Announcement

Collapse
No announcement yet.

The user "Domain\user" does not have RSOP data

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The user "Domain\user" does not have RSOP data

    When I run gpresult on some users I get the error:
    INFO: The user "Domain\user" does not have RSOP data. This problem begun when the DC was down. I had put the harddisk in another computer so that the users can access their files. After that the DC was ready did I put the harddisk again in the repaired DC.

    When I tried to manually replicate AD between my domain controllees it gives me an error:

    Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected. This operation will not continue.

    This begun when a DC was down and I put the harddisk in an other pc to access the documents. After the DC was repaired I put the harddisk back in the server.
    Last edited by AndyJG247; 25th March 2009, 16:21.

  • #2
    Re: The user "Domain\user" does not have RSOP data

    Hi Engelmar,

    I've merged your two posts as they are likely caused by the same issue (as per your posts).

    Can you explain a lot more about what you did and about your setup please. You will likely find errors in the event log as well that would help us.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: The user "Domain\user" does not have RSOP data

      This is what I get in the event logs.

      Event Type: Warning
      Event Source: NtFrs
      Event Category: None
      Event ID: 13508
      Date: 3/25/2009
      Time: 2:03:09 AM
      User: N/A
      Computer: ACU-SCH01
      Description:
      The File Replication Service is having trouble enabling replication from ACU02 to ACU-SCH01 for c:\windows\sysvol\domain using the DNS name acu02.acu.com. FRS will keep retrying.
      Following are some of the reasons you would see this warning.

      [1] FRS can not correctly resolve the DNS name acu02.acu.com from this computer.
      [2] FRS is not running on acu02.acu.com.
      [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.

      This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

      For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
      Data:
      0000: d5 04 00 00 ...

      Comment


      • #4
        Re: The user "Domain\user" does not have RSOP data

        This is another one.

        Event Type: Error
        Event Source: NTDS Replication
        Event Category: Replication
        Event ID: 1988
        Date: 3/25/2009
        Time: 1:50:43 PM
        User: NT AUTHORITY\ANONYMOUS LOGON
        Computer: ACU-SCH01
        Description:
        Active Directory Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory database. Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed. Objects that have been deleted and garbage collected from an Active Directory partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".

        This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory database. This replication attempt has been blocked.

        The best solution to this problem is to identify and remove all lingering objects in the forest.


        Source DC (Transport-specific network address):
        c0ee1dde-b19e-4576-898d-f5e0fb445688._msdcs.acu.com
        Object:
        CN=ACU-LO09,CN=Computers,DC=acu,DC=com
        Object GUID:
        76c8987d-0e97-489a-bc96-42189dbb7e27

        User Action:

        Remove Lingering Objects:

        The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.

        If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".

        If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.

        If you need Active Directory replication to function immediately at all costs and don't have time to remove lingering objects, enable loose replication consistency by unsetting the following registry key:

        Registry Key:
        HKLM\System\CurrentControlSet\Services\NTDS\Parame ters\Strict Replication Consistency

        Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC.

        Lingering objects may be prevented by ensuring that all domain controllers in the forest are running Active Directory, are connected by a spanning tree connection topology and perform inbound replication before Tombstone Live number of days pass.

        For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

        Comment


        • #5
          Re: The user &quot;Domain\user&quot; does not have RSOP data

          Can you explain exactly what you mean by "This problem begun when the DC was down. I had put the harddisk in another computer so that the users can access their files. After that the DC was ready did I put the harddisk again in the repaired DC."

          Did you just use the servers disk as a file store or was it booted somewhere else?

          Get a backup of all DCs, I assume it is just 2 but can you confirm?

          Lingering Objects
          http://technet.microsoft.com/en-us/l.../cc738018.aspx
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment


          • #6
            Re: The user &quot;Domain\user&quot; does not have RSOP data

            We have 3 DC's on a site and 1 DC on the branch. The branch DC had hardware failed and didn't start up. I needed to take him to the provider for repairing. Meanwhile took I one of harddisk of the DC and put it in an ordinary hp pc to boot, so that the users can access their files stored on the harddisk. After the server was repaired took I the harddisk from the pc and put it back in the server.
            So the server 2003 had gone through a hardware change.

            Thanks.

            Comment


            • #7
              Re: The user &quot;Domain\user&quot; does not have RSOP data

              I surprised it booted at all , assuming you mean you booted from the disk rather than just as a "slave" to copy files from/to.

              From what you have written I would say the DC is no good anymore and you should unplug it, clean the metadata and lingering objects, then wipe/dcpromo it again.

              Make sure you have backups of everything though.
              Last edited by AndyJG247; 26th March 2009, 21:10.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: The user &quot;Domain\user&quot; does not have RSOP data

                This mean that I don't have to reinstall the server?

                After cleaning and running wipe/dcpromo, must I reconnect all the workstations to the server?

                Comment

                Working...
                X