repadmin

Overview

Use REPADMIN to view replication topology and diagnose replication problems. Other uses include ; Create replication events, Force replication, View metadata and up-to-datedness vectors and check replication failures.

Usage Guide

Control diagnostic functionality on REPADMIN by using the following parameters.

/kccForces the KCC to recalculate inbound replication topology on target domain controllers.
/prpLists and updates password replication policy for read-only domain controllers.
/rodcpwdreplReplicates passwords for specified users to read-only domain controllers.
/queueDisplay outstanding replication requests that need to be applied to the domain controller to become consistent with its' replication partners.
/replicateInitiates replication of a directory partition from a domain controller.
/repsingleobjInitiates replication of a single object between two domain controllers.
/replsummaryReports replication failures on domain controllers.
/showattrList attributes of a specified object.
/showobjmetaList replication metadata for an object stored in the AD domain services.
/showreplDisplays the replication status from the last attempted inbound replication.
/showutdvecDisplays the up-to-datedness vector, which is the highest update sequence number received by replication.
/syncallSynchronise the domain controller with all replication partners.

Example Syntax

repadmin /kcc domain_controller_1 domain_controller_2 domain_controller_3
Include all domain controllers on which you want to initiate the recalculation. An optional parameter async Runs an asynchronous replication, in which the KCC will not wait for or expect a response from the target DC's.

  • repadmin /prp add read_only_domain_controller_name allow security_principal_name
  • repadmin /prp delete read_only_domain_controller_name allow [security_principal_name | all]
  • repadmin /prp move read_only_domain_controller_name security_group_name [/noauth2cleanup] [/users_only | comps_only] <
  • repadmin /prp view read_only_domain_controller_name [list_name / security_principal_name]

The add parameter adds the specified security principal to the "allowed list", internally referenced as msDS-RevealOnDemandGroup. It cannot be used to add security principals to the "denied list", which is internally referenced as msDS-NeverRevealGroup.

The delete parameter removes named security principals from the "allowed list"; it also delete all security principals from the "authenticated to" list (internally referenced as msDS-AuthenticatedToAccountList) via the /all parameter.

the move parameter moves all security principals from the "authenticated to" list to a specified security group. By default the parameter also removes the security principals from the "authenticated to" list and adds the specified group to the "allowed list". You can prevent the removal of security principals from the "authenticated to" list by adding the /noauth2cleanup parameter.You can also limit the scope of the parameter to user security principals or computer security principals via the /users_only and /comps_only parameters.

The view parameter displays security principals in a list or the password replication policy for a user. To display users in a list, specify a valid list name. Valid list names are:

  • auth2 - Security principals that have been authenticated.
  • reveal - Security principals that have cached passwords.
  • allow - The allowed list.
  • deny - The denied list.

repadmin /rodcpwdrepl read-only_domain_controller_1 read-only_domain_controller_2 writeable_domain_controller user_name_1 user_name_2

The /rodcpwdrepl takes a list of domain controllers as its' argument - all being read only except the last which is writeable domain controll from whom the credentials are cached; and a list of user distinguished names whicha re the credentials that will be cached on the read-only domain controllers. An example or a user distinguished name is:
cn=Johnny_Streeter, ou=diagtechs, dc=example-one, dc=co, dc=uk

repadmin /queue domain_controller_1 domain_controller_2

The /queue parameter takes list of domain controllers as its' argument.

repadmin /replicate destination_domain_controller_1 destination_domain_controller_2 source_domain_controller domain_naming_context [/force] [/async] [/full] [/addref] [/readonly]

The /replicate parameter takes a list of domain controllers as its' argument - all being replication targets except the last, which is the replication source. Following this is the naming context of the partition to be replicated and example of this is:
dc=example-two dc=com dc=au
The optional parameters are:

  • /force - Forces replication evet to disabled connections.
  • async - Runs an asynchronous replication, in which the KCC will not wait for or expect a response from the target DC's.
  • ,/full - Replicates all changes for the partition.
  • /addref - Enables change notification between source and target domain controllers.
  • /readonly - Flags the target as a read-only domain controller.

repadmin /replsingleobj destination_domain_controller_1 destination_domain_controller_2 source_domain_controller object_name

The /replsingleobj parameter takes a list of domain controllers as its' argument - all being replication targets except the last, which is the replication source. Following this is the name of the object to be replicated.

repadmin /replsummary [domain_controller_1 domain_controller_2 domain_controller_3] [*] [/bysrc] [/bydest] [/errorsonly] [/sort]

The /replsummary parameter takes a list of domain controllers or a wildcard (eg *local_dc) as its parameter. It has the following optional parameters

  • /bysrc - reports the status of all domain controllers replicating from a specific source.
  • /bydest - reports the status of all domain controllers replication to a specific destination.
  • /errorsonly - Only lists domain controllers with errors.
  • /sort - sorts output by one of the following options delta, partners, failures, error, percent, unresponsive.

repadmin /showattr domain_controller object_name [/atts] [/allvalues] [/long] [/dumpallblob] [/gc]

The /showattr parameter takes a domain controller and an object as its' parameters. A list of domain controllers or wildcard (eg *local_dc) and objects can also be specified. The optional parameters are;

  • /atts - This restricts the output to those attributes defined in a list following the /atts parameter.
  • /allvalues - Displays all attributes, the default display is up to 20 attributes.
  • /long - Outputs one line per attribute value
  • /dumpallblob - Includes binary attribute values in the output.
  • /cg - Uses the global catalog port, TCP 3268 to read global catalog partitions.

repadmin /showobjmeta domain_controller object_name [/nocache] [/linked]

The /showobjmeta parameter takes a domain controller and an object distinguished name as its' parameters. A list of domain controllers or wildcard (eg *local_dc) can also be specified. The optional parameters are:

  • /nocache - Flags that GUID's are left in hexadecimal format.
  • /linked - Includes metadata linked objects in the output.

repadmin /showrepl domain_controller [object_GUID] [naming_context] [/verbose] [/nocache] [/repsto] [/conn] [/all] [/errorsonly] [/intersite] [/csv]

The /showrep parameter takes a domain controller, a list of domain controllers or wildcard (eg *local_dc) as its' parameters. The optional parameters are:

  • object_GUID - Restrict reported replication events to the specified object.
  • naming context - Restricts reported replication events to the specified naming context.
  • /verbose - Verbose reporting.
  • /nocache -
  • /repsto - Display outbound partner data.
  • /conn - Appends a KCC Connection Objects section to the report.
  • /all - Runs both repsto and parameters.
  • /errorsonly - Restricts output to domain controllers reporting errors with replication targets.
  • /intersite - Includes domain controllers at remotes sites.
  • /csv - Formats out put to CSV.

repadmin /showutdvec domain_controller namimg_context [/nocache] [/latency]

The /showobjmeta parameter takes a domain controller, a list of domain controllers or wildcard (eg *local_dc) as its' first parameter and a naming context as its's second parameter. The optional parameters are:

  • /nocache - Flags that GUID's are left in hexadecimal format.
  • /latency - Sorts the output from least to most current.

repadmin /syncall domain_controller [naming_context] [flags]

The /showobjmeta parameter takes a domain controller as its' first parameter and a naming context as its's second parameter. It has a single optional parameters: flags valid values for flags are:

  • /a - Abort if any server is not available.
  • /A - Synchronise all naming contexts.
  • /e - Identify servers by distinguished names.
  • /h - Display help.
  • /i - Iterate indefinitely.
  • /I - Run /showrepl on each server pair.
  • /j - Synchronise adjacent serves only.
  • /p - Pause after every message.
  • /P - Push changes outward from specified domain controller.
  • /q - Quiet mode.
  • /Q - Very quiet mode, reports fatal errors only.
  • /s - Do not synchronise.
  • /S - Skip server initial response check.

Tool Data

Operating Platform:Windows
Diagnostic Target:Directory Services - Replication
CI Targets:
  • msDS-RevealedList
  • msDS-NeverRevealGroup
  • msDS-RevealOnDemandGroup
Tool Executable:repadmin.exe
Obtain From:Windows 2008 and 2003 built-in tool.
Web Links:

Results for Tools search

You entered the search string "".
No results were returned for this string.

Copyright © 1997 - 2016 Mission Pacific Pty Ltd. All rights reserved. ezcom, the ez logo and hard tech cafe are registered trademarks of Mission Pacific Pty Ltd. Designed for firefox and safari. Sitemap