Active Directory Replication Diagnostics

Have you ever found yourself in a sea of event log errors for Active Directory replication? How do you begin to diagnose Active Directory replication? Below are the basic steps that I have come up with for my own use. 1. Test Active Directory Replication

Open a command prompt as an administrator and run the following commands:

• dcdiag /test:replications > testrepl.txt - Open the text file and review the contents after this command is run

• repadmin /syncall - Initiates an Active Directory full sync.

2. View Replication Status

Open a command prompt as an administrator and run the following commands:

• repadmin /showrepl - This shows the current replication status.

• repadmin /queue - Shows objects in the queue for replication.

• repadmin /replsummary - Shows a summary and the basic health of replication

• repadmin /showutdvec - Shows the highest committed update sequence number (USN) that the target domain controller shows for itself and its partners.

3. Verify DNS for the Domain Controller

Open a command prompt as an administrator and run the following commands:

• dcdiag /test:connectivity - Verifies DNS is working enough for Active Directory replication to work.

4. Check Replication Topology

Open a command prompt as an administrator and run the following commands:

• repadmin /kcc - Forces the knowledge consistency checker (KCC) on the target domain controller to immediately recalculate its topology.

5. Check the Event Viewer