You can use the repadmin command to perform replication tasks and to manage and modify the replication topology, force replication events, and display replication metadata and up-to-dateness vectors. This topic covers:
- System requirements
- File requirements
- Repadmin command-line options
- Repadmin subcommands
- Repadmin /listhelp
- CSV format
System requirements
The following are the system requirements for repadmin:
- Windows XP Professional, Windows Vista®, Windows Server 2003, or Windows Server 2008
- Administrator rights on the domain controller:
- Required replication rights can be delegated
- Some commands do not require Administrator rights
- Required replication rights can be delegated
File requirements
Repadmin.exe is included in the Windows Server 2003 Service Pack 1 (SP1) Support tools. You must install the Support tools before you can use them. For more information about how to install the Support tools, see Windows Server 2003 SP1 Support Tools in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=44321).
To obtain the Support tools if you do not have the Windows Server 2003 operating system disc, see Windows Server 2003 SP1 32-bit Support Tools on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=70775).
Previous versions of repadmin have similar functionality, but they have some limitations regarding the workstations that they can be run on and which functions they can perform. The following table lists the versions of repadmin, which operating systems they can be run on, and which domain controllers they can target.
Version
|
Client operating system
|
Target operating system
|
Important feature sets
|
Windows 2000
|
Windows 2000 and later
|
All Active Directory versions
|
/sync
/propcheck
/showreps
/showvector
/showmeta
|
Windows Server 2003
|
Windows XP Professional and Windows Server 2003
|
All Active Directory versions
|
/notifyopt
/replsummary
/replicate
/replsingleobj
/removelingeringobjects
/rehost and /unhost
/showmsg
/showattr
/syncall
/viewlist
DC_LIST
|
Windows Server 2003 with SP 1
|
Windows XP Professional and Windows Server 2003
|
All Active Directory versions
Rehost requires Windows 2000 Server SP4 and later
Remove lingering objects requires Windows Server 2003
|
/showbackup
/rehost bug fix
/regkey
|
Active Directory Application Mode (ADAM)
|
Windows XP Professional and Windows Server 2003
|
All Active Directory versions
|
/setattr
/listhelp
|
Deprecated subcommands (from Windows 2000 Server)
|
Equivalent or improved subcommands in Windows Server 2003
|
/sync
/propcheck
/showreps
/showvector
/showmeta
|
/repl or /replicate
/showchanges
/showrepl
/showutdvec
/showobjmeta
|
Repadmin command-line options
Repadmin is executed at the command prompt, and it contains several subcommands, which are described in detail in the following section.
Syntax
repadmin <subcommand> [<dsa>] [/u: <UserName>] [/pw: {<Password> | *}] [/rpc] [/ldap] [/homeserver: <dsaname>]Parameters
Parameter
|
Description
|
<subcommand>
|
One of the repadmin subcommands that is described in the subcommands section.
|
<Dsa>
|
Directory System Agent (DSA) represents the domain controller to be targeted by the repadmin subcommand.
Not all repadmin subcommands require the dsa parameter
Type repadmin /listhelp at the command line for additional information about the dsa parameter.
|
/u:<UserName>
|
Specifies the account name to use for binding to the directory. By default, /u uses the account name with which the user is currently logged on. You can use any of the following formats to specify an account name:
|
/pw {<Password> | *}
|
Specifies the password to use for authentication. If you type *, you are prompted for a password.
|
/rpc
|
Forces repadmin to communicate by using a remote procedure call (RPC) session.
|
/ldap
|
Forces repadmin to communicate by using a Lightweight Directory Access Protocol (LDAP) session. If LDAP communication fails, repadminattempts to communicate by using RPC. LDAP is the default communication method for repadmin.
|
/homeserver:<dsaname>
|
Forces repadmin to run against a specific domain controller, which is determined by the forest membership of the directory server that is represented by <dsaname>.
You can specify <dsaname> in the following formats:
<Computername>, <Dnsname>, <Dsaguid>, *, ., “site:<site>”, “fsmo_dnm:”, or “fsmo_schema:”.
|
Repadmin subcommands
Subcommand
|
Syntax and description
|
bind
|
repadmin /bind [dsa]
Connects to and displays the replication features for a directory server.
|
bridgeheads
|
repadmin /bridgeheads [dsa]
Lists the directory servers that act as bridgehead servers for a specified site.
|
checkprop
|
repadmin /checkprop [dsa] Naming ContextOriginatingDCInvocationIDOriginatingUSN
Compares the properties of specified directory servers to determine if they are up to date with each other. The source directory server contains the original information that must be checked. The data on the destination directory server is compared to the data on the source directory server.
|
dsaguid
|
repadmin /dsaguid [dsa] [GUID]
Returns a server name when given a globally unique identifier (GUID).
|
failcache
|
repadmin /failcache [dsa]
Displays a list of failed replication links that are detected by the Knowledge Consistency Checker (KCC).
|
istg
|
repadmin /istg [dsa] [/verbose]
Returns the computer name of the Intersite Topology Generator (ISTG) server for a specified site.
|
kcc
|
repadmin /kcc [dsa] [/async]
Forces KCC to calculate replication topology for a specified directory server. By default, this calculation occurs every 15 minutes.
|
latency
|
repadmin /latency [dsa] [/verbose]
Displays the amount of time between replications, by using the ISTG Keep Alive time stamp. The ISTG Keep Alive time stamp is not used in forests that are set to the Windows Server 2003 forest functional level. Instead, in those environments, use repadmin /showutdvec /latency.
|
notifyopt
|
repadmin /notifyopt [dsa] Naming Context [/first:Value] [/subs:Value]
Displays or sets the notification timing settings for replication of a specified directory partition.
|
queue
|
repadmin /queue [dsa]
Displays tasks that are waiting in the replication queue.
|
prp
|
Repadmin /prp [operation] RODC [additional arguments]
Displays or modified the Password Replication Policy for a read-only domain controller (RODC).
This command is available only for versions of Repadmin that are included in Windows Server 2008, Windows Server 2008 R2, or Remote Server Administration Tools.
The operation can be view, add, delete, or move. For view, add, and delete, RODC can be either RODC_Name or *. For move, RODC must beRODC_name.
|
querysites
|
repadmin /querysites FromSiteRDNToSite1RDN [ToSite2RDN...]
Uses routing information to determine the cost of a route from a specified site to another specified site or sites. The querysites parameter does not allow the use of alternate credentials. The relative distinguished names that are used in this command are case sensitive.
|
replicate
|
Syntax 1
repadmin /replicate destination_dsasource_dsa [/force] [/async] [/full] [/addref]
Syntax 2
repadmin /replicate destination_dsa [/force] [/async] [/full] [/addref] /allsources
Starts a replication event for the specified directory partition between the source and destination directory servers. You can determine the source GUID when you view the replication partners by using showrepl.
|
replsingleobj
|
repadmin /replsingleobject dsaDsaSourceGUIDObjectDN
Replicates a single object between any two directory servers that have partitions in common. The two directory servers do not have a replication agreement. You can show replication agreements by using the repadmin /showrepl command.
|
replsummary
|
repadmin /replsummary [dsa] [/bysrc] [/bydest] [/errorsonly][/sort:{delta|partners|failures|error|percent}]
Summarizes the replication state and relative health of an Active Directory forest.
|
rodcpwdrepl
|
repadmin /rodcpwdrepl [DSA_list] Hub DCUser1 DN [User2 DNUser3 DN]
Triggers replication of passwords for the specified users from the source Hub DC to one or more RODCs.
This command is available only for versions of Repadmin that are included in Windows Server 2008, Windows Server 2008 R2, or Remote Server Administration Tools.
|
showattr
|
repadmin /showattr dsa [OBJ_LIST] [OBJ_LIST_OPTIONS] [/attr|/attrs: attributeattribute ...] [/allvalues] [/long] [/nolongblob] [/nolongblob] [/nolongfriendly] [/dumpallblob]
The /showattr operation displays the attributes and contents of an object.
|
showcert
|
repadmin /showcert dsa
Displays the certificates (used with Simple Mail Transfer Protocol (SMTP)–based replication) that are loaded on a specified directory server.
|
showchanges
|
Syntax 1
repadmin /showchanges source_dsaNaming Context [/cookie: File] [/atts: attribute1,attribute2,...]
Syntax 2
repadmin /showchanges dest_dsaSourcedsaObjectGUIDNaming Context [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:attribute1,attribute2,...] [/filter: ldap filter]
Displays changes from a specified directory partition or changes to a specified object. "Syntax 1" saves changes to a directory partition. If this information is saved to a file, you can run the getchanges operation again for comparison. "Syntax 2" lists changes to a specified object. For this command to run properly, the account under which the command is run must possess the replication get changes right on the specified directory partition.
|
showconn
|
repadmin /showconn [dsa] [ServerRDN | ContainerDN | dsa_GUID] [/From:ServerRDN] [/intersite]
Displays the connection objects for a specified directory server. The default is local site.
|
showctx
|
repadmin /showctx [dsa] [/nocache]
Displays a list of computers that have opened sessions with a specified directory server.
|
showism
|
repadmin /showism [TransportDN] [/verbose]
Queries the Intersite Messaging Service (ISM) for site routes. This operation cannot be executed remotely.
|
showmsg
|
repadmin /showmsg {Win32Error | DSEventID | NTDSMSG}
Displays the error message for a given error number.
|
showncsig
|
repadmin /showncsig [dsa]
Each directory server maintains a directory partition signature list. This command displays a list of the removed application partition GUIDs. You can configure an application directory partition to be held or not held on a particular directory server by using ntdsutil (for Active Directory).
|
showobjmeta
|
repadmin /showobjmeta [dsa] ObjectDN [/nocache] [/linked]
Displays the replication metadata for a specified object that is stored in the directory, including attribute ID, version number, originating and local update sequence number (USN), and originating server's GUID and Date and Time stamp. When you compare the replication metadata for the same object on different directory servers, you can determine whether replication has occurred.
|
showoutcalls
|
repadmin /showoutcalls [dsa]
Displays calls that have been made by the specified directory server to other directory servers but not yet answered.
|
showproxy
|
Syntax 1
repadmin /showproxy [dsa] [Naming Context] [matchstring]
Syntax 2
repadmin /showproxy [dsa] [ObjectDN] [matchstring] /movedobject
Lists cross-domain move proxy objects. When an object is moved from one domain to another, a marker remains in the original domain. This marker is called a proxy.
|
showrepl
|
repadmin /showrepl [dsa] [SourceDCObjectGUID] [Naming Context] [/verbose] [/nocache] [/repsto] [/conn] [/csv] [/all] [/errorsonly] [/intersite]
Displays replication information. Inbound replica links are displayed by default. Outbound links can also be shown, as well as connections corresponding to those links. The command also displays errors that correspond to replica links that cannot be created by KCC. This helps an administrator build a visual representation of the replication topology and see the role of each directory server in the replication process.
|
showcig
|
repadmin /showsig [dsa]
Displays the retired invocation IDs on a directory server. A directory server changes its invocation ID when it is restored or when it rehosts an application partition.
|
showtime
|
repadmin /showtime [DSTimeValue]
Converts a directory service time value to string format for both the local and the UTC time zones.
|
showtrust
|
repadmin /showtrust [dsa]
Lists all Active Directory domains that are trusted by a specified Active Directory domain.
|
showutdvec
|
repadmin /showutdvec dsaNaming Context [/nocache] [/latency]
Displays the highest USN for the specified directory server. This information shows how up to date a replica is with its replication partners.
|
showvalue
|
repadmin /showvalue [dsa] ObjectDN [AttributeName] [ValueDN] [/nocache]
Displays the values of the type, last modified time, originating directory server, and distinguished name of a specified object.
|
syncall
|
repadmin /syncall dsa [Naming Context] [Flags]
Synchronizes a specified directory server with all replication partners. This command contains several subcommands, which are described in the usage scenarios.
By default, if no directory partition is provided in the NamingContext parameter, the command performs its operations on the configuration directory partition.
|
viewlist
|
repadmin /viewlist [dsa] [OBJ_LIST]
Displays a list of directory servers.
|
oldhelp
|
Displays a list of the operations that have been deprecated in this version of repadmin.
|
Repadmin /listhelp
Arguments
|
Values
|
Description
|
DC_LIST
|
“*”
|
All domain controllers in the enterprise
|
DC_Name
|
See under DC_NAME argument
| |
Part-server_name*
|
Would pick "part_server_name_dc_01" and "part_server_name_dc_02" but not server "part_server_diff_name".
| |
Site:site_name
|
All domain controllers in the specified site.
| |
Gc:
|
All global catalog servers in the enterprise.
| |
Fsmo_fsmo_type:fsmo_dn
|
See under FSMO_TYPE
| |
FSMO_TYPE
|
Types of operations master (also known as flexible single master operations or FSMO) role holders require different base distinguished names or relative distinguished names.
| |
Fsmo_dnm:
|
Enterprise-wide FSMO; does not take any distinguished name (also known as DN).
| |
Fsmo_schema:
|
Enterprise-wide FSMO; does not take any distinguished name.
| |
Fsmo_pdc:
|
Domain-specific FSMO; takes the distinguished name of the domain that the user specifies.
| |
Fsmo_rid:
|
Domain-specific FSMO; takes the distinguished name of the domain that the user specifies.
| |
Fsmo_im:
|
Domain-specific FSMO; takes the distinguished name of the domain that the user specifies.
| |
Fsmo_istg:
|
Site-specific quasi-FSMO; takes the relative distinguished name of the site.
| |
DC_NAME
| ||
“.”
|
Tells repadmin to try to pick a domain controller for you.
| |
Server_dns
|
Specifies a server by DNS.
| |
Dc_dsa_guid
|
Specifies a specific server by its Directory System Agent (DSA) GUID.
| |
Server_obj_rdn
|
Specifies a server by its server object relative distinguished name (usually the same as its NetBios name).
| |
Dsa_dn
|
Specifies a server by the distinguished name of its DSA object.
| |
OBJ_LIST
| ||
Ncobj:NC_NAME
|
Specifies the use of the distinguished name of NC Head that is specified in NC_NAME.
| |
Dsaobj:
|
Specifies the use of the distinguished name of the DSA that repadmin is connected to.
| |
NC_NAME
|
Config:
|
Configuration directory partition.
|
Schema:
|
Schema directory partition.
| |
Domain:
|
Domain directory partition for the domain of the domain controller that repadmin is running against.
| |
OBJ_LIST OPTIONS
|
{/onelevel | /subtree} /filter:{ldap_filter}
|
With these options, you can use the showattr and viewlist commands to cover a list of objects, instead of just a single object.
|
CSV format
The output that repadmin /showrepl returns can be difficult to navigate when you are troubleshooting replication errors or viewing replication topology in a large enterprise. There is a new feature (/CSV) that you can use to force /showrepl output to print in a tightly constrained comma-separated-value (CSV) format for programmatic manipulation or quick import and correlation in Excel.
The CSV format is also an effective way to exchange repadmin outputs because it is not prone to user errors.
To generate output as a .csv (comma-delimited) file, perform the following steps:
- Open a command prompt, type the following command, and then press ENTER:
repadmin /showrepl <DC_NAME> /csv > Repl.csv - Open Repl.csv, and then delete or hide column A and both RPC and SMTP columns.
- Select row 2. Click View, and then click Freeze Panes.
- Highlight the column heading row. Click Data, point to Filter, and then click AutoFilter.
- Click the drop-down arrow to display replication status based on your situation.
No comments:
Post a Comment