How to force replication of Domain Controllers

Posted onAuthorHeelpBook1 Comment


To totally unlock this section you need to Log-in


Login
Here is a handy tip on how to force replication of Windows 2008 Domain Controllers using Repadmin. There is a GUI and a command line.

From time to time its necessary to kick off AD replication to speed up a task you may be doing, or just a good too to check the status of replication between DC’s. Below is a command to replicate from a specified DC to all other DC’s.

Repadmin /syncall DC_name /APed
How to force replication of Domain Controllers

How to force replication of Domain Controllers

By running a repadmin /syncall with the /A(ll partitions) P(ush) e(nterprise, cross sites) d(istinguished names) parameters, you have duplicated exactly what Replmon used to do in Windows 2003, except that you did it in one step, not many.And with the benefit of seeing immediate results on how the operations are proceeding.

If I am running it on the DC itself, I don’t even have to specify the server name.

Reporting

If you need a simple report of the sync occured using repadmin you could use the following command:

Repadmin /replsummary *
How to force replication of Domain Controllers

How to force replication of Domain Controllers

In the image above several DCs have been taken offline. Repadmin shows the correct error of 58 – that the other DCs are not available and cannot tell you their status.

You can also use more verbose commands with Repadmin to see details about which DCs are or are not replicating:

Repadmin /showrepl *
How to force replication of Domain Controllers

How to force replication of Domain Controllers

@echo off



echo. 


echo Gathering Report for DCLIST = %1 


echo. 



Echo Report for DCLIST = %1 > replreport.txt


echo. >> replreport.txt 


echo. >> replreport.txt


echo Gathering Verbose Replication and Connections 


echo Verbose Replication and Connections >> replreport.txt echo. >> replreport.txt 


repadmin /showrepl %1 /all >> replreport.txt 


echo. >> replreport.txt



echo Gathering Bridgeheads 


echo Bridgeheads >> replreport.txt 


echo. >> replreport.txt 


repadmin /bridgeheads %1 /verbose >> replreport.txt 


echo. >> replreport.txt



echo Gathering ISTG 


echo ISTG >> replreport.txt 


echo. >> replreport.txt 


repadmin /istg %1 >> replreport.txt 


echo. >> replreport.txt



echo Gathering DRS Calls 


echo Outbound DRS Calls >> replreport.txt 


echo. >> replreport.txt 


repadmin /showoutcalls %1 >> replreport.txt 


echo. >> replreport.txt



echo Gathering Queue 


echo Queue >> replreport.txt 


echo. >> replreport.txt 


repadmin /queue %1 >> replreport.txt 


echo. >> replreport.txt



echo Gathering KCC Failures 


echo KCC Failures >> replreport.txt 


echo. >> replreport.txt 


repadmin /failcache %1 >> replreport.txt 


echo. >> replreport.txt



echo Gathering Trusts 


echo Trusts >> replreport.txt 


echo. >> replreport.txt 


repadmin /showtrust %1 >> replreport.txt 


echo. >> replreport.txt



echo Gathering Replication Flags 


echo Replication Flags >> replreport.txt 


echo. >> replreport.txt 


repadmin /bind %1 >> replreport.txt 


echo. >> replreport.txt



echo Done.

Copy and paste into notepad, save as a CMD file and run it with a server name, a partial server name with wildcards, or an asterisk. It supports whatever Repadmin supports.

So to get data from one server, like with Replmon:

Replreport.cmd server1

Or to get data from all DC’s (which Replmon cannot do):

Replreport.cmd *

Or to get data from all servers that have names starting with “SANFRAN“:

Replreport.cmd sanfran*

It will output to a text file called replreport.txt. Anything Repadmin can do, you can do in this batch file.

Need to see all the help?

Basic help - Repadmin /?

Help on selecting DCs - Repadmin /listhelp

Advanced command help - Repadmin /experthelp

Help and examples for every parameter - Repadmin /?:Your specific parameter here

Repadmin can do even more for monitoring. Such as:

Tell you the last time your DCs were backed up, by reading the DSASignature attribute from all servers:

Repadmin /showbackup *

How to force replication of Domain Controllers

How to force replication of Domain Controllers

Or output all replication summary information from all DCs to a CSV format that you can open in a spreadsheet or database. Here an example from several DCs back online and replicated any pending changes. Then you get a replication report:

Repadmin /showrepl * /csv

Or you can see what your replication backlog is currently in the queue, like here:

Repadmin /queue *
How to force replication of Domain Controllers

How to force replication of Domain Controllers

Or you can see which changes have not yet replicated from a server, as well as what changes have replicated since the last time the command was run, with /showchanges:

repadmin /showchanges destination_DC source_DSA_GUID domain_DN


(69) add CN=Ned Pyle,CN=Users,DC=adatum,DC=com 


1> parentGUID: a90a9633-2682-4896-be86-21220cf24f0c 


1> objectGUID: e8f0e0a2-69aa-4e4e-9f74-3db79ad6f3b7 


4> objectClass: top; person; organizationalPerson; user 


1> sn: Pyle 


1> givenName: Caio


1> instanceType: 0x4 = ( WRITE ) 


1> whenCreated: 6/21/2009 9:05:32 AM Pacific Daylight Time 


1> displayName: Caio Tizio 


1> nTSecurityDescriptor: O:DAG:DAD:AI 


1> name: Caio Tizio 


1> userAccountControl: 0x10200 = ( NORMAL_ACCOUNT | DONT_EXPIRE_PASSWD ) 


1> codePage: 0 


1> countryCode: 0 


1> pwdLastSet: 6/21/2009 9:05:32 AM Pacific Daylight Time 


1> primaryGroupID: 513 = ( GROUP_RID_USERS ) 


1> objectSid: S-1-5-21-3776065869-1984782319-1196103478-1107 


1> accountExpires: (never) 


1> sAMAccountName: nedpyle 


1> sAMAccountType: 805306368 = ( NORMAL_USER_ACCOUNT ) 


1> userPrincipalName: [email protected] 


1> objectCategory: ;CN=Person,CN=Schema,CN=Configuration,DC=adatum,DC=com

Causes of Active Directory replication issues

  • Network connectivity: The network connection might be unavailable or network settings are not configured properly.

  • Name resolution: incorrect DNS configurations are a common cause for replication failures.

  • Authentication and authorization: Authentication and authorization problems cause "Access denied" errors when a domain controller tries to connect to its replication partner.

  • Directory database (store): The directory database might not be able to process transactions fast enough to keep up with replication timeouts.

  • Replication engine: If inter-site replication schedules are too short, replication queues might be too large to process in the time that is required by the outbound replication schedule. In this case, replication of some changes can be stalled indefinitely — potentially, long enough to exceed the tombstone lifetime.

  • Replication topology: Domain controllers must have inter-site links in Active Directory that map to real wide area network (WAN) or virtual private network (VPN) connections. If you create objects in Active Directory for the replication topology that are not supported by the actual site topology of your network, replication that requires the misconfigured topology fails.

  • Time synchronization: If domain controllers' time doesn't synchronize, the File Replication may fail.

    • Go to source!

    Language
    English

    1 thought on “How to force replication of Domain Controllers”

    Comments are closed.