When it comes to fixing Active Directory replication issues, the Repadmin tool has been your first choice since the launch of Windows 2003. However, the PowerShell replication cmdlets are now offering more flexibility. In this post, I discuss the advantages and disadvantages of both solutions.

Krishnamoorthi Gopal

Krishna is working as a Senior System Administrator for a managed IT Service provider. He has 10 years of IT experience in the insurance and healthcare industries. Krishna focuses on Windows and Active Directory administration and works with various other technologies such as VMware, Azure, Hyper-V, and PowerShell.

The Repadmin tool ^

Repadmin.exe is a command-line tool available if you've installed the Active Directory role; otherwise, you have to install Remote Server Administration Tools (RSAT). The output is usually in text form. If you have to customize the format of the output, things can get time consuming.

In the example that follows, Repadmin triggers a request to pull inbound replication information from a domain controller named DC2012. The command /csv gives the output in .csv format, and /Errorsonly shows only connections with errors.

Get the replication info using Repadmin

Get the replication info using Repadmin

Repadmin outputs info as a string

Repadmin outputs info as a string

If you plan to work with the output in PowerShell, you can pipe the output to the ConvertFrom-Csv cmdlet to create objects. Then you can format the information as shown below.

Conversion of Repadmin data into objects

Conversion of Repadmin data into objects

PowerShell replication cmdlets ^

Microsoft added a number of PowerShell cmdlets in Windows Server 2012 that allow you check the Active Directory replication status. The cmdlets belong to the Active Directory PowerShell module. The RSAT tools give you the cmdlets on a Windows workstation.

Unlike Repadmin, the PowerShell cmdlets create objects rather than text as output. An object has a rich set of properties and methods you can reuse effectively within your scripts and can pipe to another cmdlet. With this, you simplify your automation and reporting tasks.

Why cmdlets ^

The ability to present the output as an object is the main advantage of PowerShell replication cmdlets compared to the Repadmin tool.

The following example demonstrates nicely how useful the output is as an object for troubleshooting issues.

Get the last replication info using cmdlets

Get the last replication info using cmdlets

Cmdlet outputs as objects

Cmdlet outputs as objects

Compared to the solution with Repadmin plus ConvertFrom-Csv, the PowerShell cmdlets return objects with more properties.

Return the property count from both

Return the property count from both

The major advantage of working with an object with many properties is that you can easily extract the information you need by piping the object to additional PowerShell commands.

The example below shows three cmdlets connected by a pipeline. The first pipe extracts replication details such as the computer name. We then pass the result to Test-Connection to check whether corresponding computers are online.

Using the pipeline with the PowerShell replication cmdlets

Using the pipeline with the PowerShell replication cmdlets

Another advantage of the PowerShell cmdlets is that it is easy to understand what a particular command is supposed to do. If you compare the following commands that both return the replication metadata, you will understand what I mean.

PowerShell replication cmdlet examples ^

Below you will find a few examples of how you can use the PowerShell replication cmdlets.

Get-AD Replication partner metadata

This gets the inbound replication partners for a designated server or set of servers within the forest.

Get both the incoming and outgoing partners' replication info

Get both the incoming and outgoing partners' replication info

Get-ADReplicationFailure

This queries the failed replication details for a designated server based on the input target and scope.

The first figure shows that there currently is no replication issue from ADC2012 to DC2012, but the connection failed on 09/25/2019 at 12:01 AM. Yet note it is not the most recent failure time. Any number of retry attempts might have happened from the time of failure until the replication succeeded. The failed retries are stored in the FailureCount property, but only if the connection is still in a failed state; otherwise the value is 0.

Get the failed replication details

Get the failed replication details

Get-ADReplicationConnection

This returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.

The first one lists all the connection objects within the AD forest using the filter parameter, while the second one lists the details of specific connection object using the identity parameter.

Get all the connections from the forest using the filter parameter

Get all the connections from the forest using the filter parameter



Get the specific connection using the identity parameter

Get the specific connection using the identity parameter

Get-ADReplicationAttributeMetadata

This cmdlet queries replication metadata for an object from a specified directory server. The output of this command shows the what, when, and where for a particular object's modification within the boundary of your AD, but it doesn't say who modified the object. If auditing is enabled, it helps you identify the modifier details.

The command displays the metadata of a deleted record from Windows 8 from the zone test.local. This object was deleted on 09/29/2019 from the server DC2012.

If you want to know who deleted this record, check the security event 4662 from the security log. Note that you should enable DNS auditing to get the events under security.

Get replication metadata for a deleted DNS record

Get replication metadata for a deleted DNS record

Get the modifier details from the security log using a metadata timestamp

Get the modifier details from the security log using a metadata timestamp

Get-ADReplicationSite, SiteLink, Subnet, SitelinkBridge

These cmdlets can query a single or set of respective site components based on a specific filter. You can query the cost of a site and replication frequency, which allows you to understand the replication topology and expected replications delays.

Example of subnet and sitelink cmdlets

Example of subnet and sitelink cmdlets

PowerShell equivalents for Repadmin commands ^

The following table includes a few replication functions available from both of the tools.

Get replication partner status
repadmin /showreplGet-ADReplicationPartnerMetadata
Get Inbound replication queue details
repadmin /queueGet-ADReplicationQueueOperation
Replicate specific AD objects between domain controllers
repadmin /replsingleobjSync-ADObject
Get replication metadata of an AD object
repadmin /showobjmetaGet-ADReplicationAttributeMetadata
Shows highest committed USN
repadmin /showutdvecGet-ADReplicationUpToDatenessVectorTable
Displays ISTG details
repadmin /istg *Get-ADReplicationSite –filter * | Select InterSiteTopologyGenerator
List all the subnets in the forest
dsquery subnetGet-ADReplicationSubnet
List the AD sites in the domain
dsquery siteGet-ADReplicationSite

Why Repadmin still matters ^

The PowerShell replication cmdlets cannot completely replace Repadmin because some powerful Repadmin functions are still not available in PowerShell. Notably, these are commands that can help you force the replication of all the directory partitions after a change occurs. Another important task you currently can't do with PowerShell is creating the replication topology for any missing connections.

Below are some examples that show a few Repadmin tasks you can't process in PowerShell.

The following command forces and pushes all the replication changes.

The next command forces the domain-naming context changes from ADC2012 to DC2012.

And this last command creates the missing replication connection object for each domain controller in a specified site.

Conclusion ^

The main advantage to the PowerShell replication cmdlets is that you work with rich objects that simplify many automation tasks. However, because PowerShell still lacks a few features of Repadmin, the AD admin has to keep this utility in his toolbox for a while.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

2+
Share
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account