Event ID 1699 — Replication Change List Creation
Applies To: Windows Server 2008
.jpg)
Each domain controller periodically generates a list of changes that were made to the Active Directory database. These changes represent the information that must be replicated to other domain controllers to keep the database consistent. If the change list cannot be generated, changes cannot be communicated to other domain controllers and the database will not be consistent.
Event Details
| Product: | Windows Operating System |
| ID: | 1699 |
| Source: | Microsoft-Windows-ActiveDirectory_DomainService |
| Version: | 6.0 |
| Symbolic Name: | DIRLOG_DRA_GETCHANGES_FAILED |
| Message: | This directory service failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send change requests to the directory service at the following network address. Directory partition: %1 Network address: %2 Extended request code: %4 Additional Data Error value: %5 %3 |
Resolve
Check password replication policy or seek additional information
This event is reported on a writeable domain controller that is a replication partner of a read-only domain controller (RODC). The event occurs when the RODC attempts to replicate an object’s password that is denied by the Password Replication Policy (PRP).
If you see a large number of entries for Event ID 1699 in the Directory Service log, a software update may be necessary to resolve the issue. For more information, see article 953392 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=150337).
Review the PRP to determine whether the object should be prevented from replicating its password. If you want the account object’s password to be replicated, you can allow password replication in the PRP. If you do not want the account object’s password to be replicated, expect this event to occur and ignore it for any object that is not allowed to replicate its password through the RODC. For instructions for managing the PRP, see Password Replication Policy Administration (https://go.microsoft.com/fwlink/?LinkId=129064).
If you determine that this event was not generated by an RODC requesting replication for an object that is not allowed to replicate its account password , there should be other errors in Event Viewer that indicate the error condition and resolution.
For information about resolving replication issues, see Troubleshooting Active Directory Replication Problems (https://go.microsoft.com/fwlink/?LinkID=93582).
Verify
Perform the following procedure using the domain controller from which you want to verify that Active Directory replication is functioning properly.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To verify that Active Directory replication is functioning properly:
- Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Run the command repadmin /showrepl /repsto. This command displays the status reports on all outbound replication links for the domain controller. Active Directory replication is functioning properly on that domain controller if all status messages report that the last replication attempt was successful.
If there are any indications of failure or error in the status report following the last replication attempt, Active Directory replication on the domain controller is not functioning properly. If the repadmin command reports that replication was delayed for a normal reason, wait and try repadmin again in a few minutes.