Lingering Object Liquidator (LoL)

Lingering Object Liquidator automates the discovery and removal of lingering objects from an Active Directory Domain Services forest. The tool uses the DRSReplicaVerifyObjects method used by repadmin /removelingeringobjects and repldiag combined with the removeLingeringObject rootDSE primitive used by LDP.EXE.
Lingering Object Liquidator features include:
• Discovery and removal of lingering objects in a single user interface
• Leverages the DRSReplicaVerifyObjects method in Advisory Mode
• Can target all DCs and all Partitions in a forest
• Displays all lingering objects in a single window
• Export the list of lingering objects to a CSV for offline analysis (or modification for import)
• Supports import and removal of objects from CSV import (leverage for objects not discoverable using DRSReplicaVerifyObjects)

For more information about lingering objects, see the ASKDS blog post Remove Lingering Objects that cause AD Replication error 8606 and friends.
For guidance on using Lingering Object Liquidator see ASKDS Blog post: Introducing Lingering Object Liquidator v2.

Supported Operating Systems

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016

1. Install .NET 4.5.2 or later on the member workstation, member server or domain controller that will execute Lingering Object Liquidator.
2. Install Lingering Object Liquidator on the same computer.
3. Permissions: The user account running the tool must have Domain Admin credentials for each domain in the forest targeted by Lingering Object Liquidator. Members of the Enterprise Admins group have domain admin credentials in all domains within a forest by default. Domain Admin credentials are sufficient in a single domain or single domain forest.
4. The admin workstation must have full port and protocol connectivity to all DCs in all domains targeted for the discovery and removal of lingering objects. Specific ports include DNS, Kerberos, RPC, LDAP and the ephemeral port range in use by the targeted DC. While pre-Windows Server 2008 DCs use the “low” ephemeral port range between 1024 and 5000, such DCs are not compatible with Lingering Object Liquidator so those ports don't need to be considered. Post-Windows Server 2003 DCs use the “high” ephemeral port range between 49152 to 65535 so the tool will need connectivity over that range. See TechNet for more detail.
5. You must enable the Remote Event Log Management (RPC) firewall rule on each DC that will be scanned by the tool. Otherwise, Lingering Object Liquidator displays an error stating, “Exception: The RPC server is unavailable”
6. The liquidation of lingering objects in AD Lightweight Directory Services (AD LDS / ADAM) environments is not supported.
7. The liquidation of lingering objects using this tool is not supported on domain controllers running Windows Server 2003 R2 or earlier (the tool leverages the event log subscription feature which wasn’t added until Windows Server 2008).

1. Download and then double click the file to begin the installation
2. Double-click the Lingering Object Liquidator shortcut on the desktop to begin using the application
3. See the link provided in the tool for detailed usage instructions or the blog post reference below

Support: While this tool has been thoroughly tested in many environments, it is provided to you as-is: There will be no official Microsoft support provided.
For questions or feedback on the tool:
Add a comment to this blog post, or submit an idea to our UserVoice Feedback page--ensure you code the idea using the "Lingering Object Liquidator" category.

Access the Troubleshooting Active Directory Lingering Objects TechNet Virtual Lab if you would like practice using this tool in a lab environment containing lingering objects.