Checking for AD replication errors
-
Sunday, September 27, 2009 7:35 PM
Hi
We are running Windows 2003 Active Directory in a mutli-site, multi-domain environment.
Forest root is company.com, and there is europe.company.com, us.company.com and asia.company.com
Each city represents an AD site.
An IT admin in Tokyo says that one of their DCs (dc1.asia.company.com)is reporting replication errors with one of ours based in London (dc1.europe.company.com).
I have run REPLMON on the London DC, and can see see:
CN=Configuration, dc=company, dc=com
CN=Schema, dc=company, dc=com
dc=europe, dc=company.com
dc=asia, dc=company, dc=com
dc=us, dc=company, dc=comDo I have to check all of these to ensure that the last replication with other DC's listed in there was succesful?
Are there any Event Log entries which would indicate a problem with replication?
Anything else worthwhile checking to ensure the problem is not on our side?
Secondly, as relates to:
>>CN=Configuration, dc=company, dc=com
CN=Schema, dc=company, dc=com
dc=europe, dc=company.com
dc=asia, dc=company, dc=com
dc=us, dc=company, dc=com<<Are these all partitions that get replicated seperately? Is it possible for one partition to replicate properly and not another?
All Replies
-
Sunday, September 27, 2009 7:51 PM It is possible (although rather unlikely in regard to schema and configuration partitions). Start by examining output of
repadmin /showrepl /all against both DCs in question.
Refer to http://technet.microsoft.com/en-us/library/cc755349(WS.10).aspx for more info...
hth
Marcin- Proposed As Answer by Meinolf WeberMVP Sunday, September 27, 2009 8:00 PM
- Marked As Answer by Mervyn ZhangModerator Wednesday, September 30, 2009 8:28 AM
-
Sunday, September 27, 2009 8:34 PM
Thanks Marcin, great link.
Ok, so to recap our DC is dc1.europe.company.com; I have run the following on that DC:
repadmin /showrepl dc1.europe.company.com [all replications attempts were succesful]
dcdiag /test:replications [dc1.europe.company.com passed test Connectivity, and test Replications]
Taking this into account, would you agree that our DC is acting ok? -
Sunday, September 27, 2009 9:17 PM Not necessarily - this means that inbound replication to that DC is functoning properly. Considering the reason for the original post, you would wan to run the some command but with the dc1.asia.company.com as its argument...
hth
Marcin- Marked As Answer by Mervyn ZhangModerator Wednesday, September 30, 2009 8:28 AM
-
Sunday, September 27, 2009 9:23 PMHi Marcin
Ah ok, so if I am running "repadmin /showrepl dc1.europe.company.com" and "dcdiag /test:replications" on dc1.europe.company.com, then the results shown are those for *inbound* replication attempts? If an outbound replication attempt fails, these are not mentioned? -
Sunday, September 27, 2009 9:31 PM
That's correct - the /repsto switch is not relevant to the scenario you described. Refer to http://technet.microsoft.com/en-us/library/cc742066(WS.10).aspx for details...
hth
Marcin- Marked As Answer by Mervyn ZhangModerator Wednesday, September 30, 2009 8:28 AM
-
Sunday, September 27, 2009 9:41 PMThanks!
I see if I run this command:
"repadmin /showrepl dc1.europe.company.com /repsto"
It also shows "Outbound neighbours for change notifications" which I assume means basically outbound replication targets?
Just two final questions if you don't mind:
i) Is it possible to send the output of "repadmin /showrepl dc1.europe.company.com /repsto" to a text file so I can view its entirety?
ii) In AD Sites and Services, I can go to dc1.europe.company.com and view its inbound replication partners. Is there anyway in ADSS that I can view its outbound replication partners (apart from checking the NTDS settings of each and every other DC)? Or is the repsto switch in the command line the only way?
Thanks again for the help. -
Sunday, September 27, 2009 9:57 PMAs the article states, /repsto "lists the partner domain controllers with which the targeted domain controllers use change notification to perform outbound replication. (Partner domain controllers in this case are domain controllers in the same Active Directory site as the source domain controller and domain controllers that are in remote sites where change notification has been enabled.)"
i) simply append > filename.log at the end
ii) not as far as I know. Note that an "outbound replication partner" is a DC that receives change notification from the one you query - so this applies specifically to intrasite replication unless you have change notification enabled on intersite links...
hth
Marcin -
Sunday, September 27, 2009 10:08 PMThanks again, and - yes - the /repsto only shows intrasite replication partners.
So, I guess I can run
repadmin /showrepl dc1.asia.company.com
This will show me the Inbound replications for the Tokyo DC, of which the London DC is a partner.
But, apart from checking all the sites in Sites&Services to ascertain which DC's the London DC replicates *TO*, is there no command line I can run to find out if Outbound replication has worked on all replication partners of this London DC? Is everything focused on Inbound?
On a side note, I actually thought before that replication was a two way process...but in reality it is PULL only isn't it? So I mean if I go to NTDS settings of the London DC, I can see all the DC's that it is replicating with, but this is PULL only? To see which DC's it is replicating TO, I need to check the NTDS settings of the other DC's?
Thanks again, you've really helped me out :) -
Sunday, September 27, 2009 10:20 PM In general - yes, AD replication is pull based...
As far as I recall, Replmon includes ability to push updates...
hth
Marcin- Marked As Answer by Mervyn ZhangModerator Wednesday, September 30, 2009 8:28 AM
.png)
