Active Directory Domain Services uses pull replication to replicate Active Directory Partitions. This means that the Domain Controller on which replication is started receives the data from the source Domain Controller. It’s like a one way ticket.
If you want to replicate all Domain Controllers, then you have to start replication on each of them separately. This may take a while. To save time, I am going to show you a PowerShell One-Liner to force replication on all Domain Controllers of all Active Directory Sites. Let’s take a look at this One-Liner now.
Force Replication of all Domain Controllers on all Sites
Suppose, you have one Domain with multiple sites. (One Forest and one Forest Root Domain).
Log on to one of your Domain Controllers. Start Windows PowerShell with administrative privileges. The domain name and the domain partition don’t need to be specified. They will be filled automatically by Get-ADDomain. 😉
function Replicate-AllDomainController {
(Get-ADDomainController -Filter *).Name | Foreach-Object {repadmin /syncall $_ (Get-ADDomain).DistinguishedName /e /A | Out-Null}; Start-Sleep 10; Get-ADReplicationPartnerMetadata -Target "$env:userdnsdomain" -Scope Domain | Select-Object Server, LastReplicationSuccess
}
Once completed, you get a nice overview with the computer names of the Domain Controllers and the time of the Last Replication Success.
That’s it.
Have fun replicating your DC’s! More about repadmin here:
https://technet.microsoft.com/en-us/library/cc835086(v=ws.11).aspx
See also
PowerShell: Adding Active Directory Users from Text Files (Bulk)
Windows Server 2016: Configuring Time based Group Membership with PowerShell
PowerShell: Changing Active Directory user logon names (Bulk)
Categories: PowerShell, Windows Server
My name is Patrick Gruenauer. Microsoft MVP on PowerShell. Have fun reading.
Can you wrap it like this for a forest?
$Domains = Get-ADForest | Select -ExpandProperty Domains
Foreach ($domain in $Domains){
function Replicate-AllDomainController {
(Get-ADDomainController -Filter *).Name | Foreach-Object {
repadmin /syncall $_ (Get-ADDomain).DistinguishedName /e /A | Out-Null}`
; Start-Sleep 10; Get-ADReplicationPartnerMetadata -Target “$env:userdnsdomain” -Scope Domain | Select-Object Server, LastReplicationSuccess
}
Replicate-AllDomainController
}
LikeLike
Looks good. Put the foreach loop into the function and it will be fine I guess.
LikeLike
I don’t really break-down by domain… it’s enough to get DC names from each site when you know the forest.
Here’s what I wrote – should be plug-and-play if you load the ActiveDirectory module by default… Gives you a nice little table showing replication results afterwards too:
# Get the current Forest name
$Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
# Enumerate all the DC names (FQDN) into an array
$DCnames = $Forest.Sites | % {$_.Servers.Name}
Write-Output “Starting repadmin syncall on the following DCs: $DCNames”
# Run the commands on each DC
Invoke-Command -ComputerName $DCNames -command {
(Get-ADDomainController -Filter *).Name |
Foreach-Object {repadmin /syncall $_ (Get-ADDomain).DistinguishedName /e /A > $null};
Start-Sleep 05;
Get-ADReplicationPartnerMetadata -Target “$env:userdnsdomain” -Scope forest |
Select-Object Server, LastReplicationAttempt, lastReplicationResult
} | sort PSComputerName | Format-Table PSComputerName, Server, LastReplicationAttempt, LastReplicationResult
I use it in a lab all the time (3 domains, 2 DCs per domain, 2 AD sites), but would be a little scared to kick it off in our global production AD, just ’cause of the replication storm it may produce…:
do please let me know if you like it… 🙂
LikeLiked by 1 person
Can you wrap it like this for a forest?
LikeLike
The Option Filter * ist quite not working as the defautl ist exactly this. Secondly your command works only for one domain. A better way to get all domain controlles and to push replication is to go through sites. Getting thus the sites and in the sites Servers and from there than running repladm /syncall for evrey server.
LikeLike
Hi,
As mentioned at the beginning of the article it is designed for one domain with multiple sites.
Best,
P
LikeLike
Hi Patrick, Nice article – but when I run your code it only replicates DCs in the domain I ran it in. I have a 3-domain forest which means I need to run this on a dc in each domain in the forest. Is there a way to run once and have replication run against all DCs in all domains?
LikeLike
Hi, the command relocates only all dcs of the domain. Look at the code and modify it to get all forest dcs.
LikeLike
Thanks Patrick- sort of a hack myself so not sure I know how to do that… – i saw your article mentioned a 2 domain forest at the top – and yet it only covers one domain, so I asked. 🙂
I did incorporate your one-liner function into an “invoke-Command” statement, where I just listed all my DC computer names in my forest. It works (even if it complains a little) but I imagine that’s not really the best way to get this done… 😉
LikeLike
Nice!
LikeLike
ok – my bad… no you don’t. You only mention 1 forest with 1 forest root. sorry…. but can you help a PoSH hack out?
LikeLike
This is a great.
Sorry if this is a newbie questions but is there any way this can be ran as a .PS1 script and not in PowerShell ISE?
Thanks.
LikeLike
Hi, in my download section you’ll find what you are looking for. All the best, P
LikeLike
Thanks for the reply, thats a great resource in the downloads section.
But it doesn’t replicate or show the overview of replication success when I run it as a PS1 script. But works if I run it in PSE.
Probably a schoolboy error on my half. I’m just right clicking the PS1 script I got form your downloads section and selecting Run with PowerShell.
LikeLike
It’s a psm file. Look at the other posts in the download section how to make it permanent available and run it.
LikeLike
Thank you for this, simple and efficient
LikeLiked by 1 person
Would be very helpful if you could explain what these powershell-snippets actually do. Such one-liners are often a little hard to read.
LikeLike
You only have to pay attention to the first two lines. Get-ADDomainController receives the Names of all DCs. This names are then piped to Foreach-Object that runs repadmin on all of them with no ouput (Out-Null). Then the script goes to sleep for 10 seconds. Afterwards ReplicationData from all DCs are retreived to view the replication status.
For some it’s hard to read for others not. I love it.
But yes, in complex scripts it’s more useful to use the common script struture.
LikeLike
Thanks. Why is the “Start-Sleep 10” needed?
LikeLike
The purpose of Start-Sleep is to wait a few seconds. You can skip that. It’s just to make sure that Get-ADReplicationMetaData gets the recent results.
LikeLike
Hello Patrick,
Simplicity is the key.
Great article.
LikeLike