Hi, I get the trouble with accounts locked. How can i fix it? I have tried to find many sites but I have not found solutions yet... I copied from the Event ID blow.. Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 12/15/2010 1:35:29 PM Event ID: 1083 Task Category: Replication Level: Warning Keywords: Classic User: ANONYMOUS LOGON Computer: SRV.seas.vn Description: Active Directory Domain Services could not update the following object with changes received from the directory service at the following network address because Active Directory Domain Services was busy processing information. Object: CN=Administrator,CN=Users,DC=seas,DC=vn Network address: b995f0d6-fd79-4bf8-8eae-0f4e34accc20._msdcs.seas.vn This operation will be tried again later. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" /> <EventID Qualifiers="32768">1083</EventID> <Version>0</Version> <Level>3</Level> <Task>5</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-12-15T06:35:29.730895600Z" /> <EventRecordID>2667</EventRecordID> <Correlation /> <Execution ProcessID="656" ThreadID="1772" /> <Channel>Directory Service</Channel> <Computer>SRV.seas.vn</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>CN=Administrator,CN=Users,DC=seas,DC=vn</Data> <Data>b995f0d6-fd79-4bf8-8eae-0f4e34accc20._msdcs.seas.vn</Data> </EventData> </Event> ----- Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 12/15/2010 8:25:06 AM Event ID: 1864 Task Category: Replication Level: Error Keywords: Classic User: ANONYMOUS LOGON Computer: SRV.seas.vn Description: This is the replication status for the following directory partition on this directory server. Directory partition: DC=ForestDnsZones,DC=seas,DC=vn This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals. More than 24 hours: 1 More than a week: 1 More than one month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 180 Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the directory servers by name, use the dcdiag.exe tool. You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>". Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" /> <EventID Qualifiers="49152">1864</EventID> <Version>0</Version> <Level>2</Level> <Task>5</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-12-15T01:25:06.757722500Z" /> <EventRecordID>2650</EventRecordID> <Correlation /> <Execution ProcessID="656" ThreadID="816" /> <Channel>Directory Service</Channel> <Computer>SRV.seas.vn</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>DC=ForestDnsZones,DC=seas,DC=vn</Data> <Data>1</Data> <Data>1</Data> <Data>0</Data> <Data>0</Data> <Data>0</Data> <Data>180</Data> <Data>24</Data> </EventData> </Event> ------------------------------------------------------------- Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 12/15/2010 8:25:06 AM Event ID: 1864 Task Category: Replication Level: Error Keywords: Classic User: ANONYMOUS LOGON Computer: SRV.seas.vn Description: This is the replication status for the following directory partition on this directory server. Directory partition: DC=DomainDnsZones,DC=seas,DC=vn This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals. More than 24 hours: 1 More than a week: 1 More than one month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 180 Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the directory servers by name, use the dcdiag.exe tool. You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>". Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" /> <EventID Qualifiers="49152">1864</EventID> <Version>0</Version> <Level>2</Level> <Task>5</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-12-15T01:25:06.756722400Z" /> <EventRecordID>2649</EventRecordID> <Correlation /> <Execution ProcessID="656" ThreadID="816" /> <Channel>Directory Service</Channel> <Computer>SRV.seas.vn</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>DC=DomainDnsZones,DC=seas,DC=vn</Data> <Data>1</Data> <Data>1</Data> <Data>0</Data> <Data>0</Data> <Data>0</Data> <Data>180</Data> <Data>24</Data> </EventData> </Event> -------------------------------------------------------------- Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 12/15/2010 8:25:06 AM Event ID: 1864 Task Category: Replication Level: Error Keywords: Classic User: ANONYMOUS LOGON Computer: SRV.seas.vn Description: This is the replication status for the following directory partition on this directory server. Directory partition: CN=Schema,CN=Configuration,DC=seas,DC=vn This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals. More than 24 hours: 1 More than a week: 1 More than one month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 180 Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the directory servers by name, use the dcdiag.exe tool. You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>". Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" /> <EventID Qualifiers="49152">1864</EventID> <Version>0</Version> <Level>2</Level> <Task>5</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-12-15T01:25:06.756722400Z" /> <EventRecordID>2648</EventRecordID> <Correlation /> <Execution ProcessID="656" ThreadID="816" /> <Channel>Directory Service</Channel> <Computer>SRV.seas.vn</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>CN=Schema,CN=Configuration,DC=seas,DC=vn</Data> <Data>1</Data> <Data>1</Data> <Data>0</Data> <Data>0</Data> <Data>0</Data> <Data>180</Data> <Data>24</Data> </EventData> </Event> -------------------------------------------------------------- Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 12/15/2010 8:25:06 AM Event ID: 1864 Task Category: Replication Level: Error Keywords: Classic User: ANONYMOUS LOGON Computer: SRV.seas.vn Description: This is the replication status for the following directory partition on this directory server. Directory partition: CN=Configuration,DC=seas,DC=vn This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals. More than 24 hours: 1 More than a week: 1 More than one month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 180 Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the directory servers by name, use the dcdiag.exe tool. You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>". Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" /> <EventID Qualifiers="49152">1864</EventID> <Version>0</Version> <Level>2</Level> <Task>5</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-12-15T01:25:06.756722400Z" /> <EventRecordID>2647</EventRecordID> <Correlation /> <Execution ProcessID="656" ThreadID="816" /> <Channel>Directory Service</Channel> <Computer>SRV.seas.vn</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>CN=Configuration,DC=seas,DC=vn</Data> <Data>1</Data> <Data>1</Data> <Data>0</Data> <Data>0</Data> <Data>0</Data> <Data>180</Data> <Data>24</Data> </EventData> </Event> -------------------------------------------------------------- Log Name: Directory Service Source: Microsoft-Windows-ActiveDirectory_DomainService Date: 12/15/2010 8:25:06 AM Event ID: 1864 Task Category: Replication Level: Error Keywords: Classic User: ANONYMOUS LOGON Computer: SRV.seas.vn Description: This is the replication status for the following directory partition on this directory server. Directory partition: DC=seas,DC=vn This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals. More than 24 hours: 1 More than a week: 1 More than one month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 180 Directory servers that do not replicate in a timely manner may encounter errors. They may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the directory servers by name, use the dcdiag.exe tool. You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>". Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" /> <EventID Qualifiers="49152">1864</EventID> <Version>0</Version> <Level>2</Level> <Task>5</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2010-12-15T01:25:06.755722400Z" /> <EventRecordID>2646</EventRecordID> <Correlation /> <Execution ProcessID="656" ThreadID="816" /> <Channel>Directory Service</Channel> <Computer>SRV.seas.vn</Computer> <Security UserID="S-1-5-7" /> </System> <EventData> <Data>DC=seas,DC=vn</Data> <Data>1</Data> <Data>1</Data> <Data>0</Data> <Data>0</Data> <Data>0</Data> <Data>180</Data> <Data>24</Data> </EventData> </Event> --------------------------------------------------------------

I will suggest you to post this issue in active directory forum for prompt help, Also advise to see below info for same issues. http://social.technet.microsoft.com/Forums/en/winserverDS/thread/1d3db860-a2e7-4e30-b836-f03e7b1b154b This error can occur if the DC has been offline for more than 60 days, has not replicated with another DC for more than 60 days or if the time on your servers is not set correctly. This server has therefore passed the tombstone lifetime of 60 days and will need to be reinstalled Anil

yes, I've tried this command many times but it is not correct. Do you have another idea? repadmin /test:replication from clay68 I resolved the issue. if I run repadmin /test:replication , I could see the troubled domain controller. I should be good now, thanks everyone for your responses

You can refer below KB : http://support.microsoft.com/kb/296714 http://support.microsoft.com/kb/306091Dinesh S.

Thank you so much.. I already read it but it seems so complicated...anyway, I will try it carefully to avoid any trouble to Domain Controller

I did not see any regarding the explanation as below: Someone can help me, I really don't understand about this. I found no duplicate object..... "If there is no duplicate object found, try to move the object to a different site or organizational unit. Make note of where you move it to, because you may have to move it back later." Note You must first install the Windows 2000 Support Tools from the Support\Tools folder on the Windows 2000 CD-ROM. Ping the GUID-based DNS name (contained in the warning message) to obtain the IP address of the replication partner. For additional information about how to determine the GUID of a domain controller, click the following article number to view the article in the Microsoft Knowledge Base: 224544 (http://support.microsoft.com/kb/224544/EN-US/ ) Determining the Server GUID of a Domain Controller Use the Active Directory Administration tool (Ldp.exe), to connect to the IP address obtained in step 1. To do so: Click Start , point to Programs , point to Windows 2000 Support Tools , point to Tools , and then click Active Directory Administration Tool . On the Connection menu, click Connect . In the Server dialog box, type the IP address of the replication partner (obtained in step 1), and then click OK . On the Connection menu, click Bind . Type the credentials of an administrator account, and then click OK . On the Browse menu, click Search , and then click the Subtree option. In the Base Dn dialog box, type the name of the domain where you want to search for a specific Active Directory object (for example, CN=Configuration,dc=company,dc=com ). In the Filter dialog box, type the Relative Distinguished Name of the object in parentheses (for example, to filter for a computer object named DC2, type CN=DC2 ), and then click Run . The right pane of the window displays the different locations where the object is found. Note the object that you want to keep. To delete the unnecessary duplicate objects, click Delete on the Browse menu, and then type the distinguished name of the object that you want to delete. In the right pane of the Ldp window, make sure that the object has been deleted. For additional information about how to use the Active Directory Administration Tool, click the following article number to view the article in the Microsoft Knowledge Base: 278422 (http://support.microsoft.com/kb/278422/EN-US/ ) XADM: How to Use the Windows 2000 LDP Support Tool to View the BaseDN If there is no duplicate object found, try to move the object to a different site or organizational unit. Make note of where you move it to, because you may have to move it back later. Use the Repadmin.exe tool (located in Windows 2000 Support Tools) to synchronize the configuration and domain naming contexts. Use the following syntax (replace the domain components with your own): repadmin /sync CN=Configuration,DC=company ,DC=com <local domain controller name> <replication partner GUID> repadmin /sync DC=company ,DC=com <local domain controller name> <replication partner GUID> For additional information about how to use Repadmin.exe, click the following article number to view the article in the Microsoft Knowledge Base: 229896 (http://support.microsoft.com/kb/229896/EN-US/ ) Using Repadmin.exe to Troubleshoot Active Directory Replication After replication completes, the Directory Service event log should not show any new instances of event ID 1083 that are caused by duplicate objects. If you have to, move the object that you moved in step 3 back to its original location.