3.1.1.3.3.15 removeLingeringObject
This operation causes the DC to expunge a lingering object. A DC that was offline for longer than the value of the tombstone lifetime can contain objects that have been deleted on other DCs and for which tombstones no longer exist. The result is that when that DC is brought back online, any such objects can continue to exist in its NC replica even though the objects were improperly retained. Such objects are known as lingering objects.
Expunge is specified in section 3.1.1.1.6. Lingering object expunge can be performed on an object in a read-only NC. For more details on the lingering object expunge process, see IDL_DRSReplicaVerifyObjects and IDL_DRSGetObjectExistence in [MS-DRSR] sections 4.1.24 and 4.1.12.
The requester MUST have the "DS-Replication-Synchronize" control access right on the root of the NC replica that contains the lingering object.
The value specified for this operation contains (1) the DN of the DSA object of a DC holding a writable replica of the NC containing the lingering object, and (2) the DN of the lingering object. These are encoded in the value string as two DNs separated by a colon: "DSA Object DN:Lingering Object DN". Each DN specified is either an [RFC2253]-style DN or one of the alternative DN formats described in section 3.1.1.3.1.2.4. If the value is not in the specified format, the server rejects the request with the error operationsError / ERROR_DS_OBJ_NOT_FOUND.
The DC performing the modify request first verifies that the lingering object specified in the request does not exist on the DC specified in the request. If this verification fails for any reason, the request returns the error operationsError / ERROR_DS_GENERIC_ERROR. If the verification succeeds, the DC expunges the lingering object specified in the request and then returns success.
The following shows an LDIF sample that performs this operation. The sample requests that the lingering object whose DN is "CN=TestObject, CN=Users, DC=Fabrikam, DC=com" be removed, and specifies that the server whose nTDSDSA object is "CN=NTDS Settings,CN=TESTDC-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=com" be used to verify the nonexistence of the lingering object.
-
dn: changetype: modify replace: removeLingeringObject removeLingeringObject: CN=NTDS Settings, CN=TESTDC-01,CN=Servers,CN=Default-First-Site-Name, CN=Sites,CN=Configuration,DC=Fabrikam,DC=com:CN=TestObject, CN=Users, DC=Fabrikam, DC=com -