Forcing Replication
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
Sometimes it becomes necessary to forcefully replicate objects and entire partitions between domain controllers that may or may not have replication agreements
Important
These are very powerful subcommands and should be used sparingly as they do not follow replication agreements that are in place and have the potential to cause replication storm and break Active Directory if not used properly.
Replicate a single object between two domain controllers
The repadmin /replsingleobj command replicates a single object between any two domain controllers that have partitions in common. The two domain controllers do not require a replication agreement between them. Replication agreements can be shown by using the repadmin /showreps command.
Syntax
repadmin /replsingleobj <DC_LIST> <Source DSA_Name> <ObjectDN>
Parameter |
Definition |
<DC_LIST> |
Specifies the host name of a domain controller or a list of domain controllers separated by a space that the object will be replicated to. For details about <DC_LIST>, see repadmin /listhelp |
<Source DSA_Name> |
Specifies the name of the source domain controller. You can specify a host name or the unique hexadecimal number that identifies the source domain controller. You can retrieve the objectGUID by using the /showreps operation. |
<ObjectDN> |
Specifies the distinguished name of the object. |
Example: Replicate a single object between all the branch domain controllers by using wild card character
.gif "Repadmin /replsingleobj")
Force a replication event between two partners
The repadmin /replicate command starts a replication event for the specified directory partition between the source and destination domain controllers. The source universally unique identifier (UUID) can be determined when viewing the replication partners by using the /showreps operation.
Important
The repadmin /replicate command will not work if the partners do not have the specified partition in common or replication agreement between them.
Syntax1
repadmin /replicate <Destination_DC_LIST> <Source_DC_NAME> <Naming Context> [/force] [/async] [/full] [/addref] [/readonly]
Syntax2
repadmin /replicate <Destination_DC_LIST> <Naming Context> [/allsources] [/force] [/async] [/full] [/addref] [/readonly]
Parameter |
Definition |
<Destination_DC_LIST> |
Specifies the host name of the destination domain controller (Directory Server Agent) with which you want to replicate. For details about <DC_LIST>, see repadmin /listhelp. |
<Source_DC_NAME> |
Specifies the host name of the source domain controller with which you want to replicate. This parameter accepts a globally unique identifier (GUID), GUID-based Domain Name System (DNS) name, or the name of a server object. |
<Naming Context> |
Specifies the distinguished name of the directory partition. |
/force |
This parameter is used to override the Disable Replication option on a server. |
/async |
Specifies that the replication will be asynchronous. This means that repadmin starts the replication event, but it does not expect an immediate response from the destination domain controller. Use this parameter when there are slow links between domain controllers. |
/full |
Forces a full replication of all objects from the destination domain controller. |
/addref |
Directs the source to check for a notification entry on the source. If the source does not have a notification entry for this destination, one is added. |
/allsources |
A given destination can have multiple sources for the same naming context. Directs the destination to sync with all sources instead of just one. This parameter cannot be used with <Destination_DC_LIST>. |
/readonly |
This parameter is ignored by the /replicate operation. |
Example: replicate in domain partition between two specific partners
In the example in figure 3.9.2.1, we are attempting to replicate in domain partition between two specific partners. But the source domain controller is rejecting replication requests as configured by the administrator for valid reasons.
.gif "Repadmin /replicate")
In the next example, we run repadmin /showrepl against the source domain controller (BRANCH-HUB-BH) to read the domain controller options. Figure 3.9.2.2 highlights that outbound replication is currently disabled (DISABLE_OUTBOUND_REPL).
.gif "Repadmin /showrepl")
We could work around this by using the /force switch as seen in figure 3.9.2.3. However, use caution you when using the force replication feature. The /force switch is dangerous because it overrides any precautions that have been implemented by an enterprise administrator to address specific business needs. For example, in a large forest with hundreds of sites connected across unreliable WAN links, use of the /force switch to replicate changes across forest might cause a replication storm (depending on the changes) that the WAN could not handle.
.gif "Repadmin /replicate")
Force a replication event with all partners
the repadmin /syncall command synchronizes a specified domain controller with all replication partners.
Syntax
repadmin /syncall <DC> [<NamingContext>] [<Flags>]
Parameter |
Definition |
<DC> |
Specifies the host name of the domain controller to synchronize with all replication partners. |
<NamingContext> |
Specifies the distinguished name of the directory partition. |
<Flags> |
Performs specific actions during the replication. |
The following table lists the flags that you can use with repadmin /syncall.
Flag |
Description |
/a |
Abort if any server is unavailable. |
/A |
Sync all naming contexts which are held on the home server. |
/d |
Identify servers by distinguished name in messages. |
/e |
Enterprise, cross sites |
/h |
Print this help screen. |
/i |
Iterate indefinitely. |
/l |
Perform showreps on each server pair in path instead of synchronizing. |
/j |
Synchronize adjacent servers only. |
/p |
Pause for possible user abort after every message. |
/P |
Push changes outward from home server. |
/q |
Run in quiet mode, suppress call back messages. |
/Q |
Run in very quiet mode, report fatal errors only. |
/s |
Do not synchronize. |
/S |
Skip initial server response check. |
Important
Use this command and the above flags cautiously or you can damage the replication system because this command does not follow replication agreements nor honor any replication restrictions such as DISABLE_INBOUND_REPL or DISABLE_OUTBOUND_REPL
Example 1: Synchronizing Configuration Partition within the site
.gif "Repadmin /syncall")
There will be two callback messages for each partner in figure 3.9.3.1. One reports the progress and the other reports either success or failure (with explanation). Also notice that domain controllers are denoted by their GUID CNAMES as used in replication.
Example 2: Crossing site boundaries and other features
By default, repadmin /syncall does not cross site boundaries as depicted in figure 3.9.3.2. BRANCH-HUB-BH does not have any domain members in its own site for domain dc=research,dc=contoso,dc=com. In this case, use /e.
.gif "Repadmin /syncall")
In figure 3.9.3.3, we are using three additional flags. The /d flag would translate the GUID CNAME to the distinguished name of the domain controller. The /e flag is used to cross site boundaries. The /a flag is used to abort if any domain controller is unavailable. In this example, the BRANCH2 domain controller was not reachable and therefore, the process was aborted.
.bmp "Repadmin /syncall")
In figure 3.9.3.4, repadmin /syncall did succeed because the problem with the BRANCH2 domain controller was fixed. Also notice that we omitted the /d switch so that the GUID names are not translated.
.gif "Repadmin /syncall")