question

Yankee30 avatar image
0 Votes"
Yankee30 asked DSPatrick answered

Replication confirmation on fresh domain controller to move FSMO roles on to it.

What all things can confirm that a freshly installed Domain Controller is completely replicated & upto date so that FSMO roles can now be moved on to it.

These are things which I think shall be checked , please confirm if there's anything else that should be checked and help me with certain confusions in it.

  1. Comparing NTDS.DIT DB file size to other DC- Can I pick any DC in the domain or any specific DC I shall be comparing the DB size with ? Do all the DC's have same NTDS.DIT size?

  2. Comparing SYSVOL folder size to other DC- Can I pick any DC in the domain or any specific DC I shall be comparing the DB size with ? Do all the DC's have same SYSVOL size?

  3. Below is the output for repadmin /queue, does this tell me per below output that my DC is completely replicated & can now have the FSMO roles ?

C:\Users\administrator>repadmin /queue
Repadmin: running command /queue against full DC localhost
Queue contains 0 items.

  1. Output for repadmin /showrepl shows me that last attempt for all inbound neighbors was successful.

  2. No replication errors in DFSR logs

  3. Below is the output for repadmin /replsum, does this tell me per below output that my DC is completely replicated & can now have the FSMO roles ? Note:- have changed the DC names

C:\Users\administrator>repadmin /replsum
Replication Summary Start Time: 2021-05-20 16:33:14
Beginning data collection for replication summary, this may
................................................
Source DSA largest delta fails/total %% error
DC01 41m:43s 0 / 8 0
DC02 38m:04s 0 / 12 0
DC03 12m:16s 0 / 8 0
DC04 12m:16s 0 / 4 0
DC05 35m:06s 0 / 8 0
DC06 45m:15s 0 / 8 0
DC07 13m:27s 0 / 11 0
DC08 39m:43s 0 / 4 0
DC09 45m:43s 0 / 4 0
DC10 47m:05s 0 / 8 0
DC11 04m:03s 0 / 4 0
DC12 12m:23s 0 / 4 0
DC13 16m:27s 0 / 15 0
DC14 18m:13s 0 / 18 0
DC15 18m:13s 0 / 25 0
DC16 09m:58s 0 / 21 0
DC17 18m:13s 0 / 11 0
DC18 41m:04s 0 / 8 0
DC19 39m:44s 0 / 4 0
DC20 16m:28s 0 / 12 0
DC21 12m:24s 0 / 19 0
DC22 18m:11s 0 / 27 0
DC23 18m:13s 0 / 18 0
DC24 18m:00s 0 / 16 0
DC25 18m:00s 0 / 55 0
DC26 12m:14s 0 / 4 0
DC27 45m:24s 0 / 8 0
DC28 41m:48s 0 / 4 0
DC29 46m:36s 0 / 20 0
DC30 39m:40s 0 / 8 0
DC31 42m:15s 0 / 8 0
DC32 44m:07s 0 / 8 0
DC33 44m:07s 0 / 8 0
DC34 41m:26s 0 / 8 0
DC35 38m:28s 0 / 8 0
DC36 38m:49s 0 / 4 0
DC37 39m:23s 0 / 4 0
DC38 39m:17s 0 / 8 0
DC39 47m:25s 0 / 4 0
DC40 42m:31s 0 / 8 0
DC41 37m:49s 0 / 8 0
DC42 44m:46s 0 / 4 0

Destination DSA largest delta fails/total %% error
DC01 40m:09s 0 / 14 0
DC02 43m:48s 0 / 11 0
DC03 05m:56s 0 / 4 0
DC04 45m:28s 0 / 4 0
DC05 35m:12s 0 / 8 0
DC06 16m:47s 0 / 15 0
DC07 46m:41s 0 / 4 0
DC08 47m:24s 0 / 4 0
DC09 46m:00s 0 / 8 0
DC10 14m:08s 0 / 15 0
DC11 04m:03s 0 / 19 0
DC12 10m:17s 0 / 15 0
DC13 18m:32s 0 / 18 0
DC14 10m:23s 0 / 15 0
DC15 40m:03s 0 / 8 0
DC16 41m:23s 0 / 4 0
DC17 09m:41s 0 / 20 0
DC18 18m:19s 0 / 15 0
DC19 06m:34s 0 / 27 0
DC20 06m:55s 0 / 18 0
DC21 08m:13s 0 / 12 0
DC22 12m:43s 0 / 63 0
DC23 17m:58s 0 / 8 0
DC24 42m:04s 0 / 8 0
DC25 45m:40s 0 / 4 0
DC26 39m:48s 0 / 12 0
DC27 42m:32s 0 / 16 0
DC28 37m:14s 0 / 8 0
DC29 41m:26s 0 / 8 0
DC30 39m:09s 0 / 12 0
DC31 44m:23s 0 / 11 0
DC32 39m:08s 0 / 4 0
DC33 38m:32s 0 / 8 0
DC34 39m:32s 0 / 4 0
DC35 39m:33s 0 / 8 0
DC36 44m:36s 0 / 4 0
DC37 47m:42s 0 / 8 0
DC38 46m:51s 0 / 8 0
DC39 37m:54s 0 / 4 0



windows-serverwindows-active-directorywindows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

No, it will simply sync all the domain controllers.

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered Yankee30 commented

There's no reason or need to do so if that's what you're asking. Intra-site replication happens automatically approximately every 15 minutes.

--please don't forget to Accept as answer if the reply is helpful--


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Lets say I do run a /APeD on a fresh new DC even though you saying it’s not required. Will that cause any problem?

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered Yankee30 commented

/A Synchronizes all naming contexts that are held on the home server
/P Pushes changes outward from the specified domain controller
/e Synchronizes domain controllers across all sites in the enterprise. By default, this command does not synchronize domain controllers in other sites
/d Identifies servers by distinguished name in messages

but not necessary to do.


--please don't forget to Accept as answer if the reply is helpful--


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Well yeah I already read what the switches do but would it be wise to run /APeD on a fresh DC since that switch pushes the replication from newly installed DC to other DC’s ? Will that do any harm ?

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered Yankee30 commented

So before moving the roles, is the list what I shared is correct or shall I be looking for something else as well ?

I'd confirm the domain general health again.

Also if I run repadmin /syncall /APeD on a fresh DC -DC02, wouldn’t that do a push replication to other existing DC’s ? which per my understanding this being a new DC shouldn’t be the one pushing but use the default pull replication from other DC’s which is repadmin /syncall /AeD ? Correct me if I’m wrong?

This is not necessary to do, doesn't work like that anyway. If you just wait 5 minutes or so replication update would happen automatically.


--please don't forget to Accept as answer if the reply is helpful--





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

If you don’t mind explaining how these will behave running on a fresh DC ?

repadmin /syncall /APeD
repadmin /syncall /AeD

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered Yankee30 commented

Hi,
"I need to understand if these are the valid parameters to check against and confirm if the replication for new DC is completed," you can run the following command:
Repadmin /syncall /APeD
98390-52113.jpg
Don't forget to use the following command to confirm the status of the new DC.
Dcdiag /v >c:\dcdiag1.log


52113.jpg (167.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks but wouldn’t running repadmin /syncall /APeD on a fresh DC will do a push replication to other existing DC’s ? which per my understanding this being a new DC shouldn’t be the one pushing but use the default pull replication from other DC’s which is repadmin /syncall /AeD ?

Please correct me if I’m wrong.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered Yankee30 commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt

then put unzipped text files up on OneDrive and share a link.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks but I rather want to understand the things I should be looking for in the report myself. As I soon will be creating a new ADC(win2019) -DC02 and move FSMO roles on it from current DC(win2008)-DC01.
Demote 2008 DC, Build DC01 as well with Win2019 and move back the FSMO roles on it.

So before moving the roles, is the list what I shared is correct or shall I be looking for something else as well ?

Also if I run repadmin /syncall /APeD on a fresh DC -DC02, wouldn’t that do a push replication to other existing DC’s ? which per my understanding this being a new DC shouldn’t be the one pushing but use the default pull replication from other DC’s which is repadmin /syncall /AeD ?

Correct me if I’m wrong?
Thanks

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered Yankee30 commented

Basically just check for errors via dcdiag /repadmin tools to confirm domain health. Ping back here if further assistance is needed.

--please don't forget to Accept as answer if the reply is helpful--


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I need to understand if these are the valid parameters to check against and confirm if the replications for new DC is completed coz I want to move FSMO roles on it before which I’d obviously want to confirm if replication is 100% done.

0 Votes 0 ·