| Event Id | 1864 |
| Source | NTDS Replication |
| Description | This is the replication status for the following directory partition on the
local domain controller. Directory partition: DC=NTD,DC=LOCAL The local domain controller has not recently received replication information from a number of domain controllers. The count of domain controllers is shown, divided into the following intervals. More than 24 hours: 2 More than a week: 2 More than one month: 0 More than two months: 0 More than a tombstone lifetime: 0 Tombstone lifetime (days): 60 Domain controllers that do not replicate in a timely manner may encounter errors. It may miss password changes and be unable to authenticate. A DC that has not replicated in a tombstone lifetime may have missed the deletion of some objects, and may be automatically blocked from future replication until it is reconciled. To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>". |
| Event Information | On domain controllers that are running Windows Server 2003, the up-to-dateness vector includes a timestamp that represents the last time the local (destination) domain controller has completed a full replication cycle with the source domain controller. The replication cycle may have occurred directly (direct replication partner) or indirectly (transitive replication partner). The timestamp is recorded whether or not the local domain controller actually received any changes from the partner.
By examining the timestamps, a domain controller can quickly identify other domain controllers that are not replicating. Warning messages are posted to the event log on each domain controller when non-replicating partners are discovered (Event ID 1864 in the Directory Service event log). Following Microsoft article may help you to solve this issue. |
| Reference Links | How
the Active Directory Replication Model Works Some firewalls may reject network traffic that originates from Windows Server 2003 Service Pack 1-based computers How to remove data in Active Directory after an unsuccessful domain controller demotion |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.