Active Directory Replication

Verify Active Directory Replication

S'applique à: Windows Server 2008, Windows Server 2008 R2

You can use this procedure to verify that Active Directory replication is functioning properly on a domain controller.

Membership in Domain Admins, or equivalent, is required to complete this procedure.

To verify Active Directory replication

1. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.
2. At the command prompt, type the following command, and then press ENTER:

dcdiag /test:replications

Force Replication Between Domain Controllers

S'applique à: Windows Server 2008, Windows Server 2008 R2

You can use this procedure to force Active Directory replication to occur between two domain controllers on a one-time basis when you want changes to be replicated from the server that received the changes to a server in another site sooner than the site link schedule allows. As an alternative, you can synchronize replication with all replication partners.

Membership in Enterprise Admins, or equivalent, is required to complete this procedure.

To force replication over a connection

1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.
2. In the console tree, expand Sites, and then expand the site to which you want to force replication from the updated server.
3. Expand the Servers container to display the list of servers that are currently configured for that site.
4. Expand the server objects and click their NTDS Settings objects to display their connection objects in the details pane. Find a server that has a connection object from the server on which you made the updates.
5. Click NTDS Settings below the server object. In the details pane, right-click the connection object whose From Server is the domain controller that has the updates that you want to replicate, and then click Replicate Now.
6. When the Replicate Now message box appears, review the information, and then click OK.

Synchronize Replication with All Partners

S'applique à: Windows Server 2008, Windows Server 2008 R2

You can use this procedure to synchronize replication with all replication partners of a domain controller.

Membership in Enterprise Admins in the forest or Domain Admins in the forest root domain, or equivalent, is the minimum required to complete this procedure.

To synchronize replication with all partners

1.      At a command prompt, type the following command, and then press ENTER:

repadmin /syncall <DomainControllerName> /e /d /A /P /q

Value	Description
repadmin /syncall	Synchronizes a specified domain controller with all replication partners.
<DomainControllerName>	The Domain Name System (DNS) name of the domain controller on which you want to synchronize replication with all partners.
/e	Enterprise; includes partners in all sites.
/d	Identifies servers by their distinguished names in messages.
/A	All; synchronizes all directory partitions that are held on the home server.
/P	Pushes changes outward from the home server.
/q	Runs in quiet mode; suppresses callback messages.

2.      Check for replication errors in the output of the command in the previous step. If there are no errors, replication is successful. For replication to complete, any errors must be corrected.

Verify Successful Replication to a Domain Controller

S'applique à: Windows Server 2008, Windows Server 2008 R2

You can use the repadmin /showrepl command to verify successful replication to a specific domain controller. If you are not running Repadmin on the domain controller whose replication you are checking, you can specify a destination domain controller in the command. Repadmin lists INBOUND NEIGHBORS for the current or specified domain controller. INBOUND NEIGHBORS shows the distinguished name of each directory partition for which inbound directory replication has been attempted, the site and name of the source domain controller, and whether replication succeeded or not, as follows:

• Last attempt @ <YYYY-MM-DD HH:MM.SS> was successful.
• Last attempt @ [Never] was successful.

If @ [Never] appears in the output for a directory partition, replication of that directory partition has never succeeded from the identified source replication partner over the listed connection.

Membership in Enterprise Admins, or equivalent, is the minimum required to complete this procedure.

To verify successful replication to a domain controller

1.      Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.

2.      At the command prompt, type the following command, and then press ENTER:

repadmin /showrepl <servername> /u:<domainname>\<username> /pw:*

Remarque

The user credential parameters (/u:<domainname>\<username> /pw:*) are not required for the domain of the user if the user has opened the Command Prompt as an administrator with Domain Admins credentials or is logged on to the domain controller as a member of Domain Admins or equivalent. However, if you run the command for a domain controller in a different domain in the same Command Prompt session, you must provide credentials for an account in that domain.

Value	Description
repadmin /showrepl	Displays the replication status for the last time that the domain controller that is named in <servername> attempted inbound replication of Active Directory partitions.
<servername>	The name of the destination domain controller.
/u:	Specifies the domain name and user name, separated by a backslash, for a user who has permissions to perform operations in AD DS.
<domainname>	The single-label name of the domain of the destination domain controller. (You do not have to use a fully qualified Domain Name System (DNS) name.)
<username>	The name of an administrative account in that domain.
/pw:*	Specifies the domain password for the user named in <username>. * provides a Password: prompt when you press ENTER.

3.      At the Password: prompt, type the password for the user account that you provided, and then press ENTER.

You can also use repadmin to generate the details of replication to and from all replication partners in a Microsoft Excel spreadsheet. The spreadsheet displays data in the following columns:

Showrepl_COLUMNS

Destination DC Site

Destination DC

Naming Context

Source DC Site

Source DC

Transport Type

Number of Failures

Last Failure Time

Last Success Time

Last Failure Status

The following procedure creates this spreadsheet and sets column headings for improved readability.

To generate a repadmin /showrepl spreadsheet for all replication partners

1.      Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.

2.      At the command prompt, type the following command, and then press ENTER:

repadmin /showrepl * /csv >showrepl.csv

3.      Open Excel.

4.      Click the Office button, click Open, navigate to showrepl.csv, and then click Open.

5.      Hide or delete column A as well as the Transport Type column, as follows:

6.      Select a column that you want to hide or delete.

• To hide the column, right-click the column, and then click Hide.
  
  Or
• To delete the column, right-click the selected column, and then click Delete.

7.      Select row 1 beneath the column heading row. On the View tab, click Freeze Panes, and then click Freeze Top Row.

8.      Select the entire spreadsheet. On the Data tab, click Filter.

9.      In the Last Success Time column, click the down arrow, and then click Sort Ascending.

10.  In the Source DC column, click the filter down arrow, point to Text Filters, and then click Custom Filter.

11.  In the Custom AutoFilter dialog box, under Show rows where, click does not contain. In the adjacent text box, type del to eliminate from view the results for deleted domain controllers.

12.  Repeat step 11 for the Last Failure Time column, but use the value does not equal, and then type the value 0.

13.  Resolve replication failures.

The last successful attempt should agree with the replication schedule for intersite replication, or the attempt should be within the last hour for intrasite replication.

If Repadmin reports any of the following conditions, see Troubleshooting Active Directory Replication Problems (http://go.microsoft.com/fwlink/?LinkID=93582):

• The last successful intersite replication was before the last scheduled replication.
• The last intrasite replication was longer than one hour ago.
• Replication was never successful.

Update a Server with Configuration Changes

S'applique à: Windows Server 2008, Windows Server 2008 R2

On a domain controller that is running Windows Server 2008, you can use this procedure to force replication of configuration changes to a domain controller that is not receiving replication as a result of configuration errors. This procedure is particularly useful for updating a read-only domain controller (RODC) in a branch site with configuration changes from a hub site, for example, when a site link object has been inadvertently deleted.

You can complete this procedure by using either the Windows interface or the Repadmin command-line tool.

Membership in Enterprise Admins in the forest or Domain Admins in the forest root domain, or equivalent, is the minimum required to complete this procedure.

To use the Windows interface to update a server with configuration changes

1.      Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.

2.      In the console tree, expand Sites, and then expand the site of the domain controller that you want to receive configuration updates.

3.      Expand the Servers container to display the list of servers that are currently configured for that site.

4.      Double-click the server object that requires the configuration updates that you want to replicate.

5.      Right-click NTDS Settings below the server object, and then click Replicate configuration to the selected DC.

6.      In the Replicate Now message box, click OK.

To use Repadmin to update a server with configuration changes

1.      Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.

2.      At the command prompt, type the following command, and then press ENTER:

repadmin /showrepl <ServerName>

Where <ServerName> is the name of the domain controller that has the configuration changes that you want to replicate. The /showrepl switch provides the globally unique identifier (GUID) information that you need for step 6.

3.      Click the Command Prompt menu in the title bar, click Edit, and then click Mark.

4.      Use the cursor to select the value in DSA object GUID.

5.      Click the Command Prompt menu in the title bar, and then click Copy. Use the Paste command on the Command Prompt menu to paste this value for the <SourceDomainControllerGUID> parameter in the next step.

6.      At the command prompt, type the following command, and then press ENTER:

repadmin /sync <ConfigurationDistinguishedName> <DestinationServerName> <SourceDomainControllerGUID>

Value	Description
/sync	Synchronizes replication of the specified directory partition between the specified domain controllers
<ConfigurationDistinguishedName>	The configuration directory partition distinguished name: CN=Configuration,DC=ForestRootDomainName
<DestinationServerName>	The name of the domain controller that is to receive the configuration updates, for example, DC3B.
<SourceDomainControllerGUID>	The Directory System Agent (DSA) GUID of the domain controller that is forcing replication.