Active Directory, Troubleshooting

Fix Missing Replication Object in Active Directory

How to create a replication connection object in Sites and Services manually (not replication connections, which are actually created by KCC), I am looking at how to create Replication Links, which are essential in creating a connection.

Why do we need to do this ? This is an extremely complex activity and if not planned and executed properly, you should know what will happen!! if not, this activity is not for you.

  1. When there is a replication Issue and one of the 2 scenarios occur
    • The replication connection object was missing for one of the DCs (either in the local domain or in a trusted domain) from the “Find Domain Controllers” dialogue box in “Sites & Services”
    • Or simply put, the “NTDS Settings” object is missing for a DC (either local or remote).
  2. Let’s see how a replication connection is made:
    • Knowledge Consistency Checker (KCC) is responsible for creating the replication topology (intersite and intrasite). The first thing it does is to look at the DSA objects present in the AD Configuration Partition. These objects are identified in the “Sites and Services” as “NTDS Settings” for each server which is identified as a Domain Controllers. This settings contain specific data that is used in configuring replication between 2 DCs.
  3. Now that we know how KCC is able to forge the replication topology, and we realized that it’s not able to do its duty because a replication connection object is not present, let’s see how to go about creating one. Here are the things we need before we get our hands dirty.
    1. Need the GUID of the Source DC:
      • GUID (Globally Unique Identifier) of the Source DC
      • Source DC is the one that we want the replication to happen from.
    2. To get the GUID, [You can use, Repadmin or LDP as described below]
      1. Repadmin
        • Login to that Source DC and Run “Repadmin /showreps” and make a note of DSA object GUID
        • repadmin-showreps
      2. LDP
        • Open LDP and Connect  to the DC and Bind the correct user Creds by clicking (Ctrl+B)
        • LDPLDP-Connect
        • Click “Ctrl+S” to invoke the Search Option and set
        • Base DN: CN=Sites,CN=Configuration,DC=RootDomainName,DC=Com
          • RootDomainName is the domain name of the DC you are looking GUID for
        • Filter : (cn=NTDS Settings)
        • Scope: Subtree
        • Attributes: objectGUID
        • LDP-Search
        • Look for the Server name and make a note of the GUID
        •  Example
          • Dn: CN=NTDS Settings,CN=MyPDC,CN=Servers,CN=SomeSite,CN=Sites,CN=Configuration,DC=MuraliPalla,DC=com
          • objectGUID: 3c56a3a8-90a6-4eda-9913-24cda859270a;
  4. Now that we have the GUID of the source DC (The good DC where replication is not having any issues), we need to create the object on the Destination (DC with issues)
    1. The syntax of the command to do this is “repadmin /add context destination source”
      1. Context = is the LDAP (DN) of the partition of the directory to be replicated
      2. Destination = is the FQDN of the problematic DC (Which is the local DC you are working on)
      3. Source = the FQDN of the source DC or the GUID
    2. when GIUD is being used as the source,
      1. the syntax would be “
      2. example “
      • Example:
        1. (using GUID)
          • Repadmin /add cn=configuration,dc=muralipalla,dc=com
        2. (using FQDN)
          1. Repadmin /add cn=configuration,dc=muralipalla,dc=com
    3. After this command is run, now we have to initiate the replication:
      1. Syntax: (Use Destination GUID only)
        1. repadmin /sync context destination source [We already know what context, destination and source are..]
      2. Example:
        1. Repadmin /sync cn=configuration,dc=muralipalla,dc=com 3c56a3a8-90a6-4eda-9913-24cda859270a
  5. We are done!! Check the replication status using Repadmin /showreps or replmon