How to Troubleshoot AD Replication using Repadmin Tool
Repadmin is a cmd application for diagnosing AD replication issues. Via Repadmin it is easy to view replication topology for every domain controller. And use this knowledge to manually change it and initiate replication communications between controllers. With Repadmin you can easily check replication metadata and relevance vectors (up-to-dateness (UTDVEC)).
Repadmin.exe is a built-in feature in Windows Server environment starting from 2008. It comes with AD Directory Services role and also can be setup in client OSes like Windows 10 with RSAT.
Repadmin.exe has lots of commands, lets focus on most popular ones:
- /syncall – used to synchronize a certain DC with others
- /prp – if you have a Password Replication Policy (PRP), this command helps to manage it
- /queue – Shows the current queue of replication
- /replicate – this command helps to perform replication from one DC to another
- /replsingleobj – This command is handy if you need to replicate only one certain object between DCs
- /replsummary – Shows a report of a current state of replication and health in AD
- /showattr – is used when you need to see object attributes
- /showbackup – this setting displays the last backup time
- /showrepl – If you need to know current replication status use this one
How to Get General Replication Status
Let’s start from overall state of replication, run elevated cmd.exe (start->run->cmd.exe) and type in the following command:
The output will show you any replication failures that exist in your AD environment.
How to Force Replication
Suppose you have replication failures and you need to force a replication after fixing networking connections failure. In elevated Command Prompt (cmd.exe) on any DC run:
repadmin.exe /syncall /Aped
In addition to /syncall command we have few flags that will synchronize all partitions (/A), using push notifications (/p), in enterprise mode across Active Directory sites (/e) using distinguished names instead of DNS names (/d).
How to Manage Inbound and Outbound Replication
It is possible to disable inbound and/or outbound replication with a possibility to reenable it later. To achieve that run the following commands in cmd under admin rights:
repadmin.exe /options DC01 +DISABLE_INBOUND_REPL
Disables inbound replication on a DC01
repadmin.exe /options DC01 +DISABLE_OUTBOUND_REPL
Disables outbound replication on a DC01
repadmin.exe /options DC01 -DISABLE_INBOUND_REPL
Enables inbound replication on a DC01
repadmin.exe /options DC01 -DISABLE_OUTBOUND_REPL
Enables outbound replication on a DC01
For example, the option to disable outbound replication is a good way to perform schema updates without the need to rebuild the entire Active Directory forest.