Get-ADReplicationFailure doesn't return information about all the domain controllers

Andrea Rochira 1 Reputation point
2021-10-29T20:09:21.797+00:00

Dear community,

I have a relatively simple question to ask. I'm planning to use the cmdlet Get-ADReplicationFailure in a script to easily and rapidly collect information about Active Directory replication failures.

I have a few domain controllers spread in a couple of sites (main and branch). If I run the cmdlet on any DC in the main site, it returns its nice output (FailureCount is 0 by the way). If I run it on the DCs in the branch office, it returns nothing (no errors, it just goes back to the PowerShell prompt). If I run the cmdlet (either on the main or the branch site DCs) with the domain name for the -target parameter and the "Domain" value for the -scope parameter, it returns information related only to the main site DCs.

Just as an extra piece of information:

  • the replication is fine, with no errors or fails according "repadmin /replsum" or Active Directory replication tool or the DFS admin console, which instead return complete information about all the DCs in the domain (no errors)
  • I'm running the Get-ADReplicationFailure as domain admin

Am I missing something?

Thanks in advance for your help.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,852 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,363 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 44,776 Reputation points
    2021-10-29T21:42:56.513+00:00

    Are all DC's running a supported version of the O/S? And are they all running a 64-bit version of the O/S? Are you running the 64-bit version of PowerShell on all DC's?

    The 32-bit PowerShell is found at C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, and the 64-bit PowerShell is at C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    A quick way to know if you're running in a 64- or 32 bit process in PowerShell is: 

    [IntPtr]::size * 8
    0 comments
  2. Andrea Rochira 1 Reputation point
    2021-11-01T19:17:42.94+00:00

    Hi RichMatheisen-8856,

    Thanks for your reply. Just to be sure we are on the same page, what does "O/S" stand for? Sorry, it's the first time I see that acronym used with PowerShell, I first thought it would be "Operating System", but it doesn't feel right...

    If this can help, all the DCs are running Windows Server 2019 (with the integrated PowerShell 5.1 desktop edition and the manually installed Powershell 7 core edition).

    I'm ready to perform all the other tests as soon as I know what O/S means.

    Looking forward to your feedback.

  3. Andrea Rochira 1 Reputation point
    2021-11-09T18:47:11.433+00:00

    Hi RichMatheisen-8856,

    Sorry for the long break, I happened to take last week off. I performed the checks you suggested and this is the output on all the DCs:

    147927-screen-shot-2021-11-09-at-111515-am.png

    Now, this week the output for the command "Get-ADReplicationFailure -target 'mydomain' -scope Domain" (same if I use "Forest" as a scope) is returning all the DC's information but the PDC... So, surely it's not a problem with the PowerShell version or OS architecture (since two weeks ago I was able to get info only from the DCs in the main site, including the PDC).

    I'm actually confused about how this cmdlet works and why it returns only some and not all DC's replication information: where's the caveat? is there something that, by design, excludes a DC from returning the related information? The Microsoft support article doesn't mention exceptions or particular situations where the information required with the cmdlet is intentionally omitted ( https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-adreplicationfailure?view=windowsserver2019-ps )

    Let me know if I can provide more information or perform more checks.

  4. Andrea Rochira 1 Reputation point
    2021-11-09T20:43:46.083+00:00

    Here I am @Rich Matheisen ,

    Adding the -Verbose parameter to the cmdlet does not return anything extra, output is exactly the same.

    I ran your snippet on each domain controller and the output is consistent on all of them: all the DCs are correctly listed with their name, domain name, forest name, IP address, and site name.

  5. Andrea Rochira 1 Reputation point
    2021-11-09T23:16:24.1+00:00

    @Rich Matheisen
    Nope, I'm not using the Invoke-Command cmdlet. I'm using the simple string "Get-ADReplicationFailure -target 'mydomain' -scope Domain -Verbose" alone and it returns information about almost all of the DCs in both my sites except one. And if I run the string "Get-ADReplicationFailure dc_name" on the very DC that is not returning information, I don't get any output there as well...

    I followed the suggestion you gave me in your reply 8 days ago: "If "Get-ADReplicationFailure" is the only thing in the script, try adding the "-Verbose" switch to it."

    Do you want me to use the Invoke-Command cmdlet instead?