Active Directory replication failing? Check the topology

Active Directory replication should occur automatically. When it doesn't, the best solution isn't just to force a replication, but to check out the topology. If the replication topology has become unstable or misconfigured, it needs to be corrected before initiating a manual replication procedure.

The Knowledge Consistency Checker (KCC) creates the replication topology used for intra-site replication automatically. Rather than creating a full mesh for replication, the KCC designs a topology where every DC has at least two replication partners and is no more than three hops away from any other DC. With such a topology, every DC can be fully updated with as little as three replication cycles.

Before forcing a replication, check the topology. The REPADMIN tool from the Windows 2000 Server Support Tools can be used for this. The command "repadmin /showreps" runs on a domain controller and produces a list of replication partners as designated by the KCC. You can also run this command remotely by adding a server name such as "repadmin /showreps <dcservername>" to the end of the statement.

To check the topology, verify that every DC lists at least two replication partners and that all named partners see each other as partners. For example, if Server A lists Server B and C as partners, then both Server B and C should list Server A in return as a partner. If you discover a problem or inconsistency in the topology, use the KCC to regenerate the

    Requires Free Membership to View

topology. The command "repadmin /kcc <dcservername>" forces the KCC to rebuild its replication topology. Once this process completes, you can recheck the topology with the /showreps version of the command.

Once you are sure the topology is correct, then and only then should you force a replication. This is done through the Active Directory Sites and Service console. From this console, select a domain controller to initiate replication from its partners. Then right-click over its name and select the Replicate Now command. Replication may take up to three iterations to fully update all DCs in a network, so you will need to force replication by selecting a different DC two additional times.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was first published in November 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.