In case you are troubleshooting Active Directory replication, there are many tools that you can use from the command line. However, if you remember, there used to be a GUI tool called the Active Directory Replication Status tool that was a visual representation of your replication status. Let’s look at an Active Directory Replication Status Tool replacement (unofficially) and where you can get it.
Brief overview of Active Directory replication
Replication in Active Directory is the way that all Windows Server domain controllers in an Active Directory Domain (in the multi-master model) keep themselves consistent with each other. So you can be confident that a user, group, etc exists on one DC as well as another. Also, things like passwords are synchronized, no matter which domain controller is used for authentication.
If things go wrong with Active Directory Replication, the problems are not always obvious. This is why AD replication problems are often hard to notice immediately. They often creep in and then rear their ugly head when you least expect it.
If you only troubleshoot AD replication problems every few months, you have to scratch your head on which tools do what from the command line and which you need to use for troubleshooting. That was the nice thing about the Active Directory Replication Status tool (ADReplStatus). It allowed monitoring and troubleshooting from a GUI.
Command line Active Directory replication troubleshooting
What are the command line tools used with troubleshooting Active Directory replication? There are quite a number of command line tools that are either specifically meant to troubleshoot replication. Some of those tools include the following:
- Dcdiag – used to view and troubleshoot general domain controller health
- Repadmin – a tool used to configure, manage, and troubleshoot Active Directory replication
- Replsum – A specific switch of the repadmin command that helps to view the current status of Active Directory replication and if there are replication issues between domain controller partners
- Netdiag – This tool is used to view and troubleshoot additional issues with domain controller functionality and general network connectivity
These are not the only command line tools available. However, they are some of the most commonly used tools when needing to troubleshoot Active Directory replication status and view any issues that may be present in the environment.
What is/was the AD Replication Status tool?
You likely remember but the tool was a visual status of AD replication. It provided some really good features like:
- Autodiscovery – would discover your DCs
- It had different views like Errors only to help quickly go to problem areas
- It discovers lingering objects, etc
- It integrates with resolution articles from Microsoft
- You can sort and group information
- Export replication status to excel or other tools
- You can customize the display columns.
- The view of the Active Directory replication environment was real-time and it displayed the replication status in a GUI that was fairly intuitive although looking old. You could filter the status of replication by domain controller, replication partner, or error type.
If you visit the official download site here: How to get and use the Active Directory Replication Status Tool – Windows Server | Microsoft Learn you will see the following message:
As of June 2nd, 2023, the Active Directory REplication STatus Tool is no longer available for download…
It appears that on the GitHub site the developer of the new tool mentions an SSL error timebomb and unhandled exception possibly being the reason the tool was deprecated
So, long story short, the old version of the tool is no longer available. However, thanks to the work of a Microsoft developer, (Ryan Ries), and contributor to the open-source community, the new version of the tool is available on GitHub for download here: GitHub – ryanries/ADReplStatus: AD Replication Status Tool.
The new version of the ADReplStatus tool
For the most part, it looks like the original tool and can do all the same things. However, it is not endorsed by Microsoft and is a personal project of Ries who is a Microsoft employee.
New AD Replication Status Tool
Launching the tool, you will see the status increment as it scans the environment. This might take a couple of minutes if you have a lot of sites and domain controllers:
The new ADReplStatus tool looks like the other with a face lift of sorts without the old style Office ribbon as the header. Here is a screenshot of the tool connected to an environment with the DC replication status and partners showing, as well as last sync message among other information.
Analyzing errors using the new tool
The new tool can make errors very obvious so you can dial in on these quickly:
Another view of AD replication status errors.
Advanced features of the tool
The latest version of the tool has some good features that are worth noting that make having everything you need to troubleshoot at your fingertips. This includes built in tools for:
- Ping
- Initate RDP connection
- Enter PowerShell session
- Port Tester
These are found when you right-click on a domain controller in the window.
Port tester
The port tester is an amazing addition since it will allow you to automatically test all the AD-specific ports needed and required by Active Directory without having to remember what these are:
- Remote Procedure Call // EndpointMapper
- LDAP
- LDAP SSL
- Domain Name Service
- Global Catalog LDAP
- Global Catalog LDAP SSL
- Kerberos authentication
- SMB, NetLogon, SamR
Wrapping up
If you are looking for the Active Directory Replication Status tool replacement, be advised it is no longer available. The new tool looks like it wasn’t updated since May 2023. Hopefully this project will have enough momentum to continue development as it would be a shame to lose this version of the tool as well. Kudos to the developer and community contributions made to keep the tool alive and well for use to monitor and troubleshoot Active Directory domain replication.
