Replication after tombstone life expired

Replication After Tombstone Life Expired

As I was preparing for Exchange migration from 2010 to 2013 I had two DCs, one of those two DCs was off for about 8 months and has already passed the default tomb stone life so it was not authorized for replication in the forest.

Whenever I try to replicate the server I get the following error


Active Directory Sites and Services Error

“The following error occurred during the attempt to syncronize naming context CN=Configuration,DC=Domain,DC=Local from Domain Controller AD to Domain Controller AD2; The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. This operation will not continue.”

My FSMO roles holder and PDC is the demotesas.local domain so on this DC I will run the following command

W32tm /config /,0x1 /syncfromflags:manual /reliable:yes /update


And this

w32time & net start w32time & W32tm /resync /rediscover


On the additional DC

w32tm /config /syncfromflags:domhier /update

w32time & net start w32time & W32tm /resync /rediscover

Force Replication

If the above doesn’t work then I will go ahead and force replication to the tomb stoned DC by using the following command.

repadmin /regkey * +allowDivergent


Now we’ll replicate and see what happens


Problem solved



23 thoughts on “Replication after tombstone life expired”

  1. Thank you for taking the time to post this information. This quickly and easily resolved our replication issues without having to demote a server!

  2. for two days I had the problem of replication and they did not have a single solution …….. you saved my life, thank you very much

    1. Glad it worked for you 🙂 I usually have these kind of issues and prefer to troubleshoot than demote or delete.

  3. When you force replication using repadmin /regkey * +allowDivergent do you do this on the domain controller that cannot be replicated to or the one you are trying to replicate from?

  4. You’re the bomb! Thank you! After days of reading through other sites that seemed to over-complicate everything, your AWESOME article came into my life! 🙂

    1. Hi Key, I am very glad this has helped you! If you in anytime had any difficulties please don’t hesitate to contact me directly.

  5. dear expert, im very newbie for this. any posibility this step will interupt the other DS? coz my system use for DCS System it should not be interupt the DCS (Digital Control System)

  6. Super helpful, one of the best documents on the problem, you won’t believe how much time i spent looking for this solution and you managed to help me fix it in like 3 minutes!

  7. I dont no who you are.. anyway you save my life
    i was struggle with this almost three weeks

    Thank you very very much for sharing your knowledge with us.
    God bless you..

  8. Hello,

    Facing DFS replication on additional domain controller after it was turned off for 2 weeks. It has not exceeded tombstone period.

    Tried demoting and promoting ADC but yet we are not seeing shared netlogon sysvol on ADC.

    In event viewer we see messages DFS will not replicate till on ADC stale data is cleared-reason it is not replicated for more than 60days.

    Also tried to install windows freshly and joined to existing domain still it is same problem for DFS replication for netlogon and sysvol shared folders.

    Other replication between both domains is success. Please advise how to fix this issue.

  9. Hi Mohammed Hamada,

    Wherever you are in the world, I pray that God will bless you with increase in any aspect of your life.

    You are truly a lifesaver.

    Thank You very much!

Leave a Reply

Your email address will not be published. Required fields are marked *