Replication

Data replication is crucial for a healthy AD environment. For a given domain controller, we can find its inbound replication partners using this:

Get-ADReplicationPartnerMetadata -Target REBEL-SRV01.rebeladmin.com

The preceding command provides a detailed description for the given domain controller, including last successful replication, replication partition, server, and so on.

We can list all the inbound replication partners for the given domain using the following:

Get-ADReplicationPartnerMetadata -Target "rebeladmin.com" -Scope Domain

In the preceding command, the scope is defined as the domain. This can be changed to the forest to get a list of the inbound partners in the forest. The output is based on the default partition. If needed, the partition can be changed using –Partition into configuration or schema partition. It will list the relevant inbound partners for the selected partition.

Associated replication failures for a site, forest, domain, and domain controller can be found using the Get-ADReplicationFailure cmdlet:

Get-ADReplicationFailure -Target REBEL-SRV01.rebeladmin.com

The preceding command will list the replication failures for the given domain controller.

Replication failures for the domain can be found out using this:

Get-ADReplicationFailure -Target rebeladmin.com -Scope Domain

Replication failures for the forest can find out using the following:

Get-ADReplicationFailure -Target rebeladmin.com -Scope Forest

Replication failures for the site can find out using the following:

Get-ADReplicationFailure -Target LondonSite -Scope Site

In the command, LondonSite can be replaced with a relevant site name.

Using both Get-ADReplicationPartnerMetadata and Get-ADReplicationFailure, the following PowerShell script can provide a report against a specific domain controller:

## Active Directory Domain Controller Replication Status##
$domaincontroller = Read-Host 'What is your Domain Controller?'
## Define Objects ##
$report = New-Object PSObject -Property @{
ReplicationPartners = $null
LastReplication = $null
FailureCount = $null
FailureType = $null
FirstFailure = $null
}
## Replication Partners ##
$report.ReplicationPartners = (Get-ADReplicationPartnerMetadata -Target $domaincontroller).Partner
$report.LastReplication = (Get-ADReplicationPartnerMetadata -Target $domaincontroller).LastReplicationSuccess
## Replication Faliures ~#
$report.FailureCount = (Get-ADReplicationFailure -Target $domaincontroller).FailureCount
$report.FailureType = (Get-ADReplicationFailure -Target $domaincontroller).FailureType
$report.FirstFailure = (Get-ADReplicationFailure -Target $domaincontroller).FirstFailureTime
## Format Output ##
$report | select ReplicationPartners,LastReplication,FirstFailure,FailureCount,FailureType | Out-GridView
The aforementioned script is displayed in an easy way for readers to understand. When it is used in PowerShell make sure to prevent extra line spaces.

In this command, it will give an option for the engineer to specify the Domain Controller name:

$domaincontroller = Read-Host 'What is your Domain Controller?'

Then, it creates an object and maps it to the result of the PowerShell command outputs. Last but not least, it provides a report to display, including the following:

  • Replication partner (ReplicationPartners)
  • Last successful replication (LastReplication)
  • AD replication failure count (FailureCount)
  • AD replication failure type (FailureType)
  • AD replication failure first recorded time (FirstFailure)

Further to AD replication topologies, there are two types of replications:

  • Intra-site: Replications between domain controllers in the same AD site
  • Inter-site: Replication between domain controllers in different AD sites

We can review AD replication site objects using the Get-ADReplicationSite cmdlet. The following command returns all the AD replication sites in the AD forest:

Get-ADReplicationSite -Filter *

The following screenshot show output for the preceding command:

We can review AD replication site links on the AD forest using the following:

Get-ADReplicationSiteLink -Filter *

In site links, the most important information is to know the site cost and the replication schedule. This allows you to understand the replication topology and expected delays in replications.

The following command lists all the replication site links, which includes the CanadaSite along with the site link name, link cost, and replication frequency:

Get-ADReplicationSiteLink -Filter {SitesIncluded -eq "CanadaSite"} | Format-Table Name,Cost,ReplicationFrequencyInMinutes -AutoSize

A site link bridge can be used to bundle two or more site links and enable transitivity between site links.

Site link bridge information can be retrieved using the following:

Get-ADReplicationSiteLinkBridge -Filter *

AD sites uses multiple IP subnets that are assigned to sites for its operations. It is important to associate these subnets with AD sites so that domain controllers know which computer is located at which site.

The following command will list all the subnets in the forest in a table with the subnet name and AD site:

Get-ADReplicationSubnet -Filter * | Format-Table Name,Site -AutoSize

The following screenshot show output for the preceding command:

Bridgehead servers operate as the primary communication point to handle replication data that comes in and goes out from the AD site.

We can list all the preferred bridgehead servers in a domain:

$BHservers = ([adsi]"LDAP://CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=rebeladmin,DC=com").bridgeheadServerListBL
$BHservers | Out-GridView

In the preceding command, the attribute value bridgeheadServerListBL
is retrieved via the ADSI connection.
We can list all of these findings using the following script:

## Script to gather information about Replication Topology ##
## Define Objects ##
$replreport = New-Object PSObject -Property @{
Domain = $null
}
## Find Domain Information ##
$replreport.Domain = (Get-ADDomain).DNSroot
## List down the AD sites in the Domain ##
$a = (Get-ADReplicationSite -Filter *)
Write-Host "########" $replreport.Domain "Domain AD Sites" "########"
$a | Format-Table Description,Name -AutoSize
## List down Replication Site link Information ##
$b = (Get-ADReplicationSiteLink -Filter *)
Write-Host "########" $replreport.Domain "Domain AD Replication SiteLink Information" "########"
$b | Format-Table Name,Cost,ReplicationFrequencyInMinutes -AutoSize
## List down SiteLink Bridge Information ##
$c = (Get-ADReplicationSiteLinkBridge -Filter *)
Write-Host "########" $replreport.Domain "Domain AD SiteLink Bridge Information" "########"
$c | select Name,SiteLinksIncluded | Format-List
## List down Subnet Information ##
$d = (Get-ADReplicationSubnet -Filter * | select Name,Site)
Write-Host "########" $replreport.Domain "Domain Subnet Information" "########"
$d | Format-Table Name,Site -AutoSize
## List down Prefered BridgeHead Servers ##
$e = ([adsi]"LDAP://CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=rebeladmin,DC=com").bridgeheadServerListBL
Write-Host "########" $replreport.Domain "Domain Prefered BridgeHead Servers" "########"
$e
## End of the Script ##
The aforementioned script is displayed in an easy way for readers to understand. When it is used in PowerShell make sure to prevent extra line spaces.

The only thing we need to change is the ADSI connection with the relevant domain DN:

$e = ([adsi]"LDAP://CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=rebeladmin,DC=com")
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.221.13.173