How Replication Works in Active Directory,how to Troubleshoot.

How Replications works in Active Directory
How to Troubleshoot replication issue in Active Directory

-> As we know there are two types of replication, Intrastate Replications, Inter-site Replication.
-> Intra-site replication will happen between same site and with peers Domain controller, If any changes are made to any object in one DC then it will trigger a replication automatically with its pears as its connected in ring topology ,so at a time it will replicate with one DC,as show in below picture.
How intra site replications works in AD
->Inter-site Replication will happen between different sites,when any changes are made to any domain controller then it will trigger the replication with peers as Intra site replications works, now to replicate between sites we have bridgehead sever (it will get created auto and manually also we can create) which will forward the replication request over SMTP or IP using RPC(protocol) to another sites.we can see in below figure.
how inter site replication works in Active directory

1. What is Replication in Active Directory.
->When we made any changes to any object (such as users, groups, computers, group policy)  then it has to get updated to all across the DCs  ,so that user can access any resource on the network without any issues and it will not create any conflict with another DCs.

2. What is USN (update sequence number ) in Active directory.
-> When we create any object in AD then by default it will be assigned a USN number .When ever we make any changes to objects then USN number will get changed with higher value. Based on USN higher value object get replicated with other DCs and after replication all the DCs will have same USN numbers.USN have 64-bit number in AD.

** If we perform authoritative restore then any object and its USN will have low number compare the other DCs then other DC will reject the object changes in AD.

What is FRS and DFSR in Active Directory.
->FRS (File Replication Service) was  file based replication ,which was used on older version of windows server 2003, new version uses DFSR (distributed file system replication) to replicate the SYSVOL in Active directory.We can Troubleshoot replication replicated issues by going to event viewer ->Applications and services logs->DFs Replications  as shown in below figure. In event viewer we can see exact issues or replication has failed from which server.
We can see the error in below figure ,as it says replication failed from DC1 as host is unreachable,so this is how we use to troubleshoot replication issues. 

DFS replication in active directory

3. Network Ports used in Active Directory replication.

Global Catalog  port- 3268
LDAP port- 389
Kerberos protocol port- UDP port - 88
Domain controller to domain controller- 135
File Replication service between domain controller-138
File replication service- 445
Kerberos Password change-464

3. Command to troubleshoot Replication issues.
->We have inbuilt command to troubleshoot replication issue.
->Repadmin /replsum
->Repadmin /replicate
->Repadmin /showchanges
->Repadmin /showrepl
->Repadmin /syncall
->Repadmin /queue
->Repadmin /Bridgeheads
->repadmin /bind dc1
-> dcdiag

->Explanation of repadmin command:
   ->Repadmin /replicate
    ->it is used to replicate the 2 DCs with each using below syntex:
          -Repadmin /replicate dc2(dest) dc1(soure) dc=domain,dc-com    where DC2 is domain controller name
->Repadmin /replsummary
    ->this command will check the replication summary means it will the replication status for all the servers in domain and if any of the Dc has not replicated then it will show us the error code with dc name.

-> Repadmin /showchanges
   ->it will show us the changes performed by replication like which object string has replicated.

-> Repadmin /syncall
 ->this command is used to pull the replication in domain for all the DCs.

->Repadmin /queue
->this command is used to check the replication status like its completed or any thing is pending to replicate.

->Repadmin /Bridgeheads
  -this command is used to check the bridgeheads server in a site.

-> Repadmin /bind DC(domain controller name)
  -this is used to bind and test the connectivity of DC.

=>Dcdiag is the main diagnostics tool in active directory.
->if we run dcdiag then it will run for all DCs in domain and show us the dc health ,like replication,connective ,role holder issues and once we fix any replication issue ,using dcdiag we can check the status for any error to specific server.
dcdiag /s:dc(dc name) /test:replications
dcdiag /s:dc(dc  name) /test:sysvolcheck

To check DNS settings of any DC
dcdiag /s:dc(dc name) /test:dns
dcdiag /s:dc(dc name) /test:dnsrecordregistration

4. Command to register and deregister dns records.
->Please run below command to affected DCs.
nltest /dsderegdns:server
nltest /dsregdns

How to flush DNS cache using command
cmd -> ipconfig /flushdns
        -> ipconfig /registerdns

5. What is lingering object.
->Active directory object which is not getting replicated with other domain controller is called lingering object. A lingering object is a deleted AD object that re-appears if we have restored a domain controller (DC). This used to happen when the backup was made and object was deleted on another DC more than 180 days ago means object was deleted from tombstone.
->When deleted objected are unable to replicate  with DCs then we need to delete this lingering objects and also we can strict the setting  not to replicate the lingering object by using registry key.

Command to delete Lingering Object

Repadmin /removelingeringobjects

How to check Lingering onbject.
We can check using event viewer or using dcdiag.

6.What is tombstone in Active directory.
->When we delete an object in active directory ,the object will be moved to deleted container in active directory and by default object will be there for 180 days in server 2008 R2 .we can recover deleted object from tombstone but we can not delete object from tombstone,we can modify ,reduce or increase the time to keep the object in tombstone.

->>as part of replication ,Tombstone object will also get replicated to other DCs.

7. What is Authoritative and non Authoritative restore of active directory.

->Authoritative restore of Active Directory:
If we have deleted multiple objects in Active directory such as user organization and containing all the objects which was placed in that OU then we require to perform authoritative restore of active directory to restore the OU including users.
if we will use any LDP or power-shell then it will restore only OU not the deleted objects which was inside OU. and if we want to restore more objects in OU then we need to perform authoritative restore of active directory using backup.
->1st we will restore the domain controller from backup using backup tool or wbadmin command
->if we are doing it using windows backup tool then we will use below command
                         ->Wbadmin get version
                        -> Wbadmin start sysrecovery -version:03/31/2013-09:00 -backupTarget:d:(03/31/2013-09:00 -this is the version which we want to restore)

->once its restored then we need to reboot the server and press F8 key at startup to boot in  Directory Services Restore Mode 
->open run ->cmd
->activate instance ntds
 ->authoritative restore
 ->restore object “cn=Andrew Fitzgerald,OU=London,DC=vmdomain,DC=local”

=>When we restore active directory from backup then all the restored object will come up but when replication will happen ,again all the object will get deleted ad other DCs in domain know that which object was deleted and which object was not using its USN (Update Sequence number) value ,so while performing any type of object restore such as LDP or authoritative restore ,Active directory will change and increase the USN value of deleted object,so when replication happens then this object will not get deleted.

=>Non Authoritative restore of active directory
-> If we are facing issues related to  Active directory database or any operating system then we can perform non authoritative restore of active directory,this procedure is used to restore domain controller from windows backup or any backup tools.
In this case all the object will be also restored but when replications happens again all the object will be marked as deleted because here we are not changing Object USN Value

8. What is User Account Lockout Event ID in AD and how to Troubelshoot.
-> whenever any account gets lockout due to logon failure or wrong password then Event ID -4740 will be generated and using Event ID in Event viewer ,we can check the source machine where the user credentials was failed then we can clear all the stored password from credentials manager,system temp files, IE -cache,Chrome -cache,IF any task is scheduled and at last we require to recreate user profile for repeated issues.

9.What is Urgent Replication in Active directory.
-> When we change any user password or if user account gets locked out the it trigger urgent replication across DCs, so all the details will get updated on urgent basis.

10.What is Event ID for System restart
-> What is Event ID for system restart- 6008
-> Event ID for unexpected system restart /shutdown- 41

11.How to check open and closed ports in Windows using command.
-> There are two methods to check open and closed networks port in windows
->cmd->netstat -a -n
   ->it will show us all the listening port (means open) or established TCP port (means (connected)

->Second methods is telnet
  ->1st we need to install telnet client in windows system from program and features
    -> then cmd-> telnet localhost 25 (25 is port number and localhost is default value-no need  to change)
         ->if you are getting black screen means its open and connected.

                                                     Please click here

No comments:

Post a Comment

Quotes About Love