How to force the removal of read-only naming contexts from a domain controller

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
Summary
This article describes how to force the removal of read-only naming contexts from a domain controller on Microsoft Windows 2000-based computers, and Microsoft Windows Server 2003-based computers.
More information
When a domain controller, which had been, but is no longer, a global catalog server, the Knowledge Consistency Checker (KCC) is responsible for the removal of the read-only naming contexts on the domain controller that is no longer replicated. By default, the KCC removes 500 objects every time it runs, which is every 15 minutes (by default). In a large forest, a domain controller can take a considerable amount of time to remove all read-only naming contexts.

To determine if a domain controller is in the process of removing read-only naming contexts, examine the Directory Service event log file for the following event:
Event Type: Information
Event Source: NTDS KCC
Event Category: Knowledge Consistency Checker
Event ID: 1069
Description: Incremental progress has been made in removing the remainder of the objects from domain DC=xpchild,DC=travisa2000,DC=local from the local server. Further progress will be made on the next execution of the Knowledge Consistency Checker (KCC).
You can use the Repadmin.exe tool from Windows 2000 Support Tools to speed up this process by means of a batch file. The batch file must be run on the console of the domain controller (that is no longer a global catalog) to remove the read-only naming contexts.

Note For Windows Server 2003, the Repadmin.exe tool is located in the Support\Tools\Suptools.msi file on the Windows Server 2003 installation media.

In the following sample version of a Ungc.bat file, the name of the domain controller that needs to be "cleaned up" is "dc1.corp.company.com". The read-only naming contexts that are being removed from this domain controller are: Northamerica.corp.company.com, europe.corp.company.com, and asia.corp.company.com

A sample of the code in the Ungc.bat file:
Rem Batch file for removing the Read-only naming context (Global Catalog)remrem Error 8438 maps to "The directory service is too busy to complete therem replication operation at this time." This error is expected while theRem deletion is proceeding. When the deletion has completed,the followingRem is reported, error 8439 rem "The distinguished name specified for thisRem replication operation is invalid." remrem The batch loops through the deletion of one naming context (domain) Rem at time before proceeding to the next.  Repadmin /delete rem Replace destgc with the target GC name and replace domain names withRem the naming context targetted for deletion.Rem Add or remove domains as required.setlocalset destgc=dc1.company.com:domain1time /trepadmin /delete DC=northamerica,DC=company,DC=com %destgc% /nosource if %errorlevel% == 8438 goto :domain1:domain2time /trepadmin /delete DC=europe,DC=company,DC=com %destgc% /nosource if %errorlevel% == 8438 goto :domain2:domain3time /trepadmin /delete DC=asia,DC=company,DC=com %destgc% /nosource if %errorlevel% == 8438 goto :domain3 endlocal				
AD Replication KCC NC DC
Properties

Article ID: 297935 - Last Review: 01/11/2015 04:12:55 - Revision: 3.0

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • kbnosurvey kbarchive kbenv kbhowto KB297935
Feedback