Active Directory How-To pages

Active Directory Auditing Tool

Monitor all domain controller activities like logon/logoff, GPO changes, user management activities
and more across the entire domain.

Get Your Free Trial Free, fully functional 30-day trial
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Active Directory How-To pages

How to check if domain controllers are in sync with each other?

Step 1 - Check the replication health

Run the following command :
Repadmin /replsummary

The “/replsummary” operation quickly summarizes replication state and relative health of a forest.

how-to-check-if-domain-controllers-are-in-sync-with-each-other

Step 2 - Check the inbound replication requests that are queued.

Repadmin /Queue

This command lists elements that are remaining in the replication queue. It displays inbound replication requests that the Domain Controller needs to issue in order to become consistent with its source replication partners.

how-to-check-if-domain-controllers-are-in-sync-with-each-other-2

Step 3 - Check the replication status

Repadmin /Showrepl

This command displays the replication status when the specified domain controller last attempted to implement an inbound replication of Active Directory partitions. It helps in figuring out the replication topology and replication failure.

how-to-check-if-domain-controllers-are-in-sync-with-each-other-3

Step 4 - Synchronize replication between replication partners

Repadmin /syncall

It ensures synchronization between replication partners

Step 5 - Force the KCC to recalculate the topology

Repadmin /KCC

This command forces the KCC (Knowledge Consistency Checker) on targeted domain controller(s) to immediately recalculate its inbound replication topology. It checks and creates the connections between the Domain Controllers. By default KCC runs in the background every 15 minutes to check if a new connection has been established between DCs.

how-to-check-if-domain-controllers-are-in-sync-with-each-other-4

Step 6 - Force replication

Repadmin /replicate

This command forces the replication of the specified directory partition to the destination domain controller from the source DC.

FAQs:

  • How do I check my AD replication status?

    Running the repadmin /showrepl can help you view the replication status.
    If you would like an overall replication health summary, the command repadmin /replsummary should help.

  • How do I fix Active Directory replication issues?

    To diagnose replication errors, users can run the AD status replication tool that is available on DCs or read the replication status by running repadmin /showrepl.
    To view only the replication errors, use the command: repadmin /showrepl /errorsonly

  • How do you force AD replication?

    To force replication between two domain controllers, run the following command on the DC you wish to update:
    repadmin /syncall <DC-name> /AeD
    In case you want to make changes on a DC and push replication to other DCs, the following command should do the trick:
    repadmin /syncall <DC-name> /APeD

  • How often does AD replication occur?

    Intra-site replication: With the exception of critical directory updates that are replicated immediately, the source DC updates changes to its closest replication partner every 15 seconds.

    Inter-site replication: By default, the replication interval is 180 minutes and can be adjusted to be as low as 15 minutes.

  • What is the default replication time for Active Directory?

    Intra-site replication: With the exception of critical directory updates that are replicated immediately, the source DC updates changes to its closest replication partner every 15 seconds.

    Inter-site replication: By default, the replication interval is 180 minutes and can be adjusted to be as low as 15 minutes.

    To change the default replication time, users can go into the Active Directory Sites and Services snap-in → Inter-site transport container → IP container → Site link you want to modify the interval on → Enter your desired value besides "Replicate every" → Save changes.

Use ADAudit Plus to monitor AD replication status and gain insights into:

  • Replication traffic between DCs
  • When replication fails, along with the reason for failure
  • When replication begins and ends
  • Which AD object attributes are replicated
  • And more
  •  
     
  •  
By clicking 'BOOK A DEMO NOW', you agree to processing of personal data according to the Privacy Policy.

Thanks!

We have received your request for a personalized demo. Our product specialist will get in touch with you shortly. Meanwhile, you can explore the product's capabilities using our online demo.

Recognized as a Gartner Peer Insights Customers’ Choice for Security Incident & Event Management (SIEM) for 3 years in a row!

 
Account Management Auditing
Active Directory Auditing
Windows Server Auditing