![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello
Thanks for posting in the Microsoft Community.
Here are some steps to troubleshoot AD DS replication issues:
- Check the event log
Event Viewer is the first step in troubleshooting. You need to check the Directory Service log.
Path: Event Viewer → Application and Service Logs → Microsoft → Windows → Directory Service.
Focus on the following error events:
Event ID 2042: Usually indicates a replication failure.
Event ID 1586: May involve connection or synchronization issues.
Event ID 1311: Usually a replication error caused by DNS configuration or permission issues.
Event ID 1003: Indicates that the target domain controller cannot be connected.
If there are these errors in the log, you can further troubleshoot based on the error information.
- Use the dcdiag tool
dcdiag is a very useful diagnostic tool that can help you diagnose the health of domain controllers, including replication issues.
Open the Command Prompt and run it as an administrator.
dcdiag /v
Look for errors or warnings in the output, especially those related to replication.
You can also check the replication status specifically:
dcdiag /test:replications
- Check the replication status using the repadmin tool
repadmin is another important command-line tool that can provide detailed information about replication between domain controllers.
Open a command prompt and run it as an administrator.
Run the following command to view the replication summary:
repadmin /replsummary
This command will display the replication status of all domain controllers and mark the failures.
For more detailed replication failure information, you can run:
repadmin /showrepl
- Check DNS configuration
DNS is key to AD DS replication. If DNS is not configured correctly, replication may fail.
Check DNS resolution: Use nslookup to ensure that the domain controller name can be resolved correctly.
Make sure that the domain controller is using the correct DNS server, usually the IP address of itself or another domain controller. You can run the following command:
ipconfig /all
Make sure that there are no problems with the DNS settings used.
Check SRV records: Confirm that the _ldap._tcp.dc._msdcs record exists to ensure that DNS is correctly configured for domain controller discovery:
nslookup -type=SRV _ldap._tcp.dc._msdcs.yourdomain.com
I hope the above information is helpful to you.
Best regards
Runjie Zhai