Dev_GOD_Almighty

Active Directory Forced Replication

Hi all, this is what happened today at work, to me, an Accidental Active Directory Administrator, amongst other “virtues”.

The Reason?

A developer enters the room … silence… as if God Almighty came down to earth.

He was furious ,someone cannot say who, went over and beyond his duties and added him to Active Directory guests group. So every time he would log off the user profile would be deleted.

No biggie you say … well you know he is a developer … unaware of any-other drive than C:\ and any-other than c:\users\Dev_GOD_Almighty\Desktop\Very_Big_Project.exe.

With that being said he was removed from guests group and since we keep a plethora of Active Directory servers we needed to force this changed to every directory server. Someone cannot say who, suggested the following :

  1. Open Sites and services
  2. Expand Sites > Default-First-Site-Name
  3. Locate directory server you altered and expand
  4. Click on NTDS Settings
  5. Right click on the entries you see on the right hand side and select “replicate now”

I was bored to do all this clicking, honest to Dev God Almighty, so i push my self to remember the CLI command to force replication.

Luckily i did, the command is repadmin and this is what i did:

  1. Opened cmd from a client
  2. Wrote down repadmin /replicate Dest_SRV Source_SRV DC=Paradise,Dc=Lost /force

If you get Sync from Source_SRV to Dest_SRV completed successfully you are done, replication is forced.

Ten minutes later i received a call by the Dev, thanking me for my prompted response to his problem … Now I’m in God’s almighty favor!!!!

Lessons Learned

The repadmin command comes with a variety of switches that will help you do your job in a quick and efficient way:

  • /showrepl command helps you understand the replication topology and replication failures
  • /replicate triggers the immediate replication of the specified directory
    partition to the destination domain controller from the source DC
  •  /replsummary  summarizes quickly and concisely the replication state and relative health of a forest
  •  /syncall synchronizes a specified domain controller with all replication
    partners.

P.S. I still cannot say who moved him to guest group….