2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Repadmin: How to Check Active Directory

Replication
Last Updated: September 13, 2018 by Robert Allen

In this tutorial, you will learn how to use the repadmin tool to check Active Directory
Replication.

Repadmin is the ultimate replication diagnostic tool.

In addition to checking the health of your domain controllers, it can also be used to
force replication and pin point errors.

Active Directory replication is a critical service that keeps changes synchronized with
other domain controllers in the forest.

Problems with replication can cause authentication failures and issues accessing
network resources (files, printers, applications).

Below I’ll show you the step by step process with plenty of examples and the
results.

Let’s do this.

How to install Repadmin

Repadmin was introduced in 2003 with the Windows Server 2003 support tools.

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 1/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Microsoft started to include the repadmin command in Windows server 2008 and
up. It is also included on any computer that has the Remote Server Administration
Tools (RSAT) installed.

Repadmin Examples
To use repadmin you need to run the command prompt as an administrator. Simply
right click cmd and choose to run as administrator

Example 1: Display the repadmin help menu

Use the following command to see the help menu, this will display all the command
line options. There are many options and you will probably not use most of them.
In the examples below I will go over the most common and useful command line
options.

repadmin /?

Results displayed

C:\Users\rallen>repadmin /?
Usage: repadmin [/u:{domain\user}] [/pw:{password|*}]
[/retry[:][:]]
[/csv]

Use these commands to see the help:

/? Displays a list of commands available for use in repadmin and their

description.
/help Same as /?
/?: Displays the list of possible arguments , appropriate
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 2/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

syntaxes and examples for the specified command .

/help: Same as /?:
/experthelp Displays a list of commands for use by advanced users only.
/listhelp Displays the variations of syntax available for the DSA_NAME,
DSA_LIST, NCNAME and OBJ_LIST strings.
/oldhelp Displays a list of deprecated commands that still work but
are no longer supported by Microsoft.

Supported commands (use /? for detailed help):

/kcc Forces the KCC on targeted domain controller(s) to immediately
recalculate its inbound replication topology.

/prp This command allows an admin to view or modify the

password replication policy for RODCs.

/queue Displays inbound replication requests that the DC needs to issue

to become consistent with its source replication partners.

/replicate Triggers the immediate replication of the specified directory

partition to the destination domain controller from the source DC.

/replsingleobj Replicates a single object between any two domain

controllers that have common directory partitions.

/replsummary The replsummary operation quickly and concisely summarizes

the replication state and relative health of a forest.

/rodcpwdrepl Triggers replication of passwords for the specified user(s)

from the source (Hub DC) to one or more Read Only DC's.

/showattr Displays the attributes of an object.

/showobjmeta Displays the replication metadata for a specified object

stored in Active Directory, such as attribute ID, version
number, originating and local Update Sequence Number (USN), and
originating server's GUID and Date and Time stamp.

/showrepl Displays the replication status when specified domain controller

last attempted to inbound replicate Active Directory partitions.

/showutdvec displays the highest committed Update Sequence Number (USN

that the targeted DC's copy of Active Directory shows as
committed for itself and its transitive partners.

/syncall Synchronizes a specified domain controller with all replication

partners.
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 3/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Supported additional parameters:

/u: Specifies the domain and user name separated by a backslash

{domain\user} that has permissions to perform operations in
Active Directory. UPN logons not supported.

/pw: Specifies the password for the user name entered with the /u
parameter.

/retry This parameter will cause repadmin to repeat its attempt to bind
to the target dc should the first attempt fail with one of the
following error status:

1722 / 0x6ba : "The RPC Server is unavailable"

1753 / 0x6d9 : "There are no more endpoints available from the
endpoint mapper"

/csv Used with /showrepl to output results in comma separated

value format. See /csvhelp

Example 2: Summarize the replication status and view

overall health
The first command you should use is replsummary. This command will quickly show
you the overall replication health. This command will show you the percentage of
replication attempts that have failed as well as the largest replication deltas.

repadmin /replsummary

Results displayed

:\WINDOWS\system32>repadmin /replsummary
Replication Summary Start Time: 2018-03-13 04:44:54

Beginning data collection for replication summary, this may take awhile:
.....

Source DSA largest delta fails/total %% error

DC1 52m:48s 0 / 5 0
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 4/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

DC2 52m:46s 0 / 5 0

Destination DSA largest delta fails/total %% error

DC1 52m:46s 0 / 5 0
DC2 52m:48s 0 / 5 0

Example 3:  Show replication partner and status

Next, use the following command to see the replication partner as well as the
replication status. This helps you understand the role of each domain controller in
the replication process.

In addition, this command displays the GUID of each object that was replicated and
it’s result. This is helpful to identify what objects are failing to replicate.

repadmin /showrepl

Results displayed

C:\Users\rallen>repadmin /showrepl

Repadmin: running command /showrepl against full DC dc1.ad.activedirectorypro

Default-First-Site-Name\DC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
DSA invocationID: a4d22a63-1918-492a-bcd6-7fe286941e72

==== INBOUND NEIGHBORS ==============================

DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-13 03:52:08 was successful.

CN=Configuration,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-13 03:52:08 was successful.

CN=Schema,CN=Configuration,DC=ad,DC=activedirectorypro,DC=com
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 5/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Default-First-Site-Name\DC2 via RPC

DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-13 03:52:08 was successful.

DC=DomainDnsZones,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-13 03:52:08 was successful.

DC=ForestDnsZones,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-13 03:52:08 was successful.

Example 4: Show replication partner for a specific domain

controller
If you want to see the replication status for a specific domain controller use this
command.

replace <ServerName> with the name of your domain controller.

repadmin /showrepl <ServerName>

Results displayed

C:\WINDOWS\system32>repadmin /showrepl dc2

Default-First-Site-Name\DC2
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
DSA invocationID: 2eb95693-bfa7-4f3f-b52c-139737aa883f

==== INBOUND NEIGHBORS ==============================

DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
Last attempt @ 2018-03-14 04:21:02 was successful.

CN=Configuration,DC=ad,DC=activedirectorypro,DC=com
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 6/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Default-First-Site-Name\DC1 via RPC

DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
Last attempt @ 2018-03-14 03:52:07 was successful.

CN=Schema,CN=Configuration,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
Last attempt @ 2018-03-14 03:52:07 was successful.

DC=DomainDnsZones,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
Last attempt @ 2018-03-14 03:52:07 was successful.

DC=ForestDnsZones,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC1 via RPC
DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
Last attempt @ 2018-03-14 03:52:07 was successful.

Example 5: Show only Replication Errors

The showrepl command can output a lot of information. If you want to see only the
errors use this command. In this example, DC2 is down, you can see the results are
all errors from DC2.

C:\WINDOWS\system32>repadmin /showrepl /errorsonly

Repadmin: running command /showrepl against full DC dc1.ad.activedirectorypro

Default-First-Site-Name\DC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: a4d22a63-1918-492a-bcd6-7fe286941e72
DSA invocationID: a4d22a63-1918-492a-bcd6-7fe286941e72

==== INBOUND NEIGHBORS ==============================

DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-15 04:19:38 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2018-03-14 07:52:08.

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 7/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

CN=Configuration,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-15 04:19:38 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2018-03-14 07:52:08.

CN=Schema,CN=Configuration,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-15 04:19:38 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2018-03-14 07:52:08.

DC=DomainDnsZones,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-15 04:19:38 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2018-03-14 07:52:08.

DC=ForestDnsZones,DC=ad,DC=activedirectorypro,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408
Last attempt @ 2018-03-15 04:19:38 failed, result 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.
1 consecutive failure(s).
Last success @ 2018-03-14 07:52:08.

Source: Default-First-Site-Name\DC2
******* 1 CONSECUTIVE FAILURES since 2018-03-14 07:52:08
Last error: 8524 (0x214c):
The DSA operation is unable to proceed because of a DNS lookup failure.

Example 6: Show replication Queue

It is normal to see items in the queue. If you have a small environment it will often
be at zero because there are few replications that occur. If you notice items sitting in
the queue and they never clear out, you have a problem.

Use this command to view the replication queue

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 8/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Repadmin /Queue

Results displayed

C:\Users\rallen>repadmin /queue

Repadmin: running command /queue against full DC dc1.ad.activedirectorypro.co

Queue contains 0 items.

Example 7: How to Force Active Directory Replication

Use the following command if you want to force replication between domain
controllers. You will want to run this on the DC that you wish to update. For
example, if DC1 is out of sync I would run this on DC1.

This will do a pull replication, which means it will pull updates from DC2 to DC1.

repadmin /syncall dc1 /AeD

If you want to push replication you will use the /P switch. For example if you make
changes on DC1 and want to replicate those to other DCs use this command.

repadmin /syncall dc1 /APeD

Results displayed

C:\WINDOWS\system32>repadmin /syncall dc1 /AeD

Syncing all NC's held on dc1.
Syncing partition: DC=ForestDnsZones,DC=ad,DC=activedirectorypro,DC=com
CALLBACK MESSAGE: The following replication is in progress:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: The following replication completed successfully:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 9/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

CALLBACK MESSAGE: SyncAll Finished.

SyncAll terminated with no errors.

Syncing partition: DC=DomainDnsZones,DC=ad,DC=activedirectorypro,DC=com

CALLBACK MESSAGE: The following replication is in progress:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: The following replication completed successfully:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

Syncing partition: CN=Schema,CN=Configuration,DC=ad,DC=activedirectorypro

CALLBACK MESSAGE: The following replication is in progress:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: The following replication completed successfully:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

Syncing partition: CN=Configuration,DC=ad,DC=activedirectorypro,DC=com

CALLBACK MESSAGE: The following replication is in progress:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: The following replication completed successfully:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

Syncing partition: DC=ad,DC=activedirectorypro,DC=com

CALLBACK MESSAGE: The following replication is in progress:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: The following replication completed successfully:
From: 57a1cfbc-88bb-41da-a1a6-f14f5c9df408._msdcs.ad.activedirectorypro.c
To : a4d22a63-1918-492a-bcd6-7fe286941e72._msdcs.ad.activedirectorypro.c
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

Example 8: Export results to text file

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 10/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Sometimes these commands can display a lot of information. You can export any of
the examples above to a text file, this makes it a little easier to review at a later time
or save for documentation.

just add > c:\destination folder\filename.txt to the end of any of the commands

Here are a few examples

repadmin /replsummary > c:\it\replsummary.txt

repadmin /showrepl > c:\it\showrepl.txt

More examples
Find the last time your DC were backup

Repadmin /showbackup *

Displays calls that have not yet been answered

repadmin /showoutcalls *

List the Topology information

repadmin /bridgeheads * /verbose

Inter Site Topology Generator Report

repadmin /istg * /verbose

Conclusion

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 11/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

As a system administrator it is important that you know how to troubleshoot and

verify replication is working correctly. The repadmin is a simple yet powerful tool
that you should know how to use.

I hope you found this guide useful. If you have any questions leave a comment
below.

See Also: 

How to Quickly Check FSMO Roles

Use NSLookup to Check DNS Records

Recommended Tool: SolarWinds Server &

Application Monitor
This utility was designed to Monitor Active Directory and other critical services like
Azure, DNS, and DHCP. It will quickly spot domain controller issues, replication,
performance issues with cloud services, failed logon attempts, and much more.

What I like best about this tool is its easy to use interface and instant alerting
features.

Download Your Free Trial Here

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 12/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

16 thoughts on “Repadmin: How to Check Active

Directory Replication”

Hani Alhabshi
September 9, 2018 at 10:48 am

Great article..Thanks for sharing

Reply

Robert Allen
September 22, 2018 at 7:16 pm

Thanks Hani

Reply

user
January 17, 2019 at 12:48 pm

Great. thanks you very much for sharing useful information

Reply

Robert Allen
January 18, 2019 at 12:37 am

No problem
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 13/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Reply

Bhupender Kumar
June 17, 2019 at 6:00 am

Very useful stuff …

Reply

H Junior
October 31, 2019 at 6:01 pm

Nice article!! Thanks a lot.

Reply

Ioannis
January 27, 2020 at 8:11 am

that was very useful , indeed.Thank you !

Reply

Johnny
April 30, 2020 at 8:51 am

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 14/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Useful article!

Reply

Kareem
May 30, 2020 at 4:46 am

WOW, So easy as very useful knowledge for troubleshooting replication

errors

Reply

Shaun
July 31, 2020 at 7:56 am

Thank you

Reply

Dragon
September 29, 2020 at 1:16 am

Great, very useful!

Reply

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 15/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Pearson K
October 22, 2020 at 1:23 pm

This is a great article. I sue this constantly. I do have a question, in order to

run the repadmin command, what access rights need to be granted? I want
one of my team to action this task but I do not wish to give the user full
Domain Admin. Kind regards

Reply

IMran
February 16, 2021 at 9:32 am

Hi,
Would you please explain how to Active Directory replication happen site
to site and Domain controller to Domain Controller step by step.

Reply

Kabir Acosta
July 29, 2021 at 8:01 pm

Excellent!

Reply

Mohd Hasan
September 26, 2021 at 2:48 pm
https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 16/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Excellent explanation and command.

Reply

Robert Allen
September 27, 2021 at 11:37 am

Thans Mohd

Reply

Leave a Comment

Name *

Email *

Website

Post Comment

Active Directory Security Checklist

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 17/18
2021/10/25 下午3:36 Repadmin: How to Check Active Directory Replication - Active Directory Pro

Download this free PDF checklist that includes the top 25 best practices for
securing Active Directory and Windows systems.

Email address
Download PDF Checklist

Resources
Tools
Blog
About
Contact

Follow us
Twitter
YouTube

© 2021 Active Directory Pro | Terms | Privacy

https://activedirectorypro.com/repadmin-how-to-check-active-directory-replication/ 18/18