For more Information on Lingering Objects, Please read the following Post:
http://www.adshotgyan.com/2010/12/how-to-create-lingering-object-lab.html
Event ID 1988 proves the presence of Lingering Object in the domain
The description of the Event ID 1988 is quite descriptive. It gives the following Information
1. The GUID of the source domain controller from where the lingering objects are coming
2. The DN of the Lingering Object (This piece of information is helpful in determining the location of the lingering object with respect to the naming context - domain partition, configuration partition , global catalog)
The event also gives the command that needs to be run to remove lingering objects
Repadmin /RemoveLingeringObjects <Name of the Source DC> <GUID of the DC which do not have the Lingering Objects>
Name of the Source DC: The Event ID 1988 mentions the GUID of the source DC. From this GUID, we need to get the name of that DC
GUID of the DC which do not have the Lingering Objects: DC on which we are getting Event ID 1988
is the one on which we do not have the Lingering Objects.
Remember this, There is no "Bad" domain controller or "Good" domain controller. There is domain controller which has lingering objects and domain controller which do not have lingering objects. The presence of lingering objects does not makes a domain controller "Bad"
Ping the GUID which is mentioned in the Event 1988. This is the GUID of the domain controller which has Lingering Objects. By pinging the GUID, we will get the name of the domain controller having lingering objects
Now we need to get the GUID of the domain controller which does not have lingering objects. The domain controller on which we get 1988 is the one which does not have lingering objects. We can get the GUID of this domain controller from DNS
As stated earlier, the Event ID 1988 contains the DN of the lingering object which can help us to identify the naming context (partition) in which we have the lingering objects
The same command can be run with "Advisory Mode" and without "Advisory Mode"
With "Advisory Mode": This only shows the number and name of the Lingering Objects in the form of Events in the Event Viewer. This does NOT removes the Lingering Objects
Without "Advisory Mode": This actually removes the Lingering Objects
Run the command on the domain controller on which you are getting the Evet 1988
Events getting generated after running the command with the "Advisory Mode"
Running the actual command without "Advisory Mode"
Events showing that the Removal of Lingering Objects has begun
Event stating that the Lingering Object has been Removed
Users on DC2 which were present in AD as Lingering Objects are now removed from the Active Directory
