Use case description:
|Use case||Indicators page error / RMQ Eridanis queue obturation|
| Nature||How to|
| Component impacted||Ceti, Cygni|
| Version impacted||2.X.X|
| Solution offered||Modus operandi|
| Resources||This article|
When an Active Directory object is deleted, like a GPO, a small part of the object stays in the deleted objects container for a specified time. And this deleted GPO may continue to be the reason for an IoE.
The deleted object in the "Deleted object" container are tricky to destroy. They are locked and wait for the "Garbage collector" (with the "TombstoneLifetime" value) has automatically processed the delete job.Modus operandi:
You can force the "Deleted object" container purge:
Warning! After these actions, every object from the "Deleted Object" container will be destroyed!
1. Change the "TombstoneLifetime" value by "2" (with "adexplorer" tool for example). "TombstoneLifetime" value are located to "CN=Directory Service, CN=Windows NT, CN=Services,CN=Configuration,DC=mydomain,DC=com". By putting this value to "2", you need to wait 12 hours for the automatic purge of the "Deleted object" container.
But we can save some time with "ldp.exe".
2. With "ldp.exe" tool :
- When you click Browse on the Modify menu, leave the Distinguished name box empty,
- In the Edit Entry Attribute box, type “DoGarbageCollection” (without the quotation marks),
- In the Values box, type “1” (without the quotation marks),
- Set the Operation value set to Add and click the Enter button, and then click Run (this will take effect immediately!).
3. Reset the "tombstoneLifetime" value (180).
Once this AD deletion is done, you will have to wait 24 hours to have the information up to date in the Alsid database.