Thursday, June 29, 2006

AD Replication Health Check

If you have reported replication problems with a Domain Controller what diagnostic tools are in your toolkit to help diagnose the problem? Stage one would be to identify any simple connectivity problems on the machine, the netsh command is a great way to run a quick test.

Netsh diag show test

As Domain Controller’s communicate using GUID’s rather than machine name’s it is important to ensure that DNS records are in place for the Domain Controllers in the environment and that the DC’s in question is able to resolve them.

Dnslint /s localhost /ad

If connectivity and name resolution is in good shape the next step would be to look at active directory for any errors that may have occurred. The DCDiag utility is a great way to health check a machine.

DCDiag or to get futher detail dcdiag /verbose

Be careful when reading the DCDiag information to look for the date of the error when considering any messages, often problems may have occurred because of a connectivity problem which has since been solved. From DCDiag you may then need to investigate the eventlogs, FRS replication using Sonar, Replication using replmon or repadmin.

Another important utility that is available allows you to check the consistency between two domain controllers. This can quickly provide a high level of confidence that replication problems have been resolved or identify where there are large discrepancies between Domain Controllers. Remember that when comparing machines between sites there will naturally be a discrepancy until the next scheduled cross site replication which may be every 3hrs for example.

Dsastat –s:DC1;DC2

You can use Replmon or repadmin to force replication across site links and the use Dsastat again to confirm that the two Domain Controllers have converged.