Active Directory Replication (Repadmin)

Many of us use GUI to manage our environment  but sometimes we would be better use command-line.  Using Active Directory Site and Services, staring replication among your sites and checking event viewer take time and sometimes finding result in event viewer can be difficult. just one command can help us to investigate our problem and sort out. I am going to give you some example how to use this command and it is going to give you an idea how to figure your problem out.

When you type “repadmin” on command-prompt, you will see this screen

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:Userssonat>repadmin
Usage: repadmin <cmd> <args> [/u:{domainuser}] [/pw:{password|*}]
[/retry[:<retries>][:<delay>]]
[/csv]

Use these commands to see the help:

/?          Displays a list of commands available for use in repadmin and their
description.
/help       Same as /?
/?:<cmd>    Displays the list of possible arguments <args>, appropriate
syntaxes and examples for the specified command <cmd>.
/help:<cmd> Same as /?:<cmd>
/experthelp Displays a list of commands for use by advanced users only.
/listhelp   Displays the variations of syntax available for the DSA_NAME,
DSA_LIST, NCNAME and OBJ_LIST strings.
/oldhelp    Displays a list of deprecated commands that still work but
are no longer supported by Microsoft.

Supported <cmd> commands (use /?<cmd> for detailed help):
/kcc    Forces the KCC on targeted domain controller(s) to immediately
recalculate its inbound replication topology.

     /prp    This command allows an admin to view or modify the
password replication policy for RODCs.

    /queue  Displays inbound replication requests that the  DC needs to issue
to become consistent with its source replication partners.

    /replicate  Triggers the immediate replication of the specified directory
partition to the destination domain controller from the source DC.

     /replsingleobj Replicates a single object between any two domain
controllers that have common directory partitions.

     /replsummary The replsummary operation quickly and concisely summarizes
the replication state and relative health of a forest.

    /rodcpwdrepl Triggers replication of passwords for the specified user(s)
from the source (Hub DC) to one or more Read Only DC’s.

     /showattr Displays the attributes of an object.

     /showobjmeta Displays the replication metadata for a specified object
stored in Active Directory, such as attribute ID, version
number, originating and local Update Sequence Number (USN), and
originating server’s GUID and Date and Time stamp.

    /showrepl Displays the replication status when specified domain controller
last attempted to inbound replicate Active Directory partitions.

     /showutdvec displays the highest committed Update Sequence Number (USN)
that the targeted DC’s copy of Active Directory shows as
committed for itself and its transitive partners.

     /syncall Synchronizes a specified domain controller with all replication
partners.

Supported additional parameters:

     /u:    Specifies the domain and user name separated by a backslash
{domainuser} that has permissions to perform operations in
Active Directory. UPN logons not supported.

     /pw:   Specifies the password for the user name entered with the /u
parameter.

     /retry This parameter will cause repadmin to repeat its attempt to bind
to the target dc should the first attempt fail with one of the
following error status:

            1722 / 0x6ba : “The RPC Server is unavailable”
1753 / 0x6d9 : “There are no more endpoints available from the
endpoint mapper”

     /csv   Used with /showrepl to output results in comma separated
value format. See /csvhelp

Note: Most commands take their parameters in the order of “Destination or
Target DSA_LIST”, then a “Source DSA_NAME” if required, and finally the
NC or Object DN if required.

        <DSA_NAME> (or <DSA_LIST>) is a Directory Service Agent binding
string. For Active Directory Domain Services, this is simply a network
label (such as a DNS, NetBios, or IP address) of a Domain Controller.
For Active Directory Lightweight Directory Services, this must be a
network label of the AD LDS server followed by a colon and the LDAP
port of the AD LDS instance
Examples (AD DS):  dc-01
dc-01.microsoft.com
Examples (AD LDS): ad-am-01:2000
ad-am-01.microsoft.com:2000

      <Naming Context> is the Distinguished Name of the root of the NC
Example: DC=My-Domain,DC=Microsoft,DC=Com
Note: Text (Naming Context names, server names, etc) with International or
Unicode characters will only display correctly if appropriate fonts and
language support are loaded.

Example 1:

using repadmin /showrepl

this command is going to show you latest replication status your domain. forest,schema etc…

C:Userssonat>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
sonatMSAD01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: c11d89cb-95d3-405c-b65c-19aa7bd3f495
DSA invocationID: 2b478127-fa56-42ff-88ab-2b43f680ce84

==== INBOUND NEIGHBORS ======================================

DC=sonat,DC=int,
SonatIstanbul via RPC
DSA object GUID: 91812d04-903b-4c01-b311-4cc980864ced
Last attempt @ 2011-12-05 08:58:09 was successful.
Sonat-MelbourneMSAD01 via RPC
DSA object GUID: 8d797f4e-1ce4-4566-bc2d-1a13a99a1017
Last attempt @ 2011-12-05 10:43:08 was successful.
Sonat-HQMSDCHQ01 via RPC
DSA object GUID: e03e3d8b-5926-41a1-a5bd-a6d8075f84f9
Last attempt @ 2011-12-05 10:50:08 was successful.
Sonat-SydneyMSADSYDNEY01 via RPC
DSA object GUID: 5009f212-6e14-4d34-a6de-06ded98674f8
Last attempt @ 2011-12-05 10:50:09 was successful.

CN=Configuration,DC=sonat,DC=int
SonatIstanbul via RPC
DSA object GUID: 91812d04-903b-4c01-b311-4cc980864ced
Last attempt @ 2011-12-05 08:58:09 was successful.
Sonat-MelbourneMSAD01 via RPC
DSA object GUID: e03e3d8b-5926-41a1-a5bd-a6d8075f84f9
Last attempt @ 2011-12-05 09:58:08 was successful.
Sonat-HQMSDCHQ01 via RPC
DSA object GUID: 5009f212-6e14-4d34-a6de-06ded98674f8
Last attempt @ 2011-12-05 09:58:08 was successful.
Sonat-SydneyMSADSYDNEY01 via RPC
DSA object GUID: 8d797f4e-1ce4-4566-bc2d-1a13a99a1017
Last attempt @ 2011-12-05 10:43:08 was successful.

CN=Schema,CN=Configuration,DC=sonat,DC=int
SonatIstanbul via RPC
DSA object GUID: 91812d04-903b-4c01-b311-4cc980864ced
Last attempt @ 2011-12-05 08:58:10 was successful.
VIC-MelbourneHOHO2003AD3 via RPC
DSA object GUID: 5009f212-6e14-4d34-a6de-06ded98674f8
Last attempt @ 2011-12-05 09:58:08 was successful.
Sonat-HQMSDCHQ01 via RPC
DSA object GUID: e03e3d8b-5926-41a1-a5bd-a6d8075f84f9
Last attempt @ 2011-12-05 09:58:08 was successful.
Sonat-SydneyMSADSYDNEY01via RPC
DSA object GUID: 8d797f4e-1ce4-4566-bc2d-1a13a99a1017
Last attempt @ 2011-12-05 10:43:08 was successful.

DC=ForestDnsZones,DC=sonat,DC=int
SonatIstanbul via RPC
DSA object GUID: 91812d04-903b-4c01-b311-4cc980864ced
Last attempt @ 2011-12-05 08:58:10 was successful.
Sonat-HQMSDCHQ01 via RPC
DSA object GUID: 5009f212-6e14-4d34-a6de-06ded98674f8
Last attempt @ 2011-12-05 09:58:08 was successful.
Sonat-MelbourneMSAD01 via RPC
DSA object GUID: e03e3d8b-5926-41a1-a5bd-a6d8075f84f9
Last attempt @ 2011-12-05 09:58:08 was successful.
Sonat-SydneyMSADSYDNEY01via RPC
DSA object GUID: 8d797f4e-1ce4-4566-bc2d-1a13a99a1017
Last attempt @ 2011-12-05 10:43:08 was successful.

DC=DomainDnsZones,DC=sonat,DC=int
SonatIstanbul via RPC
DSA object GUID: 91812d04-903b-4c01-b311-4cc980864ced
Last attempt @ 2011-12-05 08:58:11 was successful.
Sonat-SydneyMSADSYDNEY01 via RPC
DSA object GUID: 8d797f4e-1ce4-4566-bc2d-1a13a99a1017
Last attempt @ 2011-12-05 10:43:08 was successful.
Sonat-MelbourneMSAD01 via RPC
DSA object GUID: e03e3d8b-5926-41a1-a5bd-a6d8075f84f9
Last attempt @ 2011-12-05 10:44:10 was successful.
Sonat-HQMSDCHQ01 via RPC
DSA object GUID: 5009f212-6e14-4d34-a6de-06ded98674f8
Last attempt @ 2011-12-05 10:44:10 was successful.

Example 2:

repadmin /replsummary

C:Userssonat>repadmin /replsummary
Replication Summary Start Time: 2011-12-05 11:02:36

Beginning data collection for replication summary, this may take awhile:
………

Source DSA          largest delta    fails/total %%   error
MSDC01                   05m:53s    0 /   5    0
MSHQDC01                  04m:28s    0 /  10    0
Istanbul             02h:04m:27s    0 /   5    0
MSDCSYDNEY01                 05m:36s    0 /  10    0
Destination DSA     largest delta    fails/total %%   error
MSDC01                  04m:04s    0 /   5    0
MSHQDC01                     05m:58s    0 /  10    0
Istanbul             02h:06m:40s    0 /   5    0
MSDCSYDNEY01                 14m:57s    0 /  10    0
Example 3:

repadmin /syncall

repadmin /syncall server1 dc=sonat,dc=int Syncing partition: dc=sonat,dc=int

CALLBACK MESSAGE: The following replication is in progress: From: fea22f1d-a456-4f70-aa06-bedbda29e7eb._msdcs.sonat.int To : 5c02bcaf-86d9-4bed-811e-d17a5cebf8bb._msdcs.sonat.int

CALLBACK MESSAGE: The following replication completed successfully: From: fea22f1d-a456-4f70-aa06-bedbda29e7eb._msdcs.sonat.int To : 5c02bcaf-86d9-4bed-811e-d17a5cebf8bb._msdcs.sonat.int

CALLBACK MESSAGE: SyncAll Finished. SyncAll terminated with no errors.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: