Skip to main content

Check Domain Controller Replication




Troubleshooting Domain Controllers is one of the challenges of Windows System Administrator.

But having the right tools and knowing how to use it would make life easier.

DCDiag is a handy tool to check Active Directory domain environment for the health of the servers.

Domain Controller Diagnostics Tool (dcdiag.exe) is a tool provided by Microsoft to aid in troubleshooting Domain Controllers.

Replication between domain controllers in an Active Directory environment is necessary to have data consistency.

If replication fails between DC's in an AD environment is a nightmare if cannot be resolved in a timely manner.

Here's an informative link to Technet website on how this awesome tool can do:


DCDiag.exe can check for replication errors, DNS issues and is able to check also security error configurations.

Security error configurations will cause replication to fails if delegation is not set properly.

Error below is shown when there is some replication errors between DC:
===============================================

   Testing server: Default-First-Site-Name\ServerName
      Starting test: Replications
         [Replications Check,ServerName] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
         Win32 Error 8453.
         ......................... ServerName failed test Replications
===============================================

Such error will also be shown if DCDiag.exe is run against a DC without proper user account privileges.

If DCDiag is run on a remote PC and not on the DC itself, DCdiag needs an elevated command prompt with domain admin privileges.

If the user account used to run dcdiag does not have rights on the server it will result to an error.

Below is a link from Microsoft website on how to troubleshoot replication issues:


In Windows 2012 repadmin.exe command can be used to replicate between domain controllers.

This link provide examples on how to use repadmin:

http://technet.microsoft.com/en-us/library/cc742152.aspx

Replication can also be done using the graphical interface.

Open "Active Directory Sites and Services" via control panel and administrative tools.

Or simply type "dssite.msc" on command prompt.

Please check image below for the steps on how to do it using the graphical interface.



To use dcdiag.exe to check for any replication errors, open an elevated command prompt and type:

dcdiag /test:replications /s:server_name

If all is good and no errors,result will show "passed test Replications".

See sample output below:

===============================================

C:\>dcdiag /test:replications /s:server_name

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\server_name
      Starting test: Connectivity
         ......................... server_name passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\server_name
      Starting test: Replications
         ......................... server_name passed test Replications
===============================================

DCDiag can also test DNS of a Domain controller.

Command to test DNS:

dcdiag /test:dns /s:SERVER_NAME

DCDiag provides also an option to test all the servers on Site.

But this command should be run on a domain controller and not on a remote workstation.

On a domain controller open an elevated command prompt and type:

dcdiag /a

It will take time to display the results depends on how many DC's are there on the site.

Below is an example output for "dcdiag /a" command.

===============================================

C:\Users\administrator.SERVER_DC_NAME> dcdiag  /a

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = SERVER_DC_NAME
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER_DC_NAME
      Starting test: Connectivity
         ......................... SERVER_DC_NAME passed test Connectivity
  

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER_DC_NAME
      Starting test: Advertising
         ......................... SERVER_DC_NAME passed test Advertising
      Starting test: FrsEvent
         ......................... SERVER_DC_NAME passed test FrsEvent
      Starting test: DFSREvent
         ......................... SERVER_DC_NAME passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SERVER_DC_NAME passed test SysVolCheck
      Starting test: KccEvent
         ......................... SERVER_DC_NAME passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SERVER_DC_NAME passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SERVER_DC_NAME passed test MachineAccount
      Starting test: NCSecDesc
         ......................... SERVER_DC_NAME passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER_DC_NAME passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SERVER_DC_NAME passed test ObjectsReplicated
      Starting test: Replications
         ......................... SERVER_DC_NAME passed test Replications
      Starting test: RidManager
         ......................... SERVER_DC_NAME passed test RidManager
      Starting test: Services
         ......................... SERVER_DC_NAME passed test Services
      Starting test: SystemLog
         ......................... SERVER_DC_NAME passed test SystemLog
      Starting test: VerifyReferences
         ......................... SERVER_DC_NAME passed test VerifyReferences 


   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : MY_WORLD_MY_DC
      Starting test: CheckSDRefDom
         ......................... MY_WORLD_MY_DC passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... MY_WORLD_MY_DC passed test CrossRefValidation

   Running enterprise tests on : MY_WORLD_MY_DC.local
      Starting test: LocatorCheck
         ......................... MY_WORLD_MY_DC.local passed test LocatorCheck
      Starting test: Intersite
         ......................... MY_WORLD_MY_DC.local passed test Intersite

===============================================


There other tests that can be done with dcdiag.exe tool.

Open a command prompt and type "dcdiag /?" (don't include quotes) to check other available parameters.

Cheers!!!  Till next time…

=================
Educational App for Android kids:

https://play.google.com/store/apps/details?id=com.xmultiplication

Comments

Post a Comment

Popular posts from this blog

Copy a single file using robocopy

Copy a single file using robocopy from a local folder to a shared folder on the network.
A simple rule of thumb before any disaster strike, don't interchange the source and the destination.

If source and destination is mistakenly reverse, files might get overwritten. To avoid any loss of data do a test with a dummy file to ensure things work perfectly.
Robocopy [source][destination]   [file to be copied]
robocopy c:\local_c_folder  \\PC_network\shared_folder   file_to_be_copied_xx.txt
The command will be completed successfully provided the network access right has no issues.

Robocopy works quite good on large files. A simple copy or xcopy command will also work but the speed might vary.

Robocopy is free it can be accessed from command line. No need to install the resource kit tool if the operating system is Windows 7 or newer version.

Copy files with selected file extension using PowerShell and Robocopy:

$extension = ('.pdf', '.jpg', '.txt')
gci d:\WorkFolde…

WMIC get computer name

WMIC get computer model, manufacturer, computer name and  username.
WMIC is a command-line tool and that can generate information about computer model, its manufacturer, its username and other informations depending on the parameters provided.
Why would you need a command line tool if there’s a GUI to check?
If you have 20 or 100 computers, or even more. It’s quite a big task just checking the GUI to check the computer model and username.
If you have remote computers, you need to delegate someone in the remote office or location to check.
Or you can just write a batch file or script to automate the task.
Here’s the code below on how get computer model, manufacturer and the username.
Open an elevated command prompt and type:
wmic computersystem get "Model","Manufacturer", "Name", "UserName"
Just copy and paste the code above, the word “computersystem” does not need to be change to a computer name.
A sample output below will be generated if the co…