Skip to content

Server Replication DCs

Command: repadmin

repadmin /replsummary

Provides a summary of replication between domain controllers (DSAs) 

C:\Users\Administrator>repadmin /replsummary
Replication Summary Start Time: 2025-04-23 09:21:22

Beginning data collection for replication summary, this may take awhile:
 .....

Source DSA          largest delta    fails/total %%   error
 SERVER1                      :13s    0 /   5    0
 SERVER2                      :12s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 SERVER1                      :12s    0 /   5    0
 SERVER2                      :13s    0 /   5    0

C:\Users\Administrator>repadmin /replsummary
Replication Summary Start Time: 2025-04-23 09:11:58

Beginning data collection for replication summary, this may take awhile:
 .....

Source DSA          largest delta    fails/total %%   error
 SERVER1                   21m:24s    2 /   5   40  (1908) Could not find the domain controller for this domain.

Destination DSA     largest delta    fails/total %%   error
 SERVER2                   21m:24s    2 /   5   40  (1908) Could not find the domain controller for this domain.

repadmin /replicate

Forces replication of a specific partition between two domain controllers. 

C:\Users\Administrator>repadmin /replicate server2 server1 cn=schema,cn=configuration,dc=wikicode,dc=ch
Sync from server1 to server2 completed successfully.

repadmin /syncall

Synchronizes all partitions between two domain controllers. 

C:\Users\Administrator>repadmin /syncall server2 /AdeP
Syncing all NC's held on server2.
Syncing partition: DC=ForestDnsZones,DC=wikicode,DC=ch
CALLBACK MESSAGE: The following replication is in progress:
    From: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wikicode,DC=ch
    To  : CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wikicode,DC=ch
CALLBACK MESSAGE: The following replication completed successfully:
    From: CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wikicode,DC=ch
    To  : CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wikicode,DC=ch
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.

  • /A – Sync all partitions.

  • /d – Print detailed progress messages.

  • /e – Enterprise; sync all partners across all sites.

  • /P – Push changes from the specified DC to its replication partners.

repadmin /showrepl

Shows detailed information about replication status on the domain controller. 

C:\Users\Administrator>repadmin /showrepl

Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SERVER2
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 7f115bed-a82b-4a85-8ed8-7a0ab36752d4
DSA invocationID: 92996cfb-4989-403a-a27b-e4c262cb9773

==== INBOUND NEIGHBORS ======================================

DC=wikicode,DC=ch
    Default-First-Site-Name\SERVER1 via RPC
        DSA object GUID: d48d1d65-f734-42c3-87a3-696db98ff1d8
        Last attempt @ 2025-04-23 10:21:13 was successful.

CN=Configuration,DC=wikicode,DC=ch
    Default-First-Site-Name\SERVER1 via RPC
        DSA object GUID: d48d1d65-f734-42c3-87a3-696db98ff1d8
        Last attempt @ 2025-04-23 09:46:46 was successful.

CN=Schema,CN=Configuration,DC=wikicode,DC=ch
    Default-First-Site-Name\SERVER1 via RPC
        DSA object GUID: d48d1d65-f734-42c3-87a3-696db98ff1d8
        Last attempt @ 2025-04-23 09:46:46 was successful.

DC=DomainDnsZones,DC=wikicode,DC=ch
    Default-First-Site-Name\SERVER1 via RPC
        DSA object GUID: d48d1d65-f734-42c3-87a3-696db98ff1d8
        Last attempt @ 2025-04-23 09:46:46 was successful.

DC=ForestDnsZones,DC=wikicode,DC=ch
    Default-First-Site-Name\SERVER1 via RPC
        DSA object GUID: d48d1d65-f734-42c3-87a3-696db98ff1d8
        Last attempt @ 2025-04-23 09:46:46 was successful.

Command: nltest

nltest /dsgetdc

This command queries for a Domain Controller (DC) in the domain wikicode.ch. 

C:\Users\Administrator>nltest /dsgetdc:wikicode.ch
           DC: \\server2.wikicode.ch
      Address: \\192.168.1.3
     Dom Guid: 310b269f-0323-480f-8ad6-cc0172889083
     Dom Name: wikicode.ch
  Forest Name: wikicode.ch
 Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST 
                CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10 KEYLIST DS_13
The command completed successfully

C:\Users\Administrator>nltest /trusted_domains
List of domain trusts:
    0: wikicode wikicode.ch (NT 5) (Forest Tree Root) (Primary Domain) (Native)
The command completed successfully

Flags Overview

Flag Meaning
GC Global Catalog – Resolves objects from the entire AD forest
DS Directory Services – Confirms this is a domain controller
LDAP Lightweight Directory Access Protocol support
KDC Key Distribution Center – Enables Kerberos authentication
TIMESERV Time Server – Synchronizes time across the network
WRITABLE Writable DC – Accepts updates to the directory
DNS_DC DC is also a DNS server
DNS_DOMAIN DNS support for domain-level records
DNS_FOREST DNS support for forest-level records
CLOSE_SITE Located close to the client site
FULL_SECRET Supports full secure channel communication
WS, DS_8, DS_9, DS_10, KEYLIST, DS_13 Additional internal features (version-specific)

nltest /trusted_domains

This command lists all trusted domains (i.e., domain trust relationships).

nltest /DCLIST

List of all available DCs in the - wikicode.ch - domain.
C:\Users\Administrator>nltest /DCLIST:wikicode.ch
Get list of DCs in domain 'wikicode.ch' from '\\server2.wikicode.ch'.
    server2.wikicode.ch        [DS] Site: Default-First-Site-Name
    server1.wikicode.ch [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully
What is PDC?

The Primary Domain Controller (PDC) Emulator is one of the FSMO roles in Active Directory. While the term originates from Windows NT.
Use this command to find it: netdom query fsmo

️ Functions Description
🕒 Time Synchronization Acts as the authoritative time server for the domain. All domain controllers synchronize with it, and it should be synced with an external NTP source.
🧱 NT4 Compatibility Maintains backward compatibility with legacy NT4-based systems.
🔑 Password Changes Is the first to register password updates. Other DCs forward failed authentications to the PDC in case of recent password changes.
🛡️ Group Policy Edits Acts as the authoritative DC for Group Policy modifications.
👨‍💻 Admin Operations Many administrative tools prefer the PDC for operations (e.g., netdom, ADUC).

Command: dcdiag

dcdiag (Domain Controller Diagnostic) is a command-line tool used to analyze and diagnose the health of domain controllers in an Active Directory environment.

dcdiag /v

Provides detailed diagnostics of domain controllers
......................... SERVER2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 3601 to 1073741823
* server1.icloud.ch is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3101 to 3600
* rIDPreviousAllocationPool is 3101 to 3600
* rIDNextRID: 3101
......................... SERVER2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER2 passed test Services

dcdiag /test:dns /v

Example DNS test successful
Summary of test results for DNS servers used by the above domain controllers:

DNS server: 192.168.1.2 (server1.icloud.ch.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain  _msdcs.icloud.ch. is operational on IP 192.168.1.2


DNS server: 192.168.1.3 (SERVER2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered

Summary of DNS test results:

                            Auth Basc Forw Del  Dyn  RReg Ext
_________________________________________________________________
Domain: icloud.ch
server2                      PASS PASS PASS PASS PASS PASS n/a

......................... icloud.ch passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite

Best Practices for Server Replication

Regular Replication Monitoring

Monitoring replication regularly is a key practice. Use built-in tools to check the status of replication across your servers. Regular monitoring ensures potential issues are caught before they affect performance.

Tip: Set up alerts to notify admins immediately if replication fails or takes too long.

Test Replication Failover

It's vital to ensure that failover systems are configured correctly. When one server fails, replication must be handled by another available server, preventing downtime.

Test failover mechanisms periodically to verify system reliability during outages.

Optimal Network Configuration

Replication relies on a stable network. Ensure proper DNS resolution, stable connections, and sufficient bandwidth. A well-configured network helps maintain fast and reliable replication speeds.

Network tip: Monitor your bandwidth regularly to avoid performance bottlenecks during peak usage times.

Enable Encryption During Replication

To protect sensitive data, enable encryption during replication. This prevents unauthorized access and ensures the confidentiality of the data transferred between servers.

Remember: Encryption is not just for compliance—it's an important step in safeguarding your organization’s data.