How can I verify AD replication between two DCs works

Question

We have a domain with 3 DCs in different networks and we want to decomission one of them.

However, I suspect that the two remaining DCs will not replicate properly between each other due to some network misconfiguration. So I want to ensure that, after I switch off the obsolete DC, the two remaining ones will replicate flawlessly between each other.

I can ping between the two DCs without any problems, but I suspect replication might be a different story.

When I issue repadmin /showrepl dc1, it will only show the status of the previous replications with the DC I want to remove. The safe DC is not listed.

Oliver Salzburg · Answer 1 · 2017-07-06T10:54:18.417

10

To ensure two DCs replicate with each other, you can follow the guide Forcing Replication.

You first want to ensure that both clean DCs replicate with each other.

Open Active Directory Sites and Services, navigate to your first DC and open the NTDS Settings.
You will probably see a connection to the old DC. Add a new connection for the new DC. Now force replication with your other DC.

Repeat the process for the other DC.
Now inspect replication results for your DCs:
```
repadmin /showrepl dc1
```

edited Jul 06 '17 at 10:54

answered Jul 06 '17 at 09:46

Oliver Salzburg

4,505
16
53
80

1

DCDIAG is much better ;) – Michael Brown Jul 06 '17 at 09:56
@MichaelBrown Running that actually pointed me towards an unrelated issue. So, definitely very helpful. Thanks for bringing it to my attention. I went with this approach while waiting for `dcdiag` to finish and this gave me a very direct way to achieve what I was trying to do. – Oliver Salzburg Jul 06 '17 at 09:58

score 9 · Accepted Answer · answered Jul 06 '17 at 09:29

9

Have you tried DCDIAG? It has lots of tests including Checks for timely replication and any replication errors between domain controllers

Here is a link to Dcdiag information:

https://technet.microsoft.com/en-us/library/cc731968(v=ws.11).aspx

answered Jul 06 '17 at 09:29

Michael Brown

3,204
2
9
10

1

@MichaelBrown you should have a look at Oliver's screen capture in his link ... Just saying, don't want to get into a fight with Big John... – Andy K Jul 06 '17 at 09:55
DcDiag is better :) I want the points! – Michael Brown Jul 06 '17 at 09:56
I run dcdiag /e after every patch. I wouldn't say it's a lifesaver, but I do sleep better when it comes up clean. Someday I'll script it to run automatically. – CC. Jul 06 '17 at 21:14

score 4 · Answer 3 · answered Jul 06 '17 at 12:04

4

You can also use the graphical utility MS has and checks all AD Forest for replication issues.

https://www.microsoft.com/en-us/download/details.aspx?id=30005

Thank you

answered Jul 06 '17 at 12:04

Alexios Pappas

505
3
9

Neat tool. But it seems to expire pretty quick: https://i.imgur.com/otGlKja.png The link leads to the same page you linked. – Oliver Salzburg Jul 06 '17 at 17:39
That is weird I use this tool for very long time but never seen it expiring, MS might changed something I will recheck it. – Alexios Pappas Jul 06 '17 at 20:52
Yes as I suspected MS changed something in order the old version to expire. I assume soon they will update the site with 1.1 version that now their link points still to the wrong one. – Alexios Pappas Jul 06 '17 at 23:56
I'll surely try this again in the future. Thanks :) – Oliver Salzburg Jul 07 '17 at 08:03

How can I verify AD replication between two DCs works

3 Answers3