Managing Active Directory (AD) replication is crucial for maintaining a healthy and efficient network infrastructure. Replication ensures that changes made to the directory on one domain controller are propagated to other domain controllers, thereby maintaining consistency across the network.
But, it’s important to periodically check the status of AD replication to identify and address any potential issues. In this article, we will explore different methods to check AD replication, including using REPADMIN and several PowerShell cmdlets.
Intra-Site vs. Inter-Site
Before diving into the details of AD replication checks, it’s important to understand the distinction between intra-site and inter-site replication.
Intra-site replication occurs within a single Active Directory site, where domain controllers communicate with each other using high-speed, reliable connections.
Inter-site replication, on the other hand, involves replication between different sites, which may be connected over slower, less reliable links.
It’s worth noting that the methods described in this article apply to both intra-site and inter-site replication scenarios. But, some specific considerations may apply when dealing with inter-site replication.
Quick Ways to Check Active Directory Replication
We can utilize various tools and commands to verify the status of AD replication. In this section, we will explore two commonly used methods: REPADMIN and PowerShell Active Directory cmdlets.
Using REPADMIN
REPADMIN is a command-line tool Microsoft provides for managing and troubleshooting Active Directory replication.
The repadmin.exe utility is installed by default on an AD domain controller when ADDS is installed and promotes the server to a domain controller. To install repadmin on a Windows 10 desktop, you must install the Remote Server Administration Tools (RSAT) pack.
It offers several commands that provide valuable information about replication status. Let’s take a look at some of the most useful commands and their applications:
repadmin /showrepl: This command lets you view the replication status for a specific domain controller. It displays the source and destination domain controllers involved in replication and the date and time of the last successful replication.
repadmin /replsummary: This command summarizes the replication status across all domain controllers in the forest. It gives an overview of the number of successful and failed replications and any lingering objects.
Hint. If delta > 60 days for one of the DCs, then the domain controller should not be brought back online, and must be removed from the domain manually using the ntdsutil tool.
Related post. How to Seize FSMO Roles From Dead Domain Controller?
repadmin /queue: This command shows the replication queue size for a domain controller. It helps identify if any domain controllers are experiencing a backlog in replication, which could indicate underlying issues.
repadmin /syncall: This command initiates an immediate synchronization of the directory partitions on a domain controller. It ensures that any pending changes are replicated promptly.
repadmin /replicate: This command manually triggers replication between specific domain controllers. It is handy for troubleshooting replication problems or forcing immediate replication when necessary.
Using PowerShell
PowerShell provides a rich set of cmdlets for managing Active Directory, including ones designed explicitly for replication checks. Here are some PowerShell cmdlets commonly used to monitor AD replication:
Get-ADReplicationUpToDatenessVectorTable: This cmdlet retrieves the replication state information for all domain controllers in a specified domain. It shows the date and time of the last successful replication and identifies any replication partners that are currently unavailable.
Get-ADReplicationUpToDatenessVectorTable -Scope Forest | Sort-Object LastReplicationSuccess | Format-Table
Get-ADReplicationPartnerMetadata: With this cmdlet, you can obtain detailed replication metadata for a specific domain controller. It provides information such as the last successful replication time, the largest replication update received, and the last error encountered during replication.
Get-ADReplicationPartnerMetadata -Target DC1, DC2
Get-ADReplicationQueueOperation: This cmdlet displays the replication operations currently in the queue for a domain controller. It helps identify any pending replication tasks and their progress.
Get-ADReplicationQueueOperation -Server DC2
If the queue is empty, this cmdlet returns no result.
Sync-ADObject: Use this cmdlet to synchronize a specific Active Directory object across all domain controllers in the Active Directory forest. It ensures that changes made to the object are replicated promptly.
Sync-ADObject -Object ‘CN=Matthew Clark,OU=Users,OU=California,OU=USA,DC=theitbros,DC=com’ -Source DC1 -Destination DC2
Get-ADReplicationFailure: This cmdlet retrieves the replication failure information for a specific domain controller. It helps identify any replication errors and their associated error codes.
Get-ADReplicationFailure -Target DC1, DC2
Conclusion
Regularly checking the status of Active Directory replication is vital for ensuring the health and reliability of your AD infrastructure. Using tools like REPADMIN and PowerShell, administrators can easily monitor replication status and promptly address any issues.
Whether you use command-line tools or PowerShell cmdlets, the key is establishing a routine of replication checks to maintain a robust Active Directory environment.
