Monitoring Active Directory enterprise replication

Unlike Windows NT domains, Active Directory (AD) domains have multiple masters and so all domain controller servers must be kept up-to-date with directory modifications made at other domain controllers. AD uses two forms of replication between domain controllers – directory replication is used for directory objects (users, computers, groups, etc.) and the file replication service (FRS) replicates sysvol items (login scripts, policies, etc.).

Microsoft provides a number of free tools for monitoring and troubleshooting the FRS and at a recent Microsoft TechNet UK event, John Howard demonstrated the sonar and ultrasound tools so I decided to dig a bit deeper into their potential use.

As described in Microsoft knowledge base article 815473, the FRS cannot propagate files that are open while the propagation code is running. So, if files in the sysvol director or files hosted with the distributed file system (DFS – which also uses the FRS) aren’t being replicated, it may be because a user or an application has the files open (e.g. a virus scanner, a disk optimisation tool, or a user profile). When the system encounters sharing violations in either of these situations, it doesn’t post an error message in the FRS event log stating that the file or files to be replicated were open and couldn’t be propagated, so there is a lack of diagnostic information about what went wrong.

The sonar utility (sonar.exe – taken from the Windows 2000 Server resource kit) can help troubleshoot file-sharing violations and other replication problems. Sonar monitors key replication statistics, including traffic levels, backlogs, and free space, providing feedback about any issues and optionally logging to a comma-separated value (.CSV) file.

Sonar is effectively a cut down version of the ultrasound utility, which installs WMI providers on replica members in an organisation and effectively acts as a domain controller replica with the WMI providers gathering FRS status information, which is polled and gathered by the ultrasound controller (the service component of the tool) and pushed into its own database for analysis. By using the user interface portion of ultrasound, known as the console, administrators can configure ultrasound to alert them via email of serious problems and use an incident log to keep track of changes or tasks they performed in response to alerts. Ultrasound can also be used to propagate test files.

Other tools include:

  • The file replication service diagnostics tool (frsdiag.exe), which provides a graphical interface to help troubleshoot and diagnose problems with the FRS, gathering snap-shot information about the service, performing automated tests against that data, and compiling an overview of possible problems that may exist in the environment.
  • ntfrsutl.exe, shipped with Windows Server 2003 and part of the Windows 2000 Server resource kit, which provides a snapshot view of the FRS internal state dumping the internal tables, thread and memory information for the FRS. It runs against local as well as remote servers but to access the internal information, the logged in user should have the required access on the following registry keys on the target server:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Access Checks\Get Internal Information (Full control).
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Access Checks\Get Ds Polling Interval (Read).
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfrs\Parameters\Access Checks\Set Ds Polling Interval (Full Control).

The FRS monitoring and troubleshooting tools also include a MOM management pack for the FRS, an FRS monitoring help file and both reporting and scripting packs for Ultrasound.

For directory replication there are two tools of particular use, both of which are available as support tools for installation from the Windows Server 2003 media:

  • replmon.exe is the AD replication monitor, which allows an administrator to view the status of AD replication, to view the replication topology in a graphical format and to force replication between domain controller servers. Specifically, the AD replication monitor can be used to:
    • See when a replication partner fails.
    • View the history of successful and failed replication changes for troubleshooting purposes.
    • View the properties of directory replication partners.
    • Create applications or scripts to extract specific data from AD.
    • View a snapshot of the performance counters on the computer, and the registry configuration of the server.
    • Generate status reports that include direct and transitive replication partners, and detail a record of changes.
    • Find all direct and transitive replication partners on the network.
    • Display replication topology.
    • Poll replication partners and generate individual histories of successful and failed replication events.
    • Force replication.
    • Trigger the knowledge consistency checker (KCC) to recalculate the replication topology.
    • Display changes that have not yet replicated from a given replication partner.
    • Display a list of the trust relationships maintained by the domain controller being monitored.
    • Display the metadata of an AD object’s attributes.
    • Monitor replication status of domain controllers from multiple forests.
  • repadmin.exe is the replication diagnostics tool, whch assists administrators in diagnosing replication problems between domain controllers by allowing administrators to:
    • View the replication topology as seen from the perspective of each domain controller.
    • Manually create the replication topology (although in normal practice this should not be necessary as usually, the KCC manages the replication topology for each naming context).
    • Force replication events between domain controllers
    • View both the replication metadata and up-to-datedness vectors
    • Monitor the relative health of an AD forest using the replsummary, showreps, showreps /csv, and showvector /latency operations to check for replication problems.

In the case of directory failure, some of the troubleshooting tools available include:

  • dcdiag.exe – a support tool used to analyse domain controllers across the forest.
  • netdom.exe – a support tool which can help in verifying domain trust relationships and replication credentials.
  • ntdsutil.exe – provided with Windows 2000 and Windows Server 2003 for AD database maintenance, management of FSMO roles and clearing out unnecessary metadata (beware that this is an extremely powerful tool and should be used with care).

One thought on “Monitoring Active Directory enterprise replication

Leave a Reply