Active Directory (AD) replication provides synchronization of changes between domain controllers in the forest. AD replication is a critical AD service. When AD replication fails, users may experience authentication failures and issues when accessing domain resources. The AD domain administrator must perform a regulatory check status of replication between AD domain controllers.
You can use different tools to diagnose AD replication. In this article, we’ll show you how to check the replication status using the repadmin tool, PowerShell, and the graphical Active Directory Replication Status Tool (ADREPLSTATUS).
Checking AD Replication Using Repadmin
The repadmin.exe utility is installed by default on an AD domain controller when ADDS is installed and promotes the server to a domain controller. If you want to install repadmin on a Windows 10 desktop, you need to install the Remote Server Administration Tools (RSAT) pack.
Connect to DC, open the command prompt, and run the command:
repadmin /showrepl
This command will display the replication partners and the last replication time for this domain controller (Last attempt @ 2021-04-30 05:53:09 was successful.).
To quickly check the status of replication on a specific domain controller, run the command:
repadmin /replsummary DC1
Hint. Please note that if delta > 60 days for one of the DCs, then the domain controller should not be brought back online, and must be removed from the domain manually using the ntdsutil tool.
To test replication on all DCs in a domain:
repadmin /replsummary wildcard
To force synchronization of a specific controller with all replication partners:
Repadmin /syncall dc1
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
Alternatively, you can use the Active Directory Sites and Services graphical snap-in (dssite.msc) to force the DC replication. Expand Sites > SiteName > Servers > DCname > NTDS Settings > right-click the connection and select Replicate now.
In our article, you can find more details on the repadmin.
Diagnose AD Replication Using PowerShell
Windows Server 2012 introduces separate PowerShell cmdlets for diagnosing replication. The cmdlets are included in the module PowerShell Active Directory module.
Use the Get-ADReplicationFailure cmdlet to check the AD replication state for all or specific domain controller:
Get-ADReplicationFailure dc1
No replication errors found for this DC (FailureCount : 0).
You can check the replication status for all domain controllers in a specific Active Directory site:
Get-ADReplicationFailure -scope SITE -target Toronto | Format-Table Server, FirstFailureTime, FailureClount, LastError, Partner
To check the current replication queue on a DC, use:
Get-ADReplicationQueueOperation
If you need to replicate an AD to all the domain controllers in the Active Directory forest:
Get-ADDomainController -filter * | ForEach {Sync-ADObject -object "CN=John Brion, OU=Users, OU=Toronto, DC=theitbros, DC=com" -source dc01 -destination $_.hostname}
Get the replication partners for the specific DC:
Get-ADReplicationPartnerMetadata -Target DC1.theitbros.com
ADREPLSTATUS: The Active Directory Replication Status Tool
Microsoft has developed an additional graphical tool ADREPLSTATUS, for diagnosing replication in an Active Directory forest.
You can download and install the Active Directory Replication Status Tool (adreplstatusinstaller.msi) from the following link.
Run the tool by clicking the “AD Replication Status Tool 1.0” icon on the desktop. Select the domain or forest in which you want to test replication and click the Refresh Replication Status button.
The utility will check the status of replication and display any errors found.
“Errors only” mode allows domain admins to focus only on DCs replication failures
Detailed information about the replication status can be checked on the Replication Status Viewer tab.
