Microsoft KB Archive/297935

= How to force the removal of read-only naming contexts from a domain controller =

Article ID: 297935

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition

-



This article was previously published under Q297935



SUMMARY
This article describes how to force the removal of read-only naming contexts from a domain controller on Microsoft Windows 2000-based computers, and Microsoft Windows Server 2003-based computers.



MORE INFORMATION
When a domain controller, which had been, but is no longer, a global catalog server, the Knowledge Consistency Checker (KCC) is responsible for the removal of the read-only naming contexts on the domain controller that is no longer replicated. By default, the KCC removes 500 objects every time it runs, which is every 15 minutes (by default). In a large forest, a domain controller can take a considerable amount of time to remove all read-only naming contexts.

To determine if a domain controller is in the process of removing read-only naming contexts, examine the Directory Service event log file for the following event:

Event Type: Information

Event Source: NTDS KCC

Event Category: Knowledge Consistency Checker

Event ID: 1069

Description: Incremental progress has been made in removing the remainder of the objects from domain DC=xpchild,DC=travisa2000,DC=local from the local server. Further progress will be made on the next execution of the Knowledge Consistency Checker (KCC).

You can use the Repadmin.exe tool from Windows 2000 Support Tools to speed up this process by means of a batch file. The batch file must be run on the console of the domain controller (that is no longer a global catalog) to remove the read-only naming contexts.

Note For Windows Server 2003, the Repadmin.exe tool is located in the Support\Tools\Suptools.msi file on the Windows Server 2003 installation media.

In the following sample version of a Ungc.bat file, the name of the domain controller that needs to be &quot;cleaned up&quot; is &quot;dc1.corp.company.com&quot;. The read-only naming contexts that are being removed from this domain controller are: Northamerica.corp.company.com, europe.corp.company.com, and asia.corp.company.com

A sample of the code in the Ungc.bat file: Rem Batch file for removing the Read-only naming context (Global Catalog) rem rem Error 8438 maps to &quot;The directory service is too busy to complete the rem replication operation at this time.&quot; This error is expected while the Rem deletion is proceeding. When the deletion has completed,the following Rem is reported, error 8439 rem &quot;The distinguished name specified for this Rem replication operation is invalid.&quot; rem rem The batch loops through the deletion of one naming context (domain) Rem at time before proceeding to the next. Repadmin /delete

rem Replace destgc with the target GC name and replace domain names with Rem the naming context targetted for deletion. Rem Add or remove domains as required.

setlocal set destgc=dc1.company.com


 * domain1

time /t

repadmin /delete DC=northamerica,DC=company,DC=com %destgc% /nosource if %errorlevel% == 8438 goto :domain1


 * domain2

time /t

repadmin /delete DC=europe,DC=company,DC=com %destgc% /nosource if %errorlevel% == 8438 goto :domain2


 * domain3

time /t

repadmin /delete DC=asia,DC=company,DC=com %destgc% /nosource if %errorlevel% == 8438 goto :domain3

endlocal

Additional query words: AD Replication KCC NC DC

Keywords: kbhowto kbenv KB297935

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.