Using Repadmin.exe to troubleshoot Active Directory replication

Repadmin.exe is a Microsoft Windows 2000 Resource Kit tool that is available in the Support Tools folder on the Windows 2000 CD-ROM. It is a command-line interface to Active Directory replication. This tool provides a powerful interface into the inner workings of Active Directory replication, and is useful for troubleshooting Active Directory replication problems. This article describes the basic use of the Repadmin.exe tool.

MORE INFORMATION

Typing repadmin at a command prompt displays the following list of switches: Usa…

Typing repadmin at a command prompt displays the following list of switches:

Usage: repadmin <cmd> <args> [/u:{domain\user}] [/pw:{password|*}]

Supported <cmd>s & args:

/sync <Naming Context> <Dest DSA> <Source DSA UUID> [/force] [/async

[/full] [/addref] [/allsources]

/syncall <Dest DSA> [<Naming Context>] [<flags>]

/kcc [DSA] [/async]

/bind [DSA]

/propcheck <Naming Context> <Originating DSA Invocation ID>

<Originating USN> [DSA from which to enumerate host DSAs]

/getchanges NamingContext [SourceDSA] [/cookie:<file>]

/getchanges NamingContext [DestDSA] SourceDSAObjectGuid

[/verbose] [/statistics]

/showreps [Naming Context] [DSA [Source DSA objectGuid]] [/verbose]

[/unreplicated] [/nocache]

/showvector <Naming Context> [DSA] [/nocache]

/showmeta <Object DN> [DSA] [/nocache]

/showtime <DS time value>

/showmsg <Win32 error>

/showism [<Transport DN>] [/verbose] (must be executed locally)

/showsig [DSA]

/showconn [DSA] [Container DN | <DSA guid>] (default is local site)

/showcert [DSA]

/queue [DSA]

/failcache [DSA]

/showctx [DSA] [/nocache]

Note:- <Dest DSA>, <Source DSA>, <DSA> : Names of the appropriate servers

<Naming Context> is the Distinguished Name of the root of the NC

Example: DC=My-Domain,DC=Microsoft,DC=Com

For example, to determine to which domain controller a particular change has replicated, type the following line

repadmin /showmeta "CN=larryli,OU=DesignTeam,OU=Development,DC=ntbeta,DC=microsoft,DC=com" Name of DC

where Name of DC is the host name of the domain controller you want to check for the replicated parameters.
The output of this command is similar to:

Loc.USN Originating DSA Org.USN Org.Date/Time Ver Attribute

————————————————————————–

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 objectClass

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 cn

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 sn

1668 LuxembourgEMBY 1668 1999-04-23 15:37.12 1 c

1668 LuxembourgEMBY 1668 1999-04-23 15:37.12 1 l

1668 LuxembourgEMBY 1668 1999-04-23 15:37.12 1 st

1706 LuxembourgEMBY 1706 1999-04-23 15:38.39 1 title

1667 LuxembourgEMBY 1667 1999-04-23 15:37.12 2 description

1668 LuxembourgEMBY 1668 1999-04-23 15:37.12 1 postalCode

1667 LuxembourgEMBY 1667 1999-04-23 15:37.12 1 physDevOffName

1667 LuxembourgEMBY 1667 1999-04-23 15:37.12 1 telephoneNumber

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 givenName

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 instanceType

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 whenCreated

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 displayName

1668 LuxembourgEMBY 1668 1999-04-23 15:37.12 1 streetAddress

1776 LuxembourgEMBY 1776 1999-04-23 16:32.44 2 NTSecurityDescriptor

1851 LuxembourgEMBY 1851 1999-04-23 17:06.09 2 wWWHomePage

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 name

1649 LuxembourgEMBY 1649 1999-04-23 15:29.38 3 userAccountControl

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 codePage

1668 LuxembourgEMBY 1668 1999-04-23 15:37.12 2 countryCode

1704 LuxembourgEMBY 1704 1999-04-23 15:38.19 2 homeDirectory

1704 LuxembourgEMBY 1704 1999-04-23 15:38.19 2 homeDrive

1641 LuxembourgEMBY 1641 1999-04-23 15:29.37 2 dBCSPwd

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 scriptPath

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 logonHours

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 userWorkstations

1641 LuxembourgEMBY 1641 1999-04-23 15:29.37 2 unicodePwd

1641 LuxembourgEMBY 1641 1999-04-23 15:29.37 2 ntPwdHistory

1641 LuxembourgEMBY 1641 1999-04-23 15:29.37 2 pwdLastSet

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 primaryGroupID

1643 LuxembourgEMBY 1643 1999-04-23 15:29.37 1 supplmntlCredentials

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 userParameters

1669 LuxembourgEMBY 1669 1999-04-23 15:37.12 2 profilePath

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 objectSid

1776 LuxembourgEMBY 1776 1999-04-23 16:32.44 1 adminCount

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 comment

1640 LuxembourgEMBY 1640 1999-04-23 15:29.37 1 accountExpires

1641 LuxembourgEMBY 1641 1999-04-23 15:29.37 2 lmPwdHistory

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 sAMAccountName

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 sAMAccountType

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 userPrincipalName

1704 LuxembourgEMBY 1704 1999-04-23 15:38.19 1 userSharedFolder

1639 LuxembourgEMBY 1639 1999-04-23 15:29.37 1 objectCategory

1667 LuxembourgEMBY 1667 1999-04-23 15:37.12 1 mail

1705 LuxembourgEMBY 1705 1999-04-23 15:38.39 1 homePhone

By running this command against each domain controller, an administrator can determine whether all domain controllers have the same replicated values. If a specific domain controller does not have the same value, and the change was made some time ago, you can begin investigating why the computer has not yet received the change.


APPLIES TO

· Microsoft Windows Server 2003 Service Pack 1

· Microsoft Windows 2000 Server

· Microsoft Windows 2000 Advanced Server

· Microsoft Windows 2000 Datacenter Server

 

Source: Using Repadmin.exe to troubleshoot Active Directory replication

Leave a Reply

Your email address will not be published. Required fields are marked *