How to diagnose Active Directory replication failures

Ισχύει για: Windows Server 2008 Enterprise without Hyper-VWindows Server 2008 FoundationWindows Server 2008 R2 Datacenter

Symptoms


You may notice that Active Directory fails to replicate in the following conditions:

  • Monitoring tools including Active Directory Replication Status Tool (ADREPLSTATUS) and REPADMIN expose replication failures.
  • Administrators, users, or applications detect that objects that are created and changed in Active Directory don’t exist on all domain controllers (DCs) in a common replication scope.

Cause


Active Directory Domain Services (AD DS) replication has the following dependencies:

  • Network connectivity over the ports and protocols that are used by the ADDS service
  • DNS name resolution to resolve the name of a replication partner to its IP address
  • Authentication and authorization
  • Time accuracy within 5 minutes to support Kerberos authentication
  • The directory database
  • The Active Directory replication topology to build connection objects between replication partners
  • The ADDS replication engine

Resolution


Use either of the following methods to view replications errors:

  • Run AD Status Replication Tool on the DCs. 
  • Read the replication status in the repadmin /showrepl output.
    • Repadmin is part of Remote Server Administrator Tools (RSAT). If you are using Windows 10, version 1803 or an earlier version of Windows, download Remote Server Administration Tools (RSAT).
    • In Windows 10, version 1809 and later version of Windows 10, you can install the RSAT feature through Settings > Manage optional features.
       

Use repadmin to identify forest-wide Active Directory replication errors

You can create an Excel spreadsheet for domain controllers by using the repadmin/showrepl command to view replication errors. To do this, follow these steps:

  1. Open a Command Prompt as an administrator:
    On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, and then click Continue.
  2. At the command prompt, type the following command, and then press Enter:

    repadmin /showrepl * /csv >showrepl.csv
     
  3. In Microsoft Excel, open showrepl.csv.
  4. Format the spreadsheet as follows:
    1. Hide or delete column A and column G.
    2. Select row 1 underneath the column header row. On the View tab, click Freeze Panes, and then click Freeze Top Row.
    3. Select the whole spreadsheet. On the Data tab, click Filter.
    4. In the Last Success Time column, click the down arrow, point to Text Filters, and then click Custom Filter.
    5. Sort the table from oldest to newest.
    6. In the Source DC or Source DSA column, click the filter down arrow, point to Text Filters, and then click Custom Filter.
    7. In the Custom AutoFilter dialog box, under Show rows where, click does not contain. In the adjacent text box, type del to eliminate deleted domain controllers from the view.
    8. Repeat step 6 for the Last Failure Time column, but use the value does not equal, and then type the value 0.
  5. To fix any replication failures that appear under Last Failure Status, see How to troubleshoot common Active Directory replication errors.