Check Server Replication Status in Active Directory
Active Directory replication is often misunderstood and it can be difficult to troubleshoot. Let’s take a deep dive into how to check server replication status in Active Directory and see how this can be done.
Table of contents
- What is Microsoft Active Directory Replication?
- Why Active Directory Replication is important
- What tools are available to check Active Directory replication?
- DCdiag
- Repadmin
- Repadmin Examples
- AD Sites, Subnets, and Links with DSSITE.msc and PowerShell
- Check the inbound replication requests that are queued
- Synchronize replication
- Show replication partner and status
- How do I fix Active Directory replication?
- Force the KCC to recalculate the topology
- Show only Replication Errors
- Understanding AD Replication Changes using USNs
- How USNs and DC Replication Work
- Monitoring USN Changes with Repadmin
- Wrapping up
What is Microsoft Active Directory Replication?
Active Directory replication is the underlying service that keeps everything in Active Directory updated between domain controllers. The domain controllers (DCs) store the directory partition and any changes to this is synchronized between them.
These changes will be synchronized between all DCs in the forest. Replication partners are configured that exchange information between them.
Why Active Directory Replication is important
It is arguably one of the most important processes, due to the following reasons, among others.
It keeps things consistent across your domain controllers in the AD environment and makes sure the integrity of everything is good
The multi-master mode in which it operates means that it helps you to have resiliency in the environment and means multiple DCs can handle authentication requests. If one fails the others can continue doing what they do
Changes on one DC are copied between the other DCs to make sure everything is up-to-date
What tools are available to check Active Directory replication?
There are several tools that you can use from the command line and from a PowerShell prompt:
Dcdiag: Checks health of domain controllers, including replication status.
Repadmin: monitors and troubleshoots AD replication.
PowerShell: It can be used to check replication status, force replication, and manage replication partners.
DCdiag
Dcdiag can analyze the health of your domain controllers and a specified domain controller, and this can involved and include checking AD replication status. To use Dcdiag, follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
dcdiag /s:SPECIFIED_DC /e /test:replications
You will need to replace it with the DC in your environment.
Repadmin
Repadmin is another command-line tool for checking replication, managing replication partners, and it can be used in diagnosing replication errors, and issues among other things.
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /showrepl(This command displays the inbound replication topology for all domain controllers in the specified domain.)
Repadmin Examples
Here are some examples of Repadmin commands:
Show the replication partners for a specific domain controller:
repadmin /showreps SPECIFIC_DC Check the replication status between two domain controllers:
repadmin /showrepl SOURCE_DC DESTINATION_DC Force immediate replication between two domain controllers:
repadmin /syncall SOURCE_DC DESTINATION_DC AD Sites, Subnets, and Links with DSSITE.msc and PowerShell
You can visually view your Active Directory Replication objects and configuration using the Active Directory Sites and Services snap-in.
To manage and monitor these components using PowerShell, you can use the following commands:
Get a list of all Active Directory sites:
Get-ADReplicationSite -Filter *Get a list of all Active Directory subnets:
Get-ADReplicationSubnet -FilterGet a list of all Active Directory site links:
Get-ADReplicationSiteLink -Filter
Check the inbound replication requests that are queued
The replication queue can be checked and make sure it is working like it needs to using the Repadmin tool. To do this, follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /queue SPECIFIC_DC(Replace “SPECIFIC_DC” with the name or IP address of the domain controller you want to check.)
Review the output for any queued replication requests.
Synchronize replication
To synchronize replication between replication partners, you can use the Repadmin tool. Follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /syncall SPECIFIC_DC /AdePqReview the output for any errors or issues.
Show replication partner and status
Use the Repadmin tool to show the repl status. Follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /showreps SPECIFIC_DCReview the output to see the replication partners and their status.
How do I fix Active Directory replication?
You first have to identify what caused the issue. There are many ways to fix Active Directory replication issues.
Some common steps to fix replication issues include:
Reviewing the replication status using Repadmin or Dcdiag and identifying any errors.
Verifying the network connectivity between domain controllers.
Ensuring domain controllers are properly configured and their DNS settings are correct.
Checking the replication topology using Repadmin and correcting any issues with site links or replication partners.
Forcing immediate replication between domain controllers using the Repadmin tool, as explained in the “Synchronize replication between replication partners” section.
Force the KCC to recalculate the topology
The Knowledge Consistency Checker (KCC) is responsible for calculating the replication topology in Active Directory. To force the KCC to recalculate the topology, follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /kcc SPECIFIC_DC(Replace “SPECIFIC_DC” with the name or IP address of the domain controller you want to force the KCC to recalculate.)
Review the output for any errors or issues.
Show only Replication Errors
To show only replication errors using Repadmin, follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /showrepl /errorsonlyReview the output for any replication errors.
How to Force Active Directory Replication
You can use the Repadmin tool to force Active Directory replication by following the steps mentioned in the “Synchronize replication between replication partners” section.
Understanding AD Replication Changes using USNs
Update Sequence Numbers (USNs) are unique identifiers assigned to each change made in Active Directory. USNs track replication changes and ensure all domain controllers have the most up-to-date information. When a change is made to an object in the directory, its USN is incremented, and this information is then replicated to other domain controllers. Understanding how USNs work can help you monitor and troubleshoot AD replication.
How USNs and DC Replication Work
When a change is made to an object in the directory, its USN is incremented. This change and the updated USN are then replicated to other domain controllers. Domain controllers use the USNs to determine if they have the latest changes or need to request updates from their replication partners. By comparing USNs, domain controllers can identify any missing changes and synchronize their data.
Monitoring USN Changes with Repadmin
You can monitor USN changes using the Repadmin tool. To do this, follow these steps:
Open the Command Prompt with administrative privileges.
Type the following command and press Enter:
repadmin /showutdvec SPECIFIC_DC(Replace “SPECIFIC_DC” with the name or IP address of the domain controller you want to check.)
Review the output for any discrepancies in USNs between domain controllers.
Wrapping up
Monitoring and maintaining Active Directory replication is an important part of administering and managing Microsoft Active Directory. For consistency and availability of data across domain controllers it is an important part in your AD environment. Keep in mind you can use tools like Dcdiag, Repadmin, and PowerShell and these can help check replication status, diagnose errors, and manage replication partners.
