<

Force Active Directory Replication Now

Published on
7,955 Points
3,655 Views
3 Endorsements
Last Modified:
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Active Directory1 replication2 delay is the cause of many problems. You can always change the schedule3 to a minimum of 15 minutes but sometimes 15 minutes is too long. I have found sometimes you really need the change you just made to be replicated to all sites in the domain controllers now, and not 15 minutes from now.

One example is if you unlock a user’s ID at a remote site change and forget to connect to their local domain controller, they have to wait 15 minutes to try to logon. Time is money so waiting 15 minutes can cost a lot especially if it is a manager or director. Another scenario is you made an A-host record, and you need it replicated to the entire Active Directory forest. Now it is time to hurry up and wait for replication to occur3

Active Directory replication is no longer something to wait on. If you have tried to use the Active Directory Sites and Service UI to force replication you know how hard it is. Then to verify that replication has occurred is nearly impossible from this AD Sites and Services. 

You might ask why would you want to force replication? These are the benefits:
 
  • Site to site transfer of AD users, computers and any other objects changed includes all attribute changes (especially unlocks and password changes)
  • DNS changes are transferred to all domain controllers
  • File Replication Service (FRS) is triggered (mainly group policy changes)
  • Distributed File System (DFS) transfers are triggered
This simple script will enable you to force replication to all your DCs in the entire forest. Even the novice IT worker can force replication now. The script requires no editing -- just copy and paste!  Follow these simple steps and you will achieve site-wide replication in minutes (depending on bandwidth), not hours. 

1.  Right click PowerShell and run as an administrator
2.  Paste the below three lines into PowerShell command prompt and hit enter
 
Import-Module ActiveDirectory
$DCs = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } | select HostName
foreach ($DC in $DCs)  {   repadmin /syncall $DC.HostName    } 

Open in new window


Now verify that all syncall returns no errors for each DC.  Below is a link on how replication works if you’re interested2!

To run the script again (while the PowerShell window is still open) just hit the up arrow on your keyboard. The last line of the script “foreach ($DC in $DCs)  { repadmin /syncall $DC.HostName  }” will appear. Then just hit enter, and it has been replicated again!
 
Now to see if your replication has occurred and completed just install Microsoft’s AD Replication status tool4 download here.

To install the tool just go to download link or see below4 . Just accept the defaults and complete. Then from your start menu just click AD Replication status tool 1.0 and when a pop up comes up just click OK. Then click the “Refresh Replication Status” button. Now look in the columns labeled “Last Successful sync” and “Last Attempted Sync.” If your times match AD replication was successfully. 
 

-   Beware forcing replication can cause spikes in traffic usage, so use it sparingly. 


Reference links
1 –Active Directory- https://en.wikipedia.org/wiki/Active_Directory  
2 - Understanding Urgent Replication - https://blogs.technet.microsoft.com/kenstcyr/2008/07/05/understanding-urgent-replication/
3 - Replication Scheduling - https://technet.microsoft.com/en-us/library/cc730954.aspx
4 – Download link to Replication Status Tool  - https://www.microsoft.com/en-us/download/details.aspx?id=30005
5 – The active directory Replication Status Tool (ADREPLSTATUS) - http://www.rebeladmin.com/2016/01/the-active-directory-replication-status-tool-adreplstatus/
 
3
Comment
2 Comments
LVL 9

Expert Comment

by:Senior IT System Engineer
Hi Michael,

Do I need to run the Powershell that you mention above in the PDC emulator role or it has to be from the DC where I have made the changes ?
0
LVL 5

Author Comment

by:Michael Christly
I run this in powershell (as admin) from my desktop. It would be fine to run on any dc. However I have remote admin tools installed on my machine. If your domain is large this type of forced replication could cause a significant network traffic until replication is complete. My domain has 4 dc at two physical sites and it takes about 20 to 40 seconds to complete.
1

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Join & Write a Comment

Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Loops Section Overview
Other articles by this author

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month