Microsoft KB Archive/218614

= Replication Collisions in Windows 2000 =

Article ID: 218614

Article Last Modified on 2/24/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q218614



SUMMARY
Every object in the Active Directory has a Distinguished Name (DN). The DN identifies the domain that holds the object, as well as the complete path through the container hierarchy by which the object is reached. For example, a DN might be "CN=James Smith,CN=Users,DC=Microsoft,DC=Com." This DN identifies the "James Smith" user object in the Microsoft.Com domain. The Relative Distinguished Name (RDN) of an object is the part of the name that is an attribute of the object itself. In the preceding example, the RDN of the "James Smith" user object is "CN=James Smith." The RDN of the parent object is "CN=Users."



MORE INFORMATION
Two objects in the Active Directory with the same RDN cannot exist in the same container. For example, the following example is allowed:

DC=MyDomain

--OU=James Smith

--CN=James Smith

However, two objects that both have the RDN "CN=James Smith" cannot exist in the same container, as in the following example:

DC=MyDomain

--CN=Users

CN=James Smith

CN=James Smith

In the event that an object was created on two or more different domain controllers with the same RDN and in the same container before replication has occurred, a collision will occur when the domain controllers replicate changes. For example, two different administrators both create the "James Smith" user in the "Users" container using the Directory Management administrative tool. In a multi-master environment, each domain controller can create objects in its local database without querying other domain controllers. Each tool is focused on a specific domain controller and each is permitted to create the object.

When replication occurs, the object with the latest time stamp (the object that was created last) is kept and the older object is renamed. This requires administrator intervention to determine which object should be kept. As replication occurs to other domain controllers, the name change of the older object is replicated to other domain controllers. The administrator can choose to delete the object whose name has not been changed and rename the original object if that object is determined to be the correct one. Because each object is identified by a Globally Unique Identifier (GUID), the object deletion is safely replicated to other domain controllers even though the RDN was the same.

Using the Search.vbs Script
Search.vbs is a Microsoft Visual Basic script that is included in the Support\Tools\Support.cab file on the Windows 2000 retail CD-ROM. This script can be used to perform an LDAP search against the Active Directory and either display the results or output them to a text file.

To determine if there are any objects in the Active Directory that have resulted from a replication collision, use the following query. From a command prompt, type

cscript search.vbs "LDAP:// /dc= ,dc= " /C:"(CN=*\0ACNF:*)" /P:distinguishedName /S:SubTree

replacing,  , and   with the correct names.

The query filter used here (identified by the /C: parameter) begins with a wildcard, followed by a linefeed character (expressed in LDAP format by an escape sequence), and "CNF:", which together denote an object collision. This is followed by another wildcard character because the GUID of the objects to be returned are not known. In simpler terms, the filter looks for any objects that have a CN that begins with any text, includes the characters to denote an object collision, and suffixed by any text.

The output display how many objects were found and presents the value for the "distinguishedName" attribute for each object found as in the following example:

Finished the query.

Found 1 objects.

distinguishedName 1 = CN=MyUser\

CNF:57e0951e-c9d5-11d2-a802-0000f87a3548,CN=Users,DC=mydomain,DC=com

If no collisions are found, the following output is displayed:

Finished the query.

No object satisfying the criteria has been found within

LDAP://YourServerName/dc=mydomain,dc=com.

Keywords: kbinfo KB218614

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.