Active Directory (AD) replication allows changes to be synchronized among domain controllers in a forest. The replication of AD data is a crucial AD service. Users may face authentication difficulties and issues when accessing domain resources if AD replication fails. A regulatory verification of replication between AD domain controllers must be performed by the AD domain administrator.
To diagnose AD replication, you can utilize a variety of tools. We’ll teach you how to use the repadmin tool, PowerShell, and the graphical Active Directory Replication Status Tool to verify the replication status in this article (ADREPLSTATUS).
Using Repadmin to Check AD Replication
When ADDS is installed, the repadmin.exe tool is installed by default on an AD domain controller and promotes the server to a domain controller. The Remote Server Administration Tools (RSAT) pack is required for installing repadmin on a Windows 10 desktop.
Connect to DC, then type the following command at the command prompt:
repadmin /showreplThis command will display the replication partners and the last replication time for this domain controller (Last attempt @ 2021-04-30 05:53:09 was successful.).
To quickly check the status of replication on a specific domain controller, run the command:
repadmin /replsummary DC1
Note that if the delta for one of the DCs is greater than 60 days, the domain controller should not be brought back up and must be manually removed from the domain using the ntdsutil utility.
To test replication across all DCs in a domain, do the following:
repadmin /replsummary wildcardTo require all replication partners to synchronise with a given controller:
Repadmin /syncall dc1
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors
Alternatively, you can use the Active Directory Sites and Services graphical snap-in (dssite.msc) to force the DC replication. Expand Sites > SiteName > Servers > DCname > NTDS Settings > right-click the connection and select Replicate now.
Using PowerShell to Diagnose AD Replication
Separate PowerShell cmdlets for diagnosing replication have been added to Windows Server 2012. The cmdlets are part of the Active Directory PowerShell module.
To check the AD replication state for all or a specific domain controller, use the Get-ADReplicationFailure cmdlet:
Get-ADReplicationFailure dc1
No replication errors found for this DC (FailureCount : 0).
You can check the replication status for all domain controllers in a specific AD site:
Get-ADReplicationFailure -scope SITE -target Toronto | Format-Table Server, FirstFailureTime, FailureClount, LastError, PartnerTo check the current replication queue on a DC, use:
Get-ADReplicationQueueOperationIf you need to replicate an AD to all the domain controllers in the Active Directory forest:
Get-ADDomainController -filter * | ForEach {Sync-ADObject -object "CN=John Brion, OU=Users, OU=Toronto, DC=solutionviews, DC=com" -source dc01 -destination $_.hostname}Get the replication partners for the specific DC:
Get-ADReplicationPartnerMetadata -Target DC1.solutionviews.comThe Active Directory Replication Status Tool (ADREPLSTATUS)
For diagnosing replication in an Active Directory forest, Microsoft has developed a new graphical tool called ADREPLSTATUS.
The Active Directory Replication Status Tool (adreplstatusinstaller.msi) can be downloaded and installed from the following site.
Run the tool by clicking the “AD Replication Status Tool 1.0” icon on the desktop. Select the domain or forest in which you want to test replication and click the Refresh Replication Status button.
The utility will check the status of replication and display any errors found.
“Errors only” mode allows domain admins to focus only on DCs replication failures
Detailed information about the replication status can be checked on the Replication Status Viewer tab.
