Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 238
  • Last Modified:

Site replication problems in AD

I'm having some issues with AD replication. Our configuration was done by two separate vendors that I'm not sure they agreed on how to setup the different sites and link. This is what I have:

One main site in Phoenix with 3 DC's. One of these have the FSMO roles.
We have over 15 sites with DC's on them. The network is not fully routed so I need all these sites to replicate back to the Phoenix location.
All servers are Server 2003.
When I create an object on the DC in Phoenix I can see the changes in the others sites DC's but if I do a change in one of those sites I don't always see the changes back in Phoenix.
If I do a replmon from Phoenix I see that everything is replicating but I know that's not the case.
We have links configured in AD using IP. All sites are configured to use the same link as they all have similar DSL connections.
Not all the servers at the site are configured as bridgeheads. (I wonder if that's the problem)
At the Event Viewer in Phoenix I have a bunch of 1865, 1311 & 1566 entries.

I know something is not right but I'm not sure where to start to look at. I tried to document here as much information as I think could help you experts out there. Most likely I miss something. Please let me know and I'll do my best to provide the info. Any help with this will be greatly appreciated.

  • 2
  • 2
2 Solutions
I think you need to set replication in both directions.

In AD Sites & Services, add all your DCs (inc the remote site) there. Expand any of them and you should see something call NTDS settings. You should be seeing your remote DCs are replicated FROM your Phoenix DC. You need to configure on Phoenix DC to be replicated from other remote site DCs.

You can define your own replication topology. Here are some guideline and best practise to define your topology. Hope it helps.

If your network is not fully routed, you should disable the "Bridge All Site Links" option under IP-->Properties and configure one or more Site Link Bridges as appropriate to your topology, otherwise you're going to have Spoke Site A trying to create a replication connection with Spoke Site B because it doesn't know any better.

How are your site links configured?  You should have one site link between Phoenix and each hub site, each containing PHX and the hub site in question, like PHX-PHL, PHX-Flagstaff, PHX-Tempe, etc.

The best place to start troubleshooting replication is to install the Windows Support Tools on your DCs and run the following 3 commands:

dcdiag /v
netdiag /v
repadmin /replsum
menendezaAuthor Commented:
Sorry it took me so long to reply but we had a12 hours power outage last night and I was without Internet for that long! Working from home though.

Yes, I have diable the "Bride All Site Links" options. However the site links are configured as one site link between Phoenix and Tucson. (Tucson is a fairly big hub) and then I have another site link that I use for the other sites. There is no one link per site but rather one link that I use for all sites. This was designed by one of the vendors so I figure with all the money we paid them they must know what they are doing, although I'm questioning now.

I didn't have connections back to all the sites, just a few. I figure that explain why I couldn't get the changes of certain sites. I'm afraid this has been like this for quite a while so I might have DC's with old replicas. If that's the case I believe that after 90 days is a tombstone right? So I would have to run DCPROMO again, right?

Thanks to both of you!
If you have DCs that have not replicated in 60 days or more, you need to forcibly demote those DCs, perform a metadata cleanup and then re-run dcpromo.  Otherwise you run the risk of encountering USN rollback as described here: http://support.microsoft.com/kb/875495
menendezaAuthor Commented:
Ok, I ran repadmin /showrepl and found the tombstones servers I will do the forcibly demote and clean the metadata as you suggested. The messages at the event viewer relates now to those servers than not being able to find them at all which I believe is some progress. The question I have now is in regards to automatically generated connections between the sites that keeps showing up after I made sure that only one connection is created to the Phoenix site. I made all the changes in the main DC in Phoenix, shouldn't all those changes replicate as well? I know they won't replicate to the tomstone servers but the ones that are still valid should get all those changes, right?

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now