Problem solve Get help with specific problems with your technologies, process and projects.

Active Directory replication failing? Check the topology

Learn why automatic replication can sometimes fail in Active Directory and what admins can do to troubleshoot the problem.

Active Directory replication should occur automatically. When it doesn't, the best solution isn't just to force...

a replication, but to check out the topology. If the replication topology has become unstable or misconfigured, it needs to be corrected before initiating a manual replication procedure.

The Knowledge Consistency Checker (KCC) creates the replication topology used for intra-site replication automatically. Rather than creating a full mesh for replication, the KCC designs a topology where every DC has at least two replication partners and is no more than three hops away from any other DC. With such a topology, every DC can be fully updated with as little as three replication cycles.

Before forcing a replication, check the topology. The REPADMIN tool from the Windows 2000 Server Support Tools can be used for this. The command "repadmin /showreps" runs on a domain controller and produces a list of replication partners as designated by the KCC. You can also run this command remotely by adding a server name such as "repadmin /showreps <dcservername>" to the end of the statement.

To check the topology, verify that every DC lists at least two replication partners and that all named partners see each other as partners. For example, if Server A lists Server B and C as partners, then both Server B and C should list Server A in return as a partner. If you discover a problem or inconsistency in the topology, use the KCC to regenerate the topology. The command "repadmin /kcc <dcservername>" forces the KCC to rebuild its replication topology. Once this process completes, you can recheck the topology with the /showreps version of the command.

Once you are sure the topology is correct, then and only then should you force a replication. This is done through the Active Directory Sites and Service console. From this console, select a domain controller to initiate replication from its partners. Then right-click over its name and select the Replicate Now command. Replication may take up to three iterations to fully update all DCs in a network, so you will need to force replication by selecting a different DC two additional times.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

Dig Deeper on Windows systems and network management