AD replication

Question

Good day,
the customer uses two OS 2008R2 servers as AD servers. On Thursday, April 21, 2022, the electricity went out and the servers were without voltage all night. Unfortunately, in the morning, one dl165 server started with the wrong date in 2010. The other dl320 server started correctly. We corrected the time to dl165, performed a reset, everything seemed fine.

Sorry, we detected a sync error yesterday.
repadmin / showrepl running on dl165 is OK.
repadmin / showrepl run on dl320 server writes error:
DSA Agent Object GUID: 5d181307-6728-400c-842b-5fae96c66
fca
The last attempt at 2022-04-25 16:16:12 failed. Result: 8614 (0x21a6):
The directory service cannot replicate with this server because
the time since the last replication exceeded the time for which the object is marked as invalid. - translate from czech language.

The same problem occurs with manual replication - active directory sites and services - dl360 - NTDS setting - from server dl165 - error

NTDS Replication Event 2042 may be logged in the Directory Service on server dl320.

Event 2042 describes the parameter setting option:
Registry key:
HKLM \ System \ CurrentControlSet \ Services \ NTDS \ Parameters \ Allow Replication With Divergent and Corrupt Partner

Is this safe and will it unlock the timestamp that is in sync from dl165 to dl 320? Can't there be a violation, overwriting, inaccessibility of AD on the DL320, which has a PDC and thus unavailability of AD?

Thanks for the advice on ideas.
Radek Rysan

Answer 1

You can work through this one.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/active-directory-replication-event-id-2042

--please don't forget to upvote and Accept as answer if the reply is helpful--