AD sync between DC's only 1 way

[alejandro]

I have 2 DC's. DC1 changes are not syncing to DC2, yet
DC2 changes are syncing to DC1.

Any idea how I could best troubleshoot what is happening
and where to look? I recently had DC1 offline for a week
or so. It had been moved to a virtual machine (VMware)
but the process did not work correctly. DC1 hardware was
subsequently brought back online, and I expected that DC2
info would then flow to DC1 and sync up properly, but I
ran into some SID issues strangely enough which I think I
corrected. No event log info that appears to be useful.

 

[S.J.Haribabu]

Hi Alejandro,

Go thru the troubleshooting replication at
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise
/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/en
terprise/proddocs/en-us/sag_ADsite_trouble_1.asp

Thanks,

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Cary Shultz [A.D. MVP]]

Alejandro!

In addition to what S.J. suggested I would like to give you a couple of
quick ideas and a link for troubleshooting Intrasite AD Replication
problems.

Here is the link:

http://support.microsoft.com/?id=249256

This is a pretty nice article that covers a lot of ground.

Anyway, I would suggest that you install the Support Tools, which you can
find on the WIN2000 Server CD as well as the WIN2000 Service Pack CD in the
Support | Tools folder. I would suggest the Service pack CD - or the
download!

You will then want to run repadmin /showreps and repadmin /showconn on both
of your Domain Controllers. It is important to know that there are three
'partitions' - or Naming Contexts - that are replicated: the Schema NC (
cn=schema,cn=configuration,dc=yourdomain,dc=com ) the Configuration NC (
cn=configuration,dc=yourdomain,dc=com ) and the Domain NC (
dc=yourdomain,dc=com ) and that AD Replication is based on incoming
connection objects.

I might also do a dcdiag /c /v as well as netdiag /v on both of your Domain
Controllers just to see the overall health of both of them.

HTH,

Cary

 

[alejandro]

dcdiag and netdiag come up clean with no errors
I ran repadmin /showreps and noticed something odd. note
as shown below the objectid and invocationid are the same
on the report run on DC1. Is this a problem?

As a background DC1 had been offline for several weeks and
the AD would have been out of sync, I was told it would
just sync up with DC2 and get updated once it was back
online.

This was run on DC1

C:\Program Files\Support Tools>repadmin /showreps
Default-First-Site-Name\DC1
DSA Options : IS_GC
objectGuid : 73e164b0-1280-4d93-856d-303f56f4a1f9
invocationID: 73e164b0-1280-4d93-856d-303f56f4a1f9

==== INBOUND NEIGHBORS
======================================

CN=Schema,CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc2 via RPC
objectGuid: 974842a9-9ab2-4ff3-b3dd-c88bacef048a
Last attempt @ 2004-09-20 13:16.27 was successful.

CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc2 via RPC
objectGuid: 974842a9-9ab2-4ff3-b3dd-c88bacef048a
Last attempt @ 2004-09-20 13:29.11 was successful.

DC=x,DC=y
Default-First-Site-Name\dc2 via RPC
objectGuid: 974842a9-9ab2-4ff3-b3dd-c88bacef048a
Last attempt @ 2004-09-20 13:32.09 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS
============

CN=Schema,CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc2 via RPC
objectGuid: 974842a9-9ab2-4ff3-b3dd-c88bacef048a

CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc2 via RPC
objectGuid: 974842a9-9ab2-4ff3-b3dd-c88bacef048a

DC=x,DC=y
Default-First-Site-Name\dc2 via RPC
objectGuid: 974842a9-9ab2-4ff3-b3dd-c88bacef048a

This was run on DC2

C:\Program Files\Support Tools>repadmin /showreps
Default-First-Site-Name\dc2
DSA Options : (none)
objectGuid : 974842a9-9ab2-4ff3-b3dd-c88bacef048a
invocationID: e62a6e82-b873-41ab-82bf-074d501496c2

==== INBOUND NEIGHBORS
=====================================

CN=Schema,CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc1 via RPC
objectGuid: 73e164b0-1280-4d93-856d-303f56f4a1f9
Last attempt @ 2004-09-20 13:16.27 was successful.

CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc1 via RPC
objectGuid: 73e164b0-1280-4d93-856d-303f56f4a1f9
Last attempt @ 2004-09-20 13:34.11 was successful.

DC=x,DC=y
Default-First-Site-Name\dc1 via RPC
objectGuid: 73e164b0-1280-4d93-856d-303f56f4a1f9
Last attempt @ 2004-09-20 13:32.00 was successful.

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS
===========

CN=Schema,CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc1 via RPC
objectGuid: 73e164b0-1280-4d93-856d-303f56f4a1f9

CN=Configuration,DC=x,DC=y
Default-First-Site-Name\dc1 via RPC
objectGuid: 73e164b0-1280-4d93-856d-303f56f4a1f9

DC=x,DC=y
Default-First-Site-Name\dc1 via RPC
objectGuid: 73e164b0-1280-4d93-856d-303f56f4a1f9

 

[alejandro]

I just did some additional testing.
On DC2 if I do a "repadmin /sync dc=x,dc=y dc2 guidIDofdc1"
it says successfully completed but it does not update data
like it should (in this case I tried a new user that had
been added and a changed description value for a user). If
I ran the same command using /full parameter then the
proper update happened.

What does this tell me? I want syncing to happen
automatically.