Lingering objects in Active Directory are a pest, and require a lot of work to properly dispose of them. Luckily, there’s repldiag.exe, part of Active Directory Utils. This particular tool resolves lingering objects by automating the required procedure and set of commands to run to clean up lingering objects.
In normal circumstances, you would have to look up and run various commands to completely clean out the AD database on each DC. Using repldiag.exe does the hard work for you by looking up the DC’s and running the clean up on each DC, cross-referencing with the other DC’s, and it does so by using the built-in commands and API’s (such as those used by repladmin and other commands).
How to do it?
Download repldiag.exe (available separately) for free from their home page: http://activedirectoryutils.codeplex.com/, and place it on a DC to which you have access to. Note that you need to be domain admin in order to run this tool.
Open a command prompt and run the tool as so:
The tool will start with information gathering, and subsequently check each of the DC for lingering objects. If it finds any, it’ll clean the out.
Because the tool merely automates the procedure, and it’s using built-in Windows commands in order to do so, logging will be available in the Directory Service Event log on each cleaned DC. There’s no centralized logging, so in order to find out where lingering objects were found and deleted, you need to check the event log on each DC.