Replication Collisions in Windows 2000 (218614)

MORE INFORMATION

Two objects in the Active Directory with the same RDN cannot exist in the same container. For example, the following example is allowed: However, two objects that both have the RDN "CN=James Smith" cannot exist in the same container, as in the following example: In the event that an object was created on two or more different domain controllers with the same RDN and in the same container before replication has occurred, a collision will occur when the domain controllers replicate changes. For example, two different administrators both create the "James Smith" user in the "Users" container using the Directory Management administrative tool. In a multi-master environment, each domain controller can create objects in its local database without querying other domain controllers. Each tool is focused on a specific domain controller and each is permitted to create the object.

When replication occurs, the object with the latest time stamp (the object that was created last) is kept and the older object is renamed. This requires administrator intervention to determine which object should be kept. As replication occurs to other domain controllers, the name change of the older object is replicated to other domain controllers. The administrator can choose to delete the object whose name has not been changed and rename the original object if that object is determined to be the correct one. Because each object is identified by a Globally Unique Identifier (GUID), the object deletion is safely replicated to other domain controllers even though the RDN was the same.

Using the Search.vbs Script

Search.vbs is a Microsoft Visual Basic script that is included in the Support\Tools\Support.cab file on the Windows 2000 retail CD-ROM. This script can be used to perform an LDAP search against the Active Directory and either display the results or output them to a text file.

To determine if there are any objects in the Active Directory that have resulted from a replication collision, use the following query. From a command prompt, type replacing YourServerName, mydomain, and com with the correct names.

The query filter used here (identified by the /C: parameter) begins with a wildcard, followed by a linefeed character (expressed in LDAP format by an escape sequence), and "CNF:", which together denote an object collision. This is followed by another wildcard character because the GUID of the objects to be returned are not known. In simpler terms, the filter looks for any objects that have a CN that begins with any text, includes the characters to denote an object collision, and suffixed by any text.

The output display how many objects were found and presents the value for the "distinguishedName" attribute for each object found as in the following example: If no collisions are found, the following output is displayed: