How to check Microsoft AD Synchronization between DC

How to check Microsoft AD Synchronization between DC

repadmin /syncall /AePdq

/A= perform syncall for all NC (naming contexts) held by DC
/e = Enterprise , cross sites
/P = Push changes outward from home server
/d = Id servers by DN in messages instead of GUID
/q = suppress callback messages


repadmin / syncall /Aedq

Next run DCDIAG on the DC and look for any errors.

Also, look in the event log for any errors during.

From the webNetwork server use the LDP.exe tool from Microsoft and run it from the webNetwork server and try to connect to each DC's LDAP server and Global Catalog ports.  Here is an article on LDP.exe



This set of steps was in response to an error a customer was getting when they tried to create a webApplication.  The error in the wireshark trace was : 000020E1: SvcErr: DSID-03200674, problem 5002 (UNAVAILABLE), data 0

This indicates an issue with the global catalog when webAdmin went to modify the webapplication attributes.
  

Some additional information

Replication Health Best Practices

REPADMIN
/SHOWREPL
* Also display's DC's GUID
/REPLICATE - force replication of an NC
/SYNCALL - syncs a DC wit its partners
/DSAGUID - Resolves DC name from GUID
* This is handy for cound not establish a replication link error.
/QUEUE - display a DC's replication queue

Check replication regularly with /REPSLSUMMARY
Every DC Hosts its own secure integrated DNS
* DC's primary DNS client pointing to itself (127.0.0.1)
* If you suspect a dns problem point to a known good dns
Make sure DCs are either current or removed.

To format the list for REPADMIN a little nicer you can do:
repadmin /replsummary /bysrc /bydest /sort:delta


NLTEST

nltest /dsgetdc:<domain>
Example : nltest /dsgetdc:example-cloud.com



dcdiag /test:dns /e /v > output.txt
/e - every dc in the forest
/v - verbose output
> output.txt - send output to txt file

Look for results of the 6 tests.
Auth - Authentication
Basc - Basic connectivity
Forw - forwarders configuration
Del - dynameic registrtation
Rreg - resource record registration
Ext - external connectivity outside of the zone


    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • DC won’t obtain SSL certificate automatically

        Customer installed Enterprise CA server in their AD forest and some Domain Controllers won’t pick up an SSL certificate.   The customer used LDP.exe to verify all of their DC to see if they had SSL enabled.  They found a DC that did not pick up an ...

      • Stoneware Environment Check Utility

        Problem:  Need to run Stoneware Environment Check (Env Check) for pre-installation, troubleshoot issues or general health check of directory and DNS. Solution(s):  Once utility is installed and launched, you will find three options to choose from on ...

      • edir / NDS health check

        Common edir issues and how to do a health check. This information comes from an old Novell article, some specific information may not be valid anymore but the general concepts are.   Troubleshooting NDS Problems  Editor’s Note: "Technically Speaking" ...

      • How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?

        The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ldp.zip directly from here : http://www.computerperformance.co.uk/ScriptsGuy/ldp.zip or copy ...

      • DNS Query used to find GC and DC

        How can I use nslookup to find the GC and DC in DNS for Microsoft AD ?   To find the GC (global catalog) that are listed in DNS nslookup > set type=srv > _ldap._tcp.gc._msdcs.comapny.com Server: adsrv1.example-cloud.com Address: 192.168.1.251 ...