NTDS General error 1173
If you’re getting this error in the event log “NTDS General error 1173” on domain controllers followed by Internal event: Active Directory has encountered the following exception and associated parameters.
You are probably having replication issues, here’s what you should do:
Run the following repadmin command on the primary domain controller (PDC) to create a .csv file that contains the list of destination domain controllers:
repadmin /showrepl * /csv >showrepl.csv
Open the .csv file in Microsoft Excel, and then identify replication failures on destination domain controllers that have failed the incoming replication process and that display Win32 error 8451.
On the domain controllers that log the “Win32 error 8451” error message, make sure that diagnostic logging for the 5 Replication Events registry entry is set to a value of 1. To do this, follow these steps:
Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate and then click the following registry key:
In the details pane, double-click 5 Replication Events, type 1 in the Value data box, and then click OK.
Close Registry Editor.
On the destination domain controllers, verify that Directory Service event 1692 is logged in the Directory Service log. The event displays changes to the â€œmemberâ€ attribute of the security group or to other LVR-replicated attributes and to the lingering object GUIDs.
Remove the lingering objects from the Windows Server 2008-based or Windows Server 2003-based destination domain controllers by using the repadmin /removelingeringobjects command.
For more information about the Repadmin /removelingeringobjects command, click the following article number to view the article in the Microsoft Knowledge Base:
Disabling strict replication consistency functionality in the registry of Windows Server 2008-based or Windows Server 2003-based destination domain controllers does not resume replication. You must not set the value of the Strict Replication Consistency registry entry to 0 to unblock replication of directory partitions.
Do not force replication of directory partitions on source domain controllers by using the repadmin /sync command or an equivalent command together with the /force switch.