Shulou(Shulou.com)06/03 Report--

1. Repadmin tool

Repadmin.exe is a command line tool that can be used to report the replication status of each DC. The information generated by Repadmin.exe can help identify potential replication problems in the forest. You can view replication metadata level information detailed to specific objects and attributes, help you find when and where the AD domain is modified to cause replication problems, and you can even use Repadmin.exe to create a replication topology. Then force replication between DC.

Repadmin.exe has many commands to perform specific tasks. For specific command parameters, we can use "repadmin /?: parameters" to see what a parameter can do. We can perform some of the following replication monitoring tasks through Repadmin.exe:

1. Displays the replication partner for the specified DC. We can use the command repadmin / showrepl DCName. By default, Repadmin only shows inbound connections, and if you add the parameter / repsto, you can also display outbound connections, such as repadmin / showrepl dc01 / repsto.

two。 Displays the linked object for the specified DC. Repadmin / showconn DCName this command is used to display linked objects for the specified DC, such as repadmin / showconn dc01.

3. Displays metadata about the object, including its properties and replication. You can learn more about replication by examining the same object on different DC, based on the properties they already have and don't have on their respective DC. Repadmin / showobjmeta DCName ObjectDN, such as repadmin / showobjmeta DC01 "cn=james,cn=users,dc=contoso,dc=com", you can also run this command on another DC02, and then compare the information displayed on both sides to see what similarities and differences exist in the copied data. The DC name of this command can be replaced with *, which means fetching the object's data from all DC.

4.repadmin / replsummary displays a summary of the replication operation to see if any errors have occurred.

Repadmin.exe can also be used to modify your replication infrastructure, with the following commands:

1. Initiates KCC calculation. Use repadmin / kcc to force KCC to recalculate the inbound replication topology of the server.

two。 Force replication between two replication partners. You can use repadmin.exe to force the replication of a partition between the source DC and the destination DC. The command format repadmin / replicate destination DC name source DC name partition name, such as repadmin / replicate DC01 DC02 "cn=configuration,dc=adatum,dc=com", this command will copy the configuration partition on the DC02 to the DC01.

3. Synchronize a DC with all replication partners. Use the command repadmin / syncall DC / A / e to synchronize DC with all replication partners, including DC that is not on this site. For example, repadmin / syncall DC01 / A / e means to synchronize all directory partitions on DC01 with all replication partners, including cross-site DC, where / A represents all directory partitions, if you do not use this parameter, only partitions will be synchronized, / e means cross-site synchronization, and without this parameter, only replication partners of this site will be synchronized.

Here I focus on the repadmin / replsingleobj command, which is a mandatory command that is very helpful in the event of a failure. For example: repadmin / replsingleobj dc-shanghai dc1 dc=demo,dc=cn, this command even copies the entire directory, even if the repadmin / replicate command cannot be executed.

II. Dcdiag tools

Dcdiag.exe is a directory service diagnostic tool that is used to test and report on the overall health of AD replication and security. If the command runs dcdiag.exe without parameters, a summary test will be executed and the test results will be reported, while if the parameter / c is taken, the command dcdiag / c will perform almost all directory diagnostic tests, the reports of these tests can be exported to a file for viewing, and there can be many types of files, such as txt,xml, and so on.

You can also specify the type of test. * * you need to use the command dcdiag / test: test name. Some parameters directly related to replication are as follows:

FrsEvent. All FRS replication operation errors are reported.

DFSREvent. Operational errors are reported for all DFS replication systems.

Intersite. Check for error messages that prevent or delay site replication.

KccEvent. Identifies the error message for KCC.

Replication. Check DC direct real-time replication.

Topology. Check that the replication topology is fully connected to all DC.

VerifyReplicas . Verify that all application directory partitions on all DC that have replicas are fully instantiated

Several Powershell commands copied by AD:

Get-ADReplicationConnection this command can get a link or a set of AD replication connection objects for a specified AD replication according to the filter criteria

Get-ADReplicationFailure this command displays a description of the AD replication error

Get-ADReplicationPartnerMetadata this command is used to display replication metadata for the target DC replication partner

Get-ADReplicationSite gets the specified AD replication site or a set of replication site objects according to the filter criteria

Get-ADReplicationSiteLink gets a specified AD site link or a set of site links according to the filter criteria

Get-ADReplicationSiteLinkBridge gets the specified AD site link bridge or a set of site link bridges according to the filter criteria.

Get-ADReplicationSubet acquires the specified AD subnet or a set of AD subnets according to the filter criteria

Several common replication problems and diagnostic skills:

The client cannot find the DC in this site

a. Confirm that all SRV records of DC are in DNS

b. Verify that the IP addresses of all DC correspond to the subnets of the sites to which they belong

c. Verify that the client has joined the domain and that the client's time is not abnormal

Replication cannot occur between two sites.

a. Confirm that the site link is configured correctly

b. Verify that the replication schedule is set correctly

c. Use readmin / bind to confirm that firewalls between sites allow traffic replicated by AD, and run this command on the DC of each site

Cannot replicate between DC of the same site

a. Confirm that the DC are all in the same site

b. Verify that the AD domain service on DC is running properly

c. Verify that the network between DC is normal, and the time of each DC is normal.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.