Checking AD Replication
When you have multiple domain controllers they need to replicate since they are multi-masters. DC1 should hold the same data as DC2 and vice versa, and changes can be done on the DC that suits you (in theory).
If you want to have a quick look if the replication in your forest is ok, you can use a powerful command line tool called “repadmin”.
Open cmd and run: repadmin /replsum
If “largest delta” is less than 1 hour (intrasite) and “fails” = 0, your AD replication (not testing FRS replication) between all DCs in the forest is good.
If fails > 0 you need to investigate further.
Replication is based on pull, so you should focus on “Destination DSA” and “Inbound Neighbors”.
If DC01Test had some failures, I would run: “repadmin /showrepl dc01test” to see which DC(s) it can’t pull changes from, or if it’s a single Naming Context or all NC’s that it has problem replicating. Replication is 100% dependent of DNS, so DNS is a common cause of replication problems.
REPADMIN /REPLSUM:
The five dots says I have 2 domain controllers in the forest. The first three dots are “processing dots”, while each of the rest represent a DC. 5 – 3 = 2 domain controllers.
Largest Delta: longest replication gap amongst all replication links for a particular DC
A. DC01Test Largest Delta: 47m:15s
B. Last attempt: 19:57:13 (from showrepl, where DC01test pulled schema changes from DC4test)
A + B = Rep. Summary Start Time: 20:44:28
REPADMIN /SHOWREPL <source DC>
Inbound Neighbors: Shows the DC’s <source DC> is pulling from and the 4 NC’s (5 links).
DSA Object GUID: The GUID of the source or destination. A CNAME named GUID located in the _msdcs domain zone must be present and have a value of the hostname of the correct DC.
Last attempt @: last time DC01Test pulled from DC4Test and if it was successful.
If you want to read more about what repadmin can do, you can download the whitepaper:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6054092-ee1e-4b57-b175-5aabde591c5f&displayLang=en