to edit the registry directly to enable strict replication consistency. It is best to avoid editing the registry directly if possible. You can use a Repadmin command that enables strict replication consistency on one or all domain controllers in the forest. This command is available only in the version of Repadmin that is included with Windows Support Tools in Windows Server 2003 SP1. This command can be applied only on domain controllers running Windows Server 2003 with SP1.

Administrative credentials

 

  • To complete this procedure on a single domain controller, you must be a member of the Domain Admins group in the domain.
  • To complete this procedure on all domain controllers, you must be a member of the Enterprise Admins group in the forest.

Better yet, using RepAdmin just update all DC’s from a command prompt (You need to elevate if on Vista/2008 or greater) in your forest.  I pipe the output and save the text file for documentation.

repadmin /regkey * +strict > c:\temp\dcListStrict.log

This will ensure that all your DC’s are protected from any partners that are unhealthy and hopefully save you some real headscratching problems that can occur with Lingering objects.  In the example below you can see that only one of the three DC’s needed to be updated.  You will also notice that rerunning this does not have an adverse effect.

The output of the above command would look like:

Repadmin: running command /regkey against read-only DC DC01.windowstechno.local
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: “Strict Replication Consistency” REG_DWORD 0x00000001 (1)
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: “Strict Replication Consistency” REG_DWORD 0x00000001 (1)

Repadmin: running command /regkey against full DC DC02.windowstechno.local
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: “Strict Replication Consistency” REG_DWORD 0x00000001 (1)
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: “Strict Replication Consistency” REG_DWORD 0x00000001 (1)

Repadmin: running command /regkey against full DC DC03.windowstechno.local
HKLM\System\CurrentControlSet\Services\NTDS\Parameters: “Strict Replication Consistency” value does not exist
New HKLM\System\CurrentControlSet\Services\NTDS\Parameters: “Strict Replication Consistency” REG_DWORD 0x00000001 (1)

So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!