How to force the removal of read-only naming contexts from a domain controller

Article translations Article translations
Article ID: 297935 - View products that this article applies to.
This article was previously published under Q297935
Expand all | Collapse all


This article describes how to force the removal of read-only naming contexts from a domain controller on Microsoft Windows 2000-based computers, and Microsoft Windows Server 2003-based computers.


When a domain controller, which had been, but is no longer, a global catalog server, the Knowledge Consistency Checker (KCC) is responsible for the removal of the read-only naming contexts on the domain controller that is no longer replicated. By default, the KCC removes 500 objects every time it runs, which is every 15 minutes (by default). In a large forest, a domain controller can take a considerable amount of time to remove all read-only naming contexts.

To determine if a domain controller is in the process of removing read-only naming contexts, examine the Directory Service event log file for the following event:
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1069
Description: Incremental progress has been made in removing the remainder of the objects from domain DC=xpchild,DC=travisa2000,DC=local from the local server. Further progress will be made on the next execution of the Knowledge Consistency Checker (KCC).
You can use the Repadmin.exe tool from Windows 2000 Support Tools to speed up this process by means of a batch file. The batch file must be run on the console of the domain controller (that is no longer a global catalog) to remove the read-only naming contexts.

Note For Windows Server 2003, the Repadmin.exe tool is located in the Support\Tools\Suptools.msi file on the Windows Server 2003 installation media.

In the following sample version of a Ungc.bat file, the name of the domain controller that needs to be "cleaned up" is "". The read-only naming contexts that are being removed from this domain controller are:,, and

A sample of the code in the Ungc.bat file:
Rem Batch file for removing the Read-only naming context (Global Catalog)
rem Error 8438 maps to "The directory service is too busy to complete the
rem replication operation at this time." This error is expected while the
Rem deletion is proceeding. When the deletion has completed,the following
Rem is reported, error 8439 rem "The distinguished name specified for this
Rem replication operation is invalid." 
rem The batch loops through the deletion of one naming context (domain) 
Rem at time before proceeding to the next.  Repadmin /delete 

rem Replace destgc with the target GC name and replace domain names with
Rem the naming context targetted for deletion.
Rem Add or remove domains as required.


time /t

repadmin /delete DC=northamerica,DC=company,DC=com %destgc% /nosource 
if %errorlevel% == 8438 goto :domain1

time /t

repadmin /delete DC=europe,DC=company,DC=com %destgc% /nosource 
if %errorlevel% == 8438 goto :domain2

time /t

repadmin /delete DC=asia,DC=company,DC=com %destgc% /nosource 
if %errorlevel% == 8438 goto :domain3 



Article ID: 297935 - Last Review: October 11, 2007 - Revision: 2.7
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition
kbenv kbhowto KB297935

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from