Checking Replication with repadmin
One of the primary command prompt commands you can use to troubleshoot Active Directory (AD) replication issues is repadmin.
It’s available on DC, and you can use it to view replication data,
force replication events, and manually create the replication topology
if things really go wrong.
Tip
One of the primary symptoms that indicate a problem
with replication is that new users are unable to log on. Their accounts
are created in AD using one DC, but when they attempt to log on using a
different DC, they receive an error message indicating the username or
password is incorrect. After verifying they are using the correct
username and password, it’s time to break out repadmin.
repadmin includes
several commands that you can use to view replication data as shown in
the following table. When AD has problems with replication, these
normally give clear indications that you have errors. When these come
up error-free, you can be confident that your problem is not due to
replication.
Note
You must run repadmin with administrative permissions.
| repadmin Status and Data Commands | Comments |
|---|
Show replication status.
| Displays
replication status for recent inbound replication attempts. It
identifies replication partners, identifies when the last replication
occurred, and determines whether it was successful. Figure 1 shows the output of this command. |
Summarize status of replication.
C:\> repadmin /replsummary
| This
command summarizes the replication state and relative health of a
forest. It lists the total number of replication attempts, the number
of failures, and the percent of failures compared with the total. |
Show highest update sequence numbers.
repadmin /showutdvec dc-name
naming-context
C:\> repadmin /showutdvec dc1
dc=pearson,dc=pub
| Replication
uses Update Sequence Numbers (USN) to determine whether a DC has the
most up-to-date version of an object. You can view the highest USNs for
a DC with the /showutdvec switch.
Note
The naming-context is the distinguished name of the directory partition.
|
View queued replications.
| Shows
a listing of inbound replication requests that the DC has in queue.
This should normally be zero within a site (or certainly a low number).
The number of items in queue between sites is dependent on the
replication schedule between sites. If you replicate only once a day
between sites, this queue will steadily build up into the scheduled
replication time. |
Show attributes of a DC.
repadmin /showattr dc-name
naming-context
C:\> repadmin /showattr dc1
dc=pearson,dc=pub
| You
can display the attributes of an object. This is sometimes useful when
troubleshooting replication for a specific DC. The example shows the
attributes of a DC named dc1 in the pearson.pub domain.
Note
This shows low-level AD data similar to what you can access using the ldp GUI tool.
|
Show replication metadata for a DC.
repadmin /showobjmeta dc-name
naming-context
C:\> repadmin /showattr dc1
dc=pearson,dc=pub
| You can use the /showobjmeta
switch to show replication metadata for a DC. The example command
displays metadata for the DC named dc1 in the domain pearson.pub. Data
includes the attribute ID, version number, originating and local USN,
originating server’s globally unique identifier (GUID), and a date and
time stamp of the update. |
Show bridgehead servers.
/bridgeheads [ /v]
C:\> repadmin /bridgeheads /v
| Shows all the bridgehead servers for each site that includes a DC. The /v switch is used for a verbose output.
Note
If you have only DCs in a single site, you won’t have any bridgehead servers assigned.
|
Note
replmon (available in Windows Server 2003) is not included in Windows Server 2008 or Windows Server 2008 R2.
