When it comes to fixing Active Directory replication issues, the Repadmin tool has been your first choice since the launch of Windows 2003. However, the PowerShell replication cmdlets are now offering more flexibility. In this post, I discuss the advantages and disadvantages of both solutions.

The Repadmin tool

Repadmin.exe is a command-line tool available if you've installed the Active Directory role; otherwise, you have to install Remote Server Administration Tools (RSAT). The output is usually in text form. If you have to customize the format of the output, things can get time consuming.

In the example that follows, Repadmin triggers a request to pull inbound replication information from a domain controller named DC2012. The command /csv gives the output in .csv format, and /Errorsonly shows only connections with errors.

repadmin /showrepl DC2012 "DC=test,DC=local" /csv /Errorsonly
Get the replication info using Repadmin

Get the replication info using Repadmin

Repadmin outputs info as a string

Repadmin outputs info as a string

If you plan to work with the output in PowerShell, you can pipe the output to the ConvertFrom-Csv cmdlet to create objects. Then you can format the information as shown below.

repadmin /showrepl DC2012 "DC=test,DC=local" /csv | ConvertFrom-Csv | ? { $_.'Number of Failures' -ne 0} | select 'Source DSA','Destination DSA','Last Failure Time'
Conversion of Repadmin data into objects

Conversion of Repadmin data into objects

PowerShell replication cmdlets

Microsoft added a number of PowerShell cmdlets in Windows Server 2012 that allow you check the Active Directory replication status. The cmdlets belong to the Active Directory PowerShell module. The RSAT tools give you the cmdlets on a Windows workstation.

Unlike Repadmin, the PowerShell cmdlets create objects rather than text as output. An object has a rich set of properties and methods you can reuse effectively within your scripts and can pipe to another cmdlet. With this, you simplify your automation and reporting tasks.

Why cmdlets

The ability to present the output as an object is the main advantage of PowerShell replication cmdlets compared to the Repadmin tool.

The following example demonstrates nicely how useful the output is as an object for troubleshooting issues.

Get-ADReplicationPartnerMetadata -Target DC2012 -Partition domain | Select Server,@{n="Partner";e={(Resolve-DnsName $_.PartnerAddress).NameHost}},LastReplicationAttempt
Get the last replication info using cmdlets

Get the last replication info using cmdlets

Cmdlet outputs as objects

Cmdlet outputs as objects

Compared to the solution with Repadmin plus ConvertFrom-Csv, the PowerShell cmdlets return objects with more properties.

Return the property count from both

Return the property count from both

The major advantage of working with an object with many properties is that you can easily extract the information you need by piping the object to additional PowerShell commands.

The example below shows three cmdlets connected by a pipeline. The first pipe extracts replication details such as the computer name. We then pass the result to Test-Connection to check whether corresponding computers are online.

Using the pipeline with the PowerShell replication cmdlets

Using the pipeline with the PowerShell replication cmdlets

Another advantage of the PowerShell cmdlets is that it is easy to understand what a particular command is supposed to do. If you compare the following commands that both return the replication metadata, you will understand what I mean.

Get-ADReplicationPartnerMetadata -Target DC2012 -Partition Schema
repadmin /showrepl DC2012 "DC=test,DC=local"

PowerShell replication cmdlet examples

Below you will find a few examples of how you can use the PowerShell replication cmdlets.

Get-AD Replication partner metadata

This gets the inbound replication partners for a designated server or set of servers within the forest.

Get-ADReplicationPartnerMetadata -Target DC2012 -Partition Schema ‑PartnerType Both | select Server,@{n="Partner";e={(Resolve-DnsName $_.PartnerAddress).NameHost}},Partition,LastReplicationResult,PartnerType | ft
Get both the incoming and outgoing partners' replication info

Get both the incoming and outgoing partners' replication info


This queries the failed replication details for a designated server based on the input target and scope.

The first figure shows that there currently is no replication issue from ADC2012 to DC2012, but the connection failed on 09/25/2019 at 12:01 AM. Yet note it is not the most recent failure time. Any number of retry attempts might have happened from the time of failure until the replication succeeded. The failed retries are stored in the FailureCount property, but only if the connection is still in a failed state; otherwise the value is 0.

Get-ADReplicationFailure -Target ADC2012 | select Server,Partner,FirstFailureTime,FailureCount,FailureType
Get the failed replication details

Get the failed replication details


This returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.

The first one lists all the connection objects within the AD forest using the filter parameter, while the second one lists the details of specific connection object using the identity parameter.

Get-ADReplicationConnection -Properties * -Filter * | select Name,AutoGenerated,InterSiteTransportProtocol,schedule,fromServer | ft
Get all the connections from the forest using the filter parameter

Get all the connections from the forest using the filter parameter

Get-ADReplicationConnection -Identity ADC2012->WIN-H5A3L7FJOB4 -Properties * | select Name,AutoGenerated,InterSiteTransportProtocol,schedule,fromServer | ft
Get the specific connection using the identity parameter

Get the specific connection using the identity parameter


This cmdlet queries replication metadata for an object from a specified directory server. The output of this command shows the what, when, and where for a particular object's modification within the boundary of your AD, but it doesn't say who modified the object. If auditing is enabled, it helps you identify the modifier details.

Get-ADReplicationAttributeMetadata "DC=Win8,DC=test.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=test,DC=local" -Server DC2012 -IncludeDeletedObjects -ShowAllLinkedValues | Where-Object { $_.attributename -eq "dnsTombstoned" }

The command displays the metadata of a deleted record from Windows 8 from the zone test.local. This object was deleted on 09/29/2019 from the server DC2012.

If you want to know who deleted this record, check the security event 4662 from the security log. Note that you should enable DNS auditing to get the events under security.

Get replication metadata for a deleted DNS record

Get replication metadata for a deleted DNS record

Get the modifier details from the security log using a metadata timestamp

Get the modifier details from the security log using a metadata timestamp

Get-ADReplicationSite, SiteLink, Subnet, SitelinkBridge

These cmdlets can query a single or set of respective site components based on a specific filter. You can query the cost of a site and replication frequency, which allows you to understand the replication topology and expected replications delays.

Example of subnet and sitelink cmdlets

Example of subnet and sitelink cmdlets

PowerShell equivalents for Repadmin commands

The following table includes a few replication functions available from both of the tools.

Get replication partner status
repadmin /showreplGet-ADReplicationPartnerMetadata
Get Inbound replication queue details
repadmin /queueGet-ADReplicationQueueOperation
Replicate specific AD objects between domain controllers
repadmin /replsingleobjSync-ADObject
Get replication metadata of an AD object
repadmin /showobjmetaGet-ADReplicationAttributeMetadata
Shows highest committed USN
repadmin /showutdvecGet-ADReplicationUpToDatenessVectorTable
Displays ISTG details
repadmin /istg *Get-ADReplicationSite –filter * | Select InterSiteTopologyGenerator
List all the subnets in the forest
dsquery subnetGet-ADReplicationSubnet
List the AD sites in the domain
dsquery siteGet-ADReplicationSite

Why Repadmin still matters

The PowerShell replication cmdlets cannot completely replace Repadmin because some powerful Repadmin functions are still not available in PowerShell. Notably, these are commands that can help you force the replication of all the directory partitions after a change occurs. Another important task you currently can't do with PowerShell is creating the replication topology for any missing connections.

Below are some examples that show a few Repadmin tasks you can't process in PowerShell.

The following command forces and pushes all the replication changes.

repadmin /syncall /Aped (or) repadmin /syncall /Aed
[A-All partitions P-Push e-enterprise, cross sites d-distinguished names]

The next command forces the domain-naming context changes from ADC2012 to DC2012.

repadmin /replicate DC2012 ADC2012 "DC=test,DC=local" /force

And this last command creates the missing replication connection object for each domain controller in a specified site.

Subscribe to 4sysops newsletter!

repadmin /kcc Site:Default-First-Site-Name


The main advantage to the PowerShell replication cmdlets is that you work with rich objects that simplify many automation tasks. However, because PowerShell still lacks a few features of Repadmin, the AD admin has to keep this utility in his toolbox for a while.

  1. Jack 3 years ago

    Great article. Is there a way to replicate AD Integrated DNS Zones using PowerShell? For example inside a script you create a DNS A record and you want that to immediately replicated to all the other DNS of the forest or domain

    • Author
      Krishna 3 years ago

      DNS resides inside NDTS.dit file which means DNS data also get replicationd when AD replication happens

  2. Dan Visan 3 years ago


  3. Great post Mr Krishna. The PowerShell Equivalents for Repadmin commands table in the end is very useful for admins who want to move away from legacy tool to PowerShell. Excellent writeup.

  4. Katrien 10 months ago

    I was able to use this info to retrieve data not even present in our Varonis , so double awesome.Very good writeup!

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account