How to check Microsoft AD Synchronization between DC

How to check Microsoft AD Synchronization between DC

repadmin /syncall /AePdq

/A= perform syncall for all NC (naming contexts) held by DC
/e = Enterprise , cross sites
/P = Push changes outward from home server
/d = Id servers by DN in messages instead of GUID
/q = suppress callback messages


repadmin / syncall /Aedq

Next run DCDIAG on the DC and look for any errors.

Also, look in the event log for any errors during.

From the webNetwork server use the LDP.exe tool from Microsoft and run it from the webNetwork server and try to connect to each DC's LDAP server and Global Catalog ports.  Here is an article on LDP.exe



This set of steps was in response to an error a customer was getting when they tried to create a webApplication.  The error in the wireshark trace was : 000020E1: SvcErr: DSID-03200674, problem 5002 (UNAVAILABLE), data 0

This indicates an issue with the global catalog when webAdmin went to modify the webapplication attributes.
  

Some additional information

Replication Health Best Practices

REPADMIN
/SHOWREPL
* Also display's DC's GUID
/REPLICATE - force replication of an NC
/SYNCALL - syncs a DC wit its partners
/DSAGUID - Resolves DC name from GUID
* This is handy for cound not establish a replication link error.
/QUEUE - display a DC's replication queue

Check replication regularly with /REPSLSUMMARY
Every DC Hosts its own secure integrated DNS
* DC's primary DNS client pointing to itself (127.0.0.1)
* If you suspect a dns problem point to a known good dns
Make sure DCs are either current or removed.

To format the list for REPADMIN a little nicer you can do:
repadmin /replsummary /bysrc /bydest /sort:delta


NLTEST

nltest /dsgetdc:<domain>
Example : nltest /dsgetdc:example-cloud.com



dcdiag /test:dns /e /v > output.txt
/e - every dc in the forest
/v - verbose output
> output.txt - send output to txt file

Look for results of the 6 tests.
Auth - Authentication
Basc - Basic connectivity
Forw - forwarders configuration
Del - dynameic registrtation
Rreg - resource record registration
Ext - external connectivity outside of the zone


    • Related Articles

    • Stoneware Environment Check Utility

      Problem:  Need to run Stoneware Environment Check (Env Check) for pre-installation, troubleshoot issues or general health check of directory and DNS. Solution(s):  Once utility is installed and launched, you will find three options to choose from on ...
    • DC won’t obtain SSL certificate automatically

      Customer installed Enterprise CA server in their AD forest and some Domain Controllers won’t pick up an SSL certificate.   The customer used LDP.exe to verify all of their DC to see if they had SSL enabled.  They found a DC that did not pick up an ...
    • edir / NDS health check

      Common edir issues and how to do a health check. This information comes from an old Novell article, some specific information may not be valid anymore but the general concepts are.   Troubleshooting NDS Problems  Editor’s Note: "Technically Speaking" ...
    • How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?

      The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ldp.zip directly from here : http://www.computerperformance.co.uk/ScriptsGuy/ldp.zip or copy ...
    • DNS Query used to find GC and DC

      How can I use nslookup to find the GC and DC in DNS for Microsoft AD ?   To find the GC (global catalog) that are listed in DNS nslookup > set type=srv > _ldap._tcp.gc._msdcs.comapny.com Server: adsrv1.example-cloud.com Address: 192.168.1.251 ...
    • Popular Articles

    • Old Browser Versions

      Question: I am using an older browser version and am having problems. What can be done ? We are not able to upgrade the browser at this time.   This is a challenge for any company that makes software that utilizes a browser. Since Stoneware does not ...
    • LCS Redirection

      Problem: How to redirect the LCS in an environment with multiple LCSs and students connecting to them. Solution(s): Create an allow.cfg on all LCS(s) (including the Master) in the network, however, even if no allow.cfg is present on an LCS, machines ...
    • Time windows allows for Service Shutdown

      Issue: Can the time windows gives a service to shut down before it kills the service be increased? Solution: Yes, the following information comes from the Microsoft URL : http://support.microsoft.com/kb/146092 To specify the wait time, do the ...
    • How to disable password saving - Internet Explorer

      Having multiple methods for saving a password in the browser can cause confusion for the user.   To disable password saving in Internet Explorer, launch Internet Explorer and perform the following steps. Click the blue Settings menu icon in the upper ...
    • How to disable password saving - Chrome

      Having multiple methods for saving a password in the browser can cause confusion for the user.  To disable password saving in Chrome, launch Chrome and perform the following steps. Click the Chrome menu button in the upper right corner of the Chrome ...
    • Recent Articles

    • SAML Service Provider

      Issue How can I use a 3rd Party service (such as ADFS, Office365, or OneLogin) to SSO into UW? Solution The SAML Service Provider (SP) features allows another Identity Provider (IDP) to single sign-on into Unified Workspace using SAML for a seamless ...
    • Lenovo Unified Workspace 7.0.0.63 Released

      Highlights of Unified Workspace 7.0.0.63 Before you install: Please view the installation notes here. 7.0.0.63 Requires new 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.0.63 New Profile Style New Login ...
    • How to fix customized login and profile after upgrading to v7.0

      With the release of 7.0 the default login page has been modified to simplify the customization process.  If you are having an issue with the login page not displaying, after upgrading to v7.0, you will need to delete the custom CSS code and start ...
    • SAML SP - Sync Directory Password

      Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable.  If you would like to use the Active Directory password for other ...
    • MySQL 8 SSL

      Issue Admin is making a database connection to a MySQL 8 database.  When clicking the Ping button on the DB Connection object, the following error is presented: WARN: Establishing SSL connection without server's identity verification is not ...