AD Replication (repadmin)

最後更新: 2023-08-18

目錄

  • Test replication
  • Force sysvol replication
  • repadmin

 


Test replication

 

dcdiag /test:replications

 


Force sysvol replication

 

Mothed 1: Restart the FRS service

  1. C:\>net stop ntfrs
  2. C:\>net start ntfrs

Mothed 2: repadmin

repadmin.exe /syncall

 


repadmin

 

# replications 的 summary

repadmin /replsum /sort:delta [AD_NAME]

Largest Delta: The longest replication gap amongst all site links for a particular domain controller. (對比當前時間)

Fail: The total number of replica links failing to replicate

Total: the replica links for a particular domain controller

* By default, the replication model is pull-based (Destination -- pull -- Source)

 

# Display the replication partners

    repadmin /showrepl  [partners]

# Initiate a replication event

    # Sync from server1.microsoft.com to server2.microsoft.com completed successfully.

    repadmin /replicate server2.microsoft.com server1.microsoft.com dc=microsoft,dc=com

 

# Display the context handles for the replication process

 * show the open connections to the server that are established by remote servers.

    repadmin /showctx
    
    

 


ntfrsutl

 

ntfrsutl forcerepl [computer] /r SetName /p DnsName
                  = Force FRS to start a replication cycle ignoring the schedule
.
                  = Specify the SetName and DnsName.
        computer  = talk to the NtFrs service on this machine.
        SetName   = Name of the replica set.
        DnsName   = DNS name of the inbound partner to force repl from.

 


# List roles for connected server

 

ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server <servername>
server connections: q
FSMO maintenance: select operation target
select operation target: list roles

Win2000
select operation target: list roles for connected server

    Schema Master(forest) - One master role holder per forest. The schema master FSMO role holder is the domain controller responsible for performing updates to the directory schema.
    
    Domain Naming Master(forest) - One master role holder per forest. The domain naming master FSMO role holder is the DC responsible for making changes to the forest-wide domain name space of the directory.
    
    Infrastructure Master(domain) - One master role holder per domain. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference.
    * responsible for updating an object's SID and distinguished name in a cross-domain object reference
    
    RID Master (domain)- One master role holder per domain. The RID master FSMO role holder is the single DC responsible for processing RID Pool requests from all DCs within a given domain.
    * responsible for processing RID pool requests from all domain controllers
    
    
    
    PDC Emulator - One master role holder per domain. The PDC emulator FSMO role holder is a Windows 2000 DC that advertises itself as the primary domain controller (PDC) to earlier version workstations, member servers, and domain controllers. It is also the Domain Master Browser and handles password discrepancies.
    * "synchronize time in an enterprise"
    * Account lockout is processed on the PDC emulator.
    * Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
    * Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share
    * performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC
    
    
================================================

# performs updates to certain objects in a single-master fashion.

# the last writer wins

 


元素

Schema

The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time.

Domain Naming    
Unless you are going to run DCPROMO, then you will not miss this FSMO role.

RID    
Chances are good that the existing DCs will have enough unused RIDs to last some time, unless you're building hundreds of users or computer object per week.

PDC Emulator    
Will be missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time synchronization in the domain, you will probably not be able to change or troubleshoot group policies and password changes will become a problem.

Infrastructure    
Group memberships may be incomplete. If you only have one domain, then there will be no impact.
================================================

The following table summarizes the FSMO seizing restrictions:

Original must be reinstalled ( GUI 已唔做到)
Schema    
Domain Naming
RID

Can transfer back to original (可以在 GUI 做到)
PDC Emulator    
Infrastructure
 


dcpromo

 

Actuve Durectiory database / log:
C:\winnt\ntds

c:\winnt\sysvol     <--- ntfs v5
 domain 's public file

    
    
    Administrative Tools -> Active Directory Users and Computers
    
    Administrative Tools -> Active Directory Domains and Trusts
    
    


Troubleshoot

 

AD Replication error 1722: The RPC server is unavailable

mismatch on the SRV records in the DNS for the two DCs.

A "dcdiag /fix" will re-register the DNS records for the DC and should fix that up.

You can adjust the RPC port in the registry then you have to restart it once done.

regedit->local machine->software->microsoft->rpc->internet then

change the port from default 5000-5002 to 5000-5200 (minimum adjustment is 200).
 

 

Creative Commons license icon Creative Commons license icon