There are certain windows cmdlets and utilities which we can use for replication issues troubleshooting purpose. Among those, Repadmin.exe is most commonly used Microsoft utility. This is available in servers which have AD DS or AD LDS role installed. It is also part of Remote Server Administration Tools (RSAT). This utility recommended to run as Domain Administrator or Enterprise Administrator. However, it is also possible to delegate permission only to review and manage replication.
Let’s see it’s in action
repadmin /replsummary /bydest
above command summarizes the replication status for all domain controllers based on the replication destination. This parameter does not display the source domain controller.
repadmin /replsummary /bysrc
above command summarizes the replication status for all domain controllers based on the replication source. This parameter does not display the destination domain controller.
repadmin /showrepl REBEL-SRV01.therebeladmin.com
above command shows the replication partners for REBEL-SRV01.therebeladmin.com and the status of last sync attempt.
repadmin /showrepl /errorsonly
above command will list down the replication partners which have replication errors (last sync attempt failed)
we also can view results in CSV format.
repadmin /showrepl /csv
repadmin /syncall REBEL-SRV01 dc=therebeladmin,dc=com
above command initiates domain directory partition synchronization with all replication partners of REBEL-SRV01.
It will also indicate if there were any issues by doing it.
repadmin /queue
above command shows if there are any unprocessed inbound replications requests. If system keep que requests it can be due to high number of AD changes, System resource issue or too many replication partners.
repadmin /showchanges REBELNET-PDC01 d3f89917-5fff-40a8-scc2-b148b60d9309 dc=therebeladmin,dc=com
above command list down the changes which are not replicated between server REBELNET-PDC01 and REBEL-SRV01. In here REBEL-SRV01 is the source server and it is listed with object GUID.
repadmin /replicate REBEL-SRV01 REBELNET-PDC01 dc=therebeladmin,dc=com
above command initiate immediate directory partition replication from REBELNET-PDC01 to REBEL-SRV01.
Apart from the repadmin, there are certain PowerShell cmdlets which we can use to troubleshoot replication issues. Get-ADReplicationFailure cmdlet is one of those which can collect data about replication failures.
Get-ADReplicationFailure -Target REBEL-SRV01
Above command will collect information about replication failures associated with REBEL-SRV01.
This also can do with multiple servers.
Get-ADReplicationFailure -Target REBEL-SRV01,REBELNET-PDC01
Further we can target all the domain controllers in the domain.
Get-ADReplicationFailure -Target "therebeladmin.com" -Scope Domain
Or even entire forest
Get-ADReplicationFailure -Target " therebeladmin.com" -Scope Forest
Get-ADReplicationConnection cmdlet can list down replication partner details for the given domain controller.
Get-ADReplicationConnection -Filter *
Above command will list down all replication connection for the domain controller you logged in.
We also can filter the replication connections based on the attributes.
Get-ADReplicationConnection -Filter {ReplicateToDirectoryServer -eq "REBEL-SRV01"}
Above command will list down the replication connections with destination server as REBEL-SRV01.
We also can force sync object between domain controllers.
Sync-ADObject -object “adam” -source REBEL-SRV01 -destination REBELNET-PDC01
Above command will sync user object adam from REBEL-SRV01 to REBELNET-PDC01
This marks the end of this blog post. Hope this was useful. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.
