roy Profile picture
Sep 6, 2021 • 8 tweets • 3 min read • Read on X
A hat tip to repadmin.exe (thread🧵).

Commonly used for a quick view of replication health with: “repadmin /replsum” which will inspect the Repsfrom multi-valued attribute stored at the root of each directory partition on each DC; bubbling up the summary 🪄 (#ActiveDirectory) repadmin replsum example
If your output from replsum is more interesting than the example above and you want to take a closer look at replication health "showrepl" is the way. If you want to quickly see ALL partitions from ALL domain controllers in an easy view: “repadmin /showrepl * /csv > allrepl.csv” repadmin /showrepl csv file in excel
Maybe one domain controller stands out as a troublemaker or victim and we want to quickly see who it is replicating with and the status for each partition? “repadmin /showrepl dc1”. repadmin showreps detailed view for one domain controller
(While not only repadmin.exe related it's useful to remember that the "DSA Object Guid's" are registered in the _msdcs DNS zone. So if you see the DSA GUID in an error message or log, map them to DC name easily via nslookup, ping or by inspecting the DNS zone to investigate.) screenshot showing resolution of a DSA object guid
You might need to verify the list of the domain controllers in your forest to double check that you have the full replication picture while you’re digging in to a replication problem: “repadmin /viewlist *”. repadmin /viewlist output showing all DC's in the forest
In a larger environment you could have a hunch that topology design choices are preventing full convergence. Some DC’s are getting the change, others aren't. Where did this DC get an attribute change from? “repadmin /showobjmeta dc1 “CN=Chad Duffey, CN=Users, DC=mydomain,DC=com” repadmin /showobjmeta output
What if you think DC's from different sites are behaving differently WRT replication? “repadmin.exe /siteoptions dc1”. (In the example, we find the setting is old & longer required. We make adjustments: “repadmin /siteoptions -IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED dc1”) repadmin showing site configuration settings
To check that your Active Directory backups are “supported” system state backups; usable in a full forest recovery/disaster: “repadmin /showbackup”. Only backup products that call the standard/supported AD backup API will update the timestamp on the partition with the backup time console output showing a check for backup status in active d

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with roy

roy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(