Event ID 1083 Is Logged During Active Directory Replication

Symptoms

During Active Directory replication, you may receive the following warning in the Directory Service event log on the domain controller:

Cause

This issue may occur for the following reasons:
  • A change occurred that triggers an urgent replication. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

    232690 Urgent replication triggers in Windows 2000

    Or, a change that is made on multiple domain controllers is replicated very quickly, especially for intra-site cases.
    For additional information about intra-site cases, click the following article number to view the article in the Microsoft Knowledge Base:

    214678 How to modify the default intra-site domain controller replication interval

    These scenarios may occur when you change your password. The change is forwarded to the primary domain controller (PDC) Emulator, and if the change is in the same site, and the domain controller is busy, the change may replicate back in. While the local directory service is still in the process of writing the change, and therefore locks the object, the change is replicating in also, and an error occurs. To verify this, type repadmin /showmeta object distinguished name. Check the time stamp on the event against the change time stamp of relevant attributes like unicodePwd or lockoutTime. Typically, the latter attribute may already be cleared or be changed again when you look it up some time after the event occurred (this may depend on your lock-out policy). If the time stamp matches, you can ignore the event.
  • A duplicate object is present in Active Directory for the replication partner of the local domain controller. When the local domain controller receives the replication updates that contain duplicate objects from the domain controller's replication partner, the local domain controller cannot perform the updates on those objects, and therefore it logs a warning in the directory service event log.

Resolution

To resolve this issue, follow these steps.

Note You must first install the Windows 2000 Support Tools from the Support\Tools folder on the Windows 2000 CD-ROM.
  1. Ping the GUID-based DNS name (contained in the warning message) to obtain the IP address of the replication partner. For additional information about how to determine the GUID of a domain controller, click the following article number to view the article in the Microsoft Knowledge Base:
    224544 Determining the Server GUID of a Domain Controller
  2. Use the Active Directory Administration tool (Ldp.exe), to connect to the IP address obtained in step 1. To do so:
    1. Click Start, point to Programs, point to Windows 2000 Support Tools, point to Tools, and then click Active Directory Administration Tool.
    2. On the Connection menu, click Connect. In the Server dialog box, type the IP address of the replication partner (obtained in step 1), and then click OK.
    3. On the Connection menu, click Bind. Type the credentials of an administrator account, and then click OK.
    4. On the Browse menu, click Search, and then click the Subtree option.
    5. In the Base Dn dialog box, type the name of the domain where you want to search for a specific Active Directory object (for example, CN=Configuration,dc=company,dc=com).
    6. In the Filter dialog box, type the Relative Distinguished Name of the object in parentheses (for example, to filter for a computer object named DC2, type
      CN=DC2), and then click Run.

      The right pane of the window displays the different locations where the object is found. Note the object that you want to keep.
    7. To delete the unnecessary duplicate objects, click Delete on the Browse menu, and then type the distinguished name of the object that you want to delete.
    8. In the right pane of the Ldp window, make sure that the object has been deleted. For additional information about how to use the Active Directory Administration Tool, click the following article number to view the article in the Microsoft Knowledge Base:
      278422 XADM: How to Use the Windows 2000 LDP Support Tool to View the BaseDN
  3. If there is no duplicate object found, try to move the object to a different site or organizational unit. Make note of where you move it to, because you may have to move it back later.
  4. Use the Repadmin.exe tool (located in Windows 2000 Support Tools) to synchronize the configuration and domain naming contexts. Use the following syntax (replace the domain components with your own):
    repadmin /sync CN=Configuration,DC=company,DC=com <local domain controller name> <replication partner GUID>

    repadmin /sync DC=company,DC=com <local domain controller name> <replication partner GUID>
    For additional information about how to use Repadmin.exe, click the following article number to view the article in the Microsoft Knowledge Base:
    229896 Using Repadmin.exe to Troubleshoot Active Directory Replication
After replication completes, the Directory Service event log should not show any new instances of event ID 1083 that are caused by duplicate objects.If you have to, move the object that you moved in step 3 back to its original location.
Eigenschaften

Artikelnummer: 296714 – Letzte Überarbeitung: 30.10.2006 – Revision: 1

Feedback