How to Troubleshoot AD Replication using Repadmin Tool

How to Troubleshoot AD Replication using Repadmin Tool

Repadmin is a cmd application for diagnosing AD replication issues. Via Repadmin it is easy to view replication topology for every domain controller. And use this knowledge to manually change it and initiate replication communications between controllers. With Repadmin you can easily check replication metadata and relevance vectors (up-to-dateness (UTDVEC)).

Repadmin.exe is a built-in feature in Windows Server environment starting from 2008. It comes with AD Directory Services role and also can be setup in client OSes like Windows 10 with RSAT.

Command List

Repadmin.exe has lots of commands, lets focus on most popular ones:

  • /syncall – used to synchronize a certain DC with others
  • /prp – if you have a Password Replication Policy (PRP), this command helps to manage it
  • /queue – Shows the current queue of replication
  • /replicate – this command helps to perform replication from one DC to another
  • /replsingleobj – This command is handy if you need to replicate only one certain object between DCs
  • /replsummary – Shows a report of a current state of replication and health in AD
  • /showattr – is used when you need to see object attributes
  • /showbackup – this setting displays the last backup time
  • /showrepl – If you need to know current replication status use this one

How to Get General Replication Status

Let’s start from overall state of replication, run elevated cmd.exe (start->run->cmd.exe) and type in the following command:

repadmin.exe /replsummary

The output will show you any replication failures that exist in your AD environment.

How to Force Replication

Suppose you have replication failures and you need to force a replication after fixing networking connections failure. In elevated Command Prompt (cmd.exe) on any DC run:

repadmin.exe /syncall /Aped

In addition to /syncall command we have few flags that will synchronize all partitions (/A), using push notifications (/p), in enterprise mode across Active Directory sites (/e) using distinguished names instead of DNS names (/d).

How to Manage Inbound and Outbound Replication

It is possible to disable inbound and/or outbound replication with a possibility to reenable it later. To achieve that run the following commands in cmd under admin rights:

repadmin.exe /options DC01 +DISABLE_INBOUND_REPL

Disables inbound replication on a DC01

repadmin.exe /options DC01 +DISABLE_OUTBOUND_REPL

Disables outbound replication on a DC01

repadmin.exe /options DC01 -DISABLE_INBOUND_REPL

Enables inbound replication on a DC01

repadmin.exe /options DC01 -DISABLE_OUTBOUND_REPL

Enables outbound replication on a DC01

For example, the option to disable outbound replication is a good way to perform schema updates without the need to rebuild the entire Active Directory forest.

Credits: https://serverspace.us/support/help/how-to-troubleshoot-ad-replication-using-repadmin-tool/

.