Tools You Can Use to Maintain Active Directory's Health
Part 3 of our series on various tools you can use to maintain Active Directory's health in Windows 2000.
In Part 2 of this series, I began discussing the Replication Diagnostic Tool. In this article, I'll discuss this tool in greater detail. I'll then go on to discuss some other tools that you can use to keep your Active Directory healthy.
The Replication Diagnostic Tool
The Replication Diagnostic Tool relies on an executable file called REPADMIN.EXE. If you enter the command REPADMIN /?, you'll find that the syntax of this command can be a bit tedious. However, as you'll see later, using the Replication Diagnostic Tool isn't as complicated as it might first appear.
Basically, like many other command-line tools, the Replication Diagnostic Tool only requires you to follow the name of the executable file with a command and the arguments that the command requires. You can also supplement the command and arguments with the domain, username, and password of the user who should be executing the command. However, you have to add this information only if you're currently logged in as a user who has insufficient privileges to execute the command.
If you're building a batch file or you simply don't want the password to appear on screen, you can use an asterisk (*) in place of the password; doing so will make the tool ask for the password when the command is executed. You can see how to add a user name and password to the command in this example:
REPADMIN /command <arguments> /U:domain\\username /pw:*
Forcing the KCC to Run
Now that you understand the basic syntax of the command, let's look at how to use some of the Replication Diagnostic Tool's more common functions. I mentioned earlier that the KCC is normally responsible for managing the network's replication topology. You can use the REPADMIN command to force the KCC to run. To do so, enter the following command:
REPADMIN /KCC <server name>
The Replication Diagnostic Tool can also be used to view the current replication topology. Essentially, this means viewing all of a server's replication partners, as long as those partners can be reached. As you can see, because this tool doesn't display any replication partners that are unreachable, it can help you spot communications problems. To display the replication partners for a given server, enter the following command:
Viewing the Current Replication Topology
REPADMIN /SHOWREPS <server name>
You can also append a directory context to the command in the form of DC=POSEY. When you execute this command, you'll see results similar to the following. In real life, you'd also see a summary of the replication partners, but I've cut off that part in the interest of saving space:
C:\>repadmin /showreps cartman
DSA Options : IS_GC
objectGuid : 6d50c320-84f2-4197-bc98-5b51f9a93f9b
==== INBOUND NEIGHBORS ======================================
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============