Tools You Can Use to Maintain Active Directory's Health

Part 3 of our series on various tools you can use to maintain Active Directory's health in Windows 2000.

By Brien M. Posey | Posted Dec 26, 2000
Page 1 of 2
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

In Part 2 of this series, I began discussing the Replication Diagnostic Tool. In this article, I'll discuss this tool in greater detail. I'll then go on to discuss some other tools that you can use to keep your Active Directory healthy.

The Replication Diagnostic Tool

As I discussed in Part 2, the Replication Diagnostic Tool is a command-line tool that can be used to spot replication problems such as an offline server or a LAN or WAN link that's unavailable. This tool can also be used to establish a replication topology. However, you should never create your own replication topology unless you have a good reason for doing so and know exactly what you're doing, because creating a custom replication topology interferes with the replication topology that Windows creates automatically. Under normal circumstances, the Knowledge Consistency Checker (KCC) automatically manages the replication topology. Incorrectly using this tool interferes with Windows' built-in ability to manage replication and can even cause replication to stop completely. With that said, I'll begin discussing how to use the tool for diagnostic purposes.

The Replication Diagnostic Tool relies on an executable file called REPADMIN.EXE. If you enter the command REPADMIN /?, you'll find that the syntax of this command can be a bit tedious. However, as you'll see later, using the Replication Diagnostic Tool isn't as complicated as it might first appear.

Basically, like many other command-line tools, the Replication Diagnostic Tool only requires you to follow the name of the executable file with a command and the arguments that the command requires. You can also supplement the command and arguments with the domain, username, and password of the user who should be executing the command. However, you have to add this information only if you're currently logged in as a user who has insufficient privileges to execute the command.

If you're building a batch file or you simply don't want the password to appear on screen, you can use an asterisk (*) in place of the password; doing so will make the tool ask for the password when the command is executed. You can see how to add a user name and password to the command in this example:

REPADMIN /command <arguments> /U:domain\\username /pw:*

Forcing the KCC to Run

Now that you understand the basic syntax of the command, let's look at how to use some of the Replication Diagnostic Tool's more common functions. I mentioned earlier that the KCC is normally responsible for managing the network's replication topology. You can use the REPADMIN command to force the KCC to run. To do so, enter the following command:

REPADMIN /KCC <server name>

The Replication Diagnostic Tool can also be used to view the current replication topology. Essentially, this means viewing all of a server's replication partners, as long as those partners can be reached. As you can see, because this tool doesn't display any replication partners that are unreachable, it can help you spot communications problems. To display the replication partners for a given server, enter the following command:

Viewing the Current Replication Topology

REPADMIN /SHOWREPS <server name> 

You can also append a directory context to the command in the form of DC=POSEY. When you execute this command, you'll see results similar to the following. In real life, you'd also see a summary of the replication partners, but I've cut off that part in the interest of saving space:

C:\>repadmin /showreps cartman
Default-First-Site-Name\CARTMAN
DSA Options : IS_GC
objectGuid  : 6d50c320-84f2-4197-bc98-5b51f9a93f9b
invocationID: 6d50c320-84f2-4197-bc98-5b51f9a93f9b

==== INBOUND NEIGHBORS ======================================

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter