You may notice that Active Directory fails to replicate in the following conditions:
- Monitoring tools including Active Directory Replication Status Tool (ADREPLSTATUS) and REPADMIN expose replication failures.
- Administrators, users, or applications detect that objects that are created and changed in Active Directory don’t exist on all domain controllers (DCs) in a common replication scope.
Active Directory Domain Services (AD DS) replication has the following dependencies:
- Network connectivity over the ports and protocols that are used by the ADDS service
- DNS name resolution to resolve the name of a replication partner to its IP address
- Authentication and authorization
- Time accuracy within 5 minutes to support Kerberos authentication
- The directory database
- The Active Directory replication topology to build connection objects between replication partners
- The ADDS replication engine
Use either of the following methods to view replications errors:
- Run AD Status Replication Tool on the DCs.
- Read the replication status in the repadmin /showrepl output.
- Repadmin is part of Remote Server Administrator Tools (RSAT). If you are using Windows 10, version 1803 or an earlier version of Windows, download Remote Server Administration Tools (RSAT).
- In Windows 10, version 1809 and later version of Windows 10, you can install the RSAT feature through Settings > Manage optional features.
Use repadmin to identify forest-wide Active Directory replication errors
You can create an Excel spreadsheet for domain controllers by using the repadmin/showrepl command to view replication errors. To do this, follow these steps:
- Open a Command Prompt as an administrator:
On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, and then click Continue.
- At the command prompt, type the following command, and then press Enter:
repadmin /showrepl * /csv >showrepl.csv
- In Microsoft Excel, open showrepl.csv.
- Format the spreadsheet as follows:
- Hide or delete column A and column G.
- Select row 1 underneath the column header row. On the View tab, click Freeze Panes, and then click Freeze Top Row.
- Select the whole spreadsheet. On the Data tab, click Filter.
- In the Last Success Time column, click the down arrow, point to Text Filters, and then click Custom Filter.
- Sort the table from oldest to newest.
- In the Source DC or Source DSA column, click the filter down arrow, point to Text Filters, and then click Custom Filter.
- In the Custom AutoFilter dialog box, under Show rows where, click does not contain. In the adjacent text box, type del to eliminate deleted domain controllers from the view.
- Repeat step 6 for the Last Failure Time column, but use the value does not equal, and then type the value 0.
- To fix any replication failures that appear under Last Failure Status, see How to troubleshoot common Active Directory replication errors.