Checking Active Directory Replication Using PowerShell

Thursday Nov 20th 2014 by Nirmal Sharma

Discover six useful PowerShell cmdlets offered through Windows Server 2012 for checking and troubleshooting Active Directory replication status.

There are various ways to check Active Directory replication status. You can use command-line tools as well as GUI tools to check the replication status for one or all domain controllers in an Active Directory forest. The REPADMIN command-line tool, which ships with Windows Server, has been the primary tool to check AD replication status since the release of Windows Server 2003.

ADREPLSTATUS, sometimes referred to as the Active Directory Replication Status Tool, is a GUI tool developed by Microsoft that also helps you find replication errors. Windows Server Tutorials ADREPLSTATUS tool uses .NET Framework library functions to process replication status commands.

Starting with Windows Server 2012, Microsoft has also included the ability to check AD replication status using Windows PowerShell. There are six PowerShell cmdlets offered by Windows PowerShell on Windows Server 2012 and later versions of the operating system.

It is important to understand that before you can use AD replication PowerShell cmdlets, you must import the Active Directory PowerShell modules using the "Import-Module ActiveDirectory" command.

Note: Active Directory PowerShell modules are imported automatically on a domain controller running Windows Server 2012 R2.

The AD replication PowerShell cmdlets that we'll look at are available on Windows Server 2012, Windows Server 2012 R2, Windows 8.0 and Windows 8.1. You must install Remote Server Administration Tools (RSAT) for AD DS on non-domain controllers to use these PowerShell cmdlets.

1. Get-ADReplicationFailure

The Get-ADReplicationFailure PowerShell cmdlet can be used to check AD replication status for all or specific Active Directory domain controllers. The Get-ADReplicationFailure cmdlet helps you get the information about replication failure for a specified server, site, domain, or Active Directory forest. For example, to get the replication status for a specific domain controller, failure counts, last error, and the replication partner it failed to replicate with, execute the command below:

  • Get-ADReplicationFailure NKAD1.test.local

You can also set the scope to see the replication status for all domain controllers in a specific site. As an example, the below command returns the replication status for all domain controllers in the Dallas Active Directory site and populates the result in a table:

  • Get-ADReplicationFailure -scope SITE -target Dallas | FT Server, FirstFailureTime, FailureClount, LastError, Partner -AUTO

The above command fetches the replication status of all domain controllers in the Dallas site and includes the date and time of the first failure, total failures, last error number, and the replication partner it failed with. The value returned by the LastError parameter is actually a number that can easily be decoded by running the NET HELPMSG <Error Number> command.

2. Get-ADReplicationAttributeMetadata

Get-ADReplicationAttributeMetadata shows the attribute and replication metadata for a specific Active Directory object. For example, to get an object's replication metadata and attribute status, execute the command below:

  • Get-ADReplicationAttributeMetadata -Object "CN=Domain Admins,CN=Users,DC=test,DC=local" -Server NKAD1 -ShowAllLinkedValues

The above command shows the replication metadata of the "Domain Admins" object. The ShowAllLinedValues parameter instructs the command to return all linked values if any of the attributes of Domain Admins is multi-valued. This command is very useful if you are troubleshooting replication issues for a particular Active Directory object.

3. Get-ADReplicationPartnerMetadata

In case you need to see the replication metadata for a replication partner, use the Get-ADReplicationPartnerMetadata PowerShell cmdlet as shown in the following command:

  • Get-ADReplicationPartnerMetadata -target NKAD1.Test.Local

Running the above command will show you the information such as LastChangeUSN, whether the compressions is enabled or not, the last date and time the replication attempt was made, and the last date and time the replication was successful. This is a very useful cmdlet if you need to get a view of the replication status for all domain controllers in the Active Directory forest. For example, the command below helps you retrieve specified metadata for all domain controllers in an AD forest:

  • Get-ADReplicationPartnerMetadata -Target * -Scope Server | where {$_.LastReplicationResult -ne "0"} | Format-Table Server, LastReplicationAttempt, LastReplicationResult, Partner

4. Get-ADReplicationQueueOperation

The Get-ADReplicationQueueOperation PowerShell cmdlet is useful if you need to know if any replication operations are pending on a specified server.

5. Sync-ADObject

The Sync-ADObject PowerShell cmdlet helps you replicate an Active Directory object to all the domain controllers across an Active Directory forest. The Sync-ADObject cmdlet can be very helpful if you need an object to be replicated immediately regardless of the replication interval. For example, the following command replicates the user "James" to all the domain controllers:

  • Get-ADDomainController -filter * | ForEach {Sync-ADObject -object "CN=James, OU=BusinessUsers, DC=Test, DC=Local" -source NKAD1 -destination $_.hostname}

6. Get-ADReplicationUpToDatenessVectorTable

Using Get-ADReplicationUpToDatenessVectorTable, an Active Directory administrator can list the highest Update Sequence Number (USN) for a specified domain controller. To get the highest USN for a specific domain controller, execute the command below:

  • Get-ADReplicationUpToDatenessVectorTable -Target NKAD1.Test.local

In case you need to see the highest USN for a specific Active Directory partition, use the -Partition switch as highlighted in the command below:

o  Get-ADReplicationUpToDatenessVectorTable -Target NKAD1,NKAD2 -Partition Schema

The above command retrieves the highest USN of the Schema partition for both the NKAD1 and NKAD2 domain controllers.

Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He has specialized in Microsoft Technologies since 1994 and has followed the progression of Microsoft Operating System and software. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Solution IDs for Nirmal can be reached at

Follow ServerWatch on Twitter and on Facebook

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved