Force Active Directory Replication Now

Michael ChristlyIT Manager
CERTIFIED EXPERT
Published:
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Active Directory1 replication2 delay is the cause of many problems. You can always change the schedule3 to a minimum of 15 minutes but sometimes 15 minutes is too long. I have found sometimes you really need the change you just made to be replicated to all sites in the domain controllers now, and not 15 minutes from now.

One example is if you unlock a user’s ID at a remote site change and forget to connect to their local domain controller, they have to wait 15 minutes to try to logon. Time is money so waiting 15 minutes can cost a lot especially if it is a manager or director. Another scenario is you made an A-host record, and you need it replicated to the entire Active Directory forest. Now it is time to hurry up and wait for replication to occur3

Active Directory replication is no longer something to wait on. If you have tried to use the Active Directory Sites and Service UI to force replication you know how hard it is. Then to verify that replication has occurred is nearly impossible from this AD Sites and Services. 

You might ask why would you want to force replication? These are the benefits:
 
  • Site to site transfer of AD users, computers and any other objects changed includes all attribute changes (especially unlocks and password changes)
  • DNS changes are transferred to all domain controllers
  • File Replication Service (FRS) is triggered (mainly group policy changes)
  • Distributed File System (DFS) transfers are triggered
This simple script will enable you to force replication to all your DCs in the entire forest. Even the novice IT worker can force replication now. The script requires no editing -- just copy and paste!  Follow these simple steps and you will achieve site-wide replication in minutes (depending on bandwidth), not hours. 

1.  Right click PowerShell and run as an administrator
2.  Paste the below three lines into PowerShell command prompt and hit enter
 
Import-Module ActiveDirectory
                      $DCs = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } | select HostName
                      foreach ($DC in $DCs)  {   repadmin /syncall $DC.HostName    } 

Open in new window


Now verify that all syncall returns no errors for each DC.  Below is a link on how replication works if you’re interested2!

To run the script again (while the PowerShell window is still open) just hit the up arrow on your keyboard. The last line of the script “foreach ($DC in $DCs)  { repadmin /syncall $DC.HostName  }” will appear. Then just hit enter, and it has been replicated again!
 
Now to see if your replication has occurred and completed just install Microsoft’s AD Replication status tool4 download here.

To install the tool just go to download link or see below4 . Just accept the defaults and complete. Then from your start menu just click AD Replication status tool 1.0 and when a pop up comes up just click OK. Then click the “Refresh Replication Status” button. Now look in the columns labeled “Last Successful sync” and “Last Attempted Sync.” If your times match AD replication was successfully. 
 

-   Beware forcing replication can cause spikes in traffic usage, so use it sparingly. 


Reference links
1 –Active Directory- https://en.wikipedia.org/wiki/Active_Directory  
2 - Understanding Urgent Replication - https://blogs.technet.microsoft.com/kenstcyr/2008/07/05/understanding-urgent-replication/
3 - Replication Scheduling - https://technet.microsoft.com/en-us/library/cc730954.aspx
4 – Download link to Replication Status Tool  - https://www.microsoft.com/en-us/download/details.aspx?id=30005
5 – The active directory Replication Status Tool (ADREPLSTATUS) - http://www.rebeladmin.com/2016/01/the-active-directory-replication-status-tool-adreplstatus/
 
2
10,196 Views
Michael ChristlyIT Manager
CERTIFIED EXPERT

Comments (3)

Albert WidjajaIT Professional
CERTIFIED EXPERT

Commented:
Hi Michael,

Do I need to run the Powershell that you mention above in the PDC emulator role or it has to be from the DC where I have made the changes ?
Michael ChristlyIT Manager
CERTIFIED EXPERT

Author

Commented:
I run this in powershell (as admin) from my desktop. It would be fine to run on any dc. However I have remote admin tools installed on my machine. If your domain is large this type of forced replication could cause a significant network traffic until replication is complete. My domain has 4 dc at two physical sites and it takes about 20 to 40 seconds to complete.
Albert WidjajaIT Professional
CERTIFIED EXPERT

Commented:
If we don't force the AD replication, by default it is 15 minutes replication to all directions right?

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.