Repadmin Requirements, Syntax, and Parameter Descriptions

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

You can use the repadmin command to perform replication tasks and to manage and modify the replication topology, force replication events, and display replication metadata and up-to-dateness vectors. This topic covers:

  • System requirements

  • File requirements

  • Repadmin command-line options

  • Repadmin subcommands

  • Repadmin /listhelp

  • CSV format

System requirements

The following are the system requirements for repadmin:

  • Windows XP Professional, Windows Vista®, Windows Server 2003, or Windows Server 2008

  • Administrator rights on the domain controller:

    • Required replication rights can be delegated

    • Some commands do not require Administrator rights

File requirements

Repadmin.exe is included in the Windows Server 2003 Service Pack 1 (SP1) Support tools. You must install the Support tools before you can use them. For more information about how to install the Support tools, see Windows Server 2003 SP1 Support Tools in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkID=44321).

To obtain the Support tools if you do not have the Windows Server 2003 operating system disc, see Windows Server 2003 SP1 32-bit Support Tools on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkID=70775).

Previous versions of repadmin have similar functionality, but they have some limitations regarding the workstations that they can be run on and which functions they can perform. The following table lists the versions of repadmin, which operating systems they can be run on, and which domain controllers they can target.

Version

Client operating system

Target operating system

Important feature sets

Windows 2000

Windows 2000 and later

All Active Directory versions

/sync

/propcheck

/showreps

/showvector

/showmeta

Windows Server 2003

Windows XP Professional and Windows Server 2003

All Active Directory versions

/notifyopt

/replsummary

/replicate

/replsingleobj

/removelingeringobjects

/rehost and /unhost

/showmsg

/showattr

/syncall

/viewlist

DC_LIST

Windows Server 2003 with SP 1

Windows XP Professional and Windows Server 2003

All Active Directory versions

Rehost requires Windows 2000 Server SP4 and later

Remove lingering objects requires Windows Server 2003

/showbackup

/rehost bug fix

/regkey

Active Directory Application Mode (ADAM)

Windows XP Professional and Windows Server 2003

All Active Directory versions

/setattr

/listhelp

Deprecated subcommands (from Windows 2000 Server)

Equivalent or improved subcommands in Windows Server 2003

/sync

/propcheck

/showreps

/showvector

/showmeta

/repl or /replicate

/showchanges

/showrepl

/showutdvec

/showobjmeta

Repadmin command-line options

Repadmin is executed at the command prompt, and it contains several subcommands, which are described in detail in the following section.

Syntax

repadmin <subcommand> [<dsa>] [/u: <UserName>] [/pw: {<Password> | *}] [/rpc] [/ldap] [/homeserver: <dsaname>]

Parameters

Parameter

Description

<subcommand>

One of the repadmin subcommands that is described in the subcommands section.

<Dsa>

Directory System Agent (DSA) represents the domain controller to be targeted by the repadmin subcommand.

Not all repadmin subcommands require the dsa parameter

Type repadmin /listhelp at the command line for additional information about the dsa parameter.

/u:<UserName>

Specifies the account name to use for binding to the directory. By default, /u uses the account name with which the user is currently logged on. You can use any of the following formats to specify an account name:

  • account name (for example, Bob)

  • domain\account name (for example, contoso\Bob)

  • user principal name (UPN) (for example, Bob@contoso.com)

/pw {<Password> | *}

Specifies the password to use for authentication. If you type *, you are prompted for a password.

/rpc

Forces repadmin to communicate by using a remote procedure call (RPC) session.

/ldap

Forces repadmin to communicate by using a Lightweight Directory Access Protocol (LDAP) session. If LDAP communication fails, repadmin attempts to communicate by using RPC. LDAP is the default communication method for repadmin.

/homeserver:<dsaname>

Forces repadmin to run against a specific domain controller, which is determined by the forest membership of the directory server that is represented by <dsaname>.

You can specify <dsaname> in the following formats:

<Computername>, <Dnsname>, <Dsaguid>, *, ., “site:<site>”, “fsmo_dnm:”, or “fsmo_schema:”.

Repadmin subcommands

Subcommand

Syntax and description

bind

repadmin /bind [dsa]

Connects to and displays the replication features for a directory server.

bridgeheads

repadmin /bridgeheads [dsa]

Lists the directory servers that act as bridgehead servers for a specified site.

checkprop

repadmin /checkprop [dsa] Naming ContextOriginatingDCInvocationIDOriginatingUSN

Compares the properties of specified directory servers to determine if they are up to date with each other. The source directory server contains the original information that must be checked. The data on the destination directory server is compared to the data on the source directory server.

dsaguid

repadmin /dsaguid [dsa] [GUID]

Returns a server name when given a globally unique identifier (GUID).

failcache

repadmin /failcache [dsa]

Displays a list of failed replication links that are detected by the Knowledge Consistency Checker (KCC).

istg

repadmin /istg [dsa] [/verbose]

Returns the computer name of the Intersite Topology Generator (ISTG) server for a specified site.

kcc

repadmin /kcc [dsa] [/async]

Forces KCC to calculate replication topology for a specified directory server. By default, this calculation occurs every 15 minutes.

latency

repadmin /latency [dsa] [/verbose]

Displays the amount of time between replications, by using the ISTG Keep Alive time stamp. The ISTG Keep Alive time stamp is not used in forests that are set to the Windows Server 2003 forest functional level. Instead, in those environments, use repadmin /showutdvec /latency.

notifyopt

repadmin /notifyopt [dsa] Naming Context [/first:Value] [/subs:Value]

Displays or sets the notification timing settings for replication of a specified directory partition.

queue

repadmin /queue [dsa]

Displays tasks that are waiting in the replication queue.

prp

Repadmin /prp [operation] RODC [additional arguments]

Displays or modified the Password Replication Policy for a read-only domain controller (RODC).

This command is available only for versions of Repadmin that are included in Windows Server 2008, Windows Server 2008 R2, or Remote Server Administration Tools.

The operation can be view, add, delete, or move. For view, add, and delete, RODC can be either RODC_Name or *. For move, RODC must be RODC_name.

querysites

repadmin /querysites FromSiteRDNToSite1RDN [ToSite2RDN...]

Uses routing information to determine the cost of a route from a specified site to another specified site or sites. The querysites parameter does not allow the use of alternate credentials. The relative distinguished names that are used in this command are case sensitive.

replicate

Syntax 1

repadmin /replicate destination_dsasource_dsa [/force] [/async] [/full] [/addref]

Syntax 2

repadmin /replicate destination_dsa [/force] [/async] [/full] [/addref] /allsources

Starts a replication event for the specified directory partition between the source and destination directory servers. You can determine the source GUID when you view the replication partners by using showrepl.

replsingleobj

repadmin /replsingleobject dsaDsaSourceGUIDObjectDN

Replicates a single object between any two directory servers that have partitions in common. The two directory servers do not have a replication agreement. You can show replication agreements by using the repadmin /showrepl command.

replsummary

repadmin /replsummary [dsa] [/bysrc] [/bydest] [/errorsonly][/sort:{delta|partners|failures|error|percent}]

Summarizes the replication state and relative health of an Active Directory forest.

rodcpwdrepl

repadmin /rodcpwdrepl [DSA_list] Hub DCUser1 DN [User2 DNUser3 DN]

Triggers replication of passwords for the specified users from the source Hub DC to one or more RODCs.

This command is available only for versions of Repadmin that are included in Windows Server 2008, Windows Server 2008 R2, or Remote Server Administration Tools.

showattr

repadmin /showattr dsa [OBJ_LIST] [OBJ_LIST_OPTIONS] [/attr|/attrs: attributeattribute ...] [/allvalues] [/long] [/nolongblob] [/nolongblob] [/nolongfriendly] [/dumpallblob]

The /showattr operation displays the attributes and contents of an object.

showcert

repadmin /showcert dsa

Displays the certificates (used with Simple Mail Transfer Protocol (SMTP)–based replication) that are loaded on a specified directory server.

showchanges

Syntax 1

repadmin /showchanges source_dsaNaming Context [/cookie: File] [/atts: attribute1,attribute2,...]

Syntax 2

repadmin /showchanges dest_dsaSourcedsaObjectGUIDNaming Context [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts: attribute1,attribute2,...] [/filter: ldap filter]

Displays changes from a specified directory partition or changes to a specified object. "Syntax 1" saves changes to a directory partition. If this information is saved to a file, you can run the getchanges operation again for comparison. "Syntax 2" lists changes to a specified object. For this command to run properly, the account under which the command is run must possess the replication get changes right on the specified directory partition.

showconn

repadmin /showconn [dsa] [ServerRDN | ContainerDN | dsa_GUID] [/From:ServerRDN] [/intersite]

Displays the connection objects for a specified directory server. The default is local site.

showctx

repadmin /showctx [dsa] [/nocache]

Displays a list of computers that have opened sessions with a specified directory server.

showism

repadmin /showism [TransportDN] [/verbose]

Queries the Intersite Messaging Service (ISM) for site routes. This operation cannot be executed remotely.

showmsg

repadmin /showmsg {Win32Error | DSEventID | NTDSMSG}

Displays the error message for a given error number.

showncsig

repadmin /showncsig [dsa]

Each directory server maintains a directory partition signature list. This command displays a list of the removed application partition GUIDs. You can configure an application directory partition to be held or not held on a particular directory server by using ntdsutil (for Active Directory).

showobjmeta

repadmin /showobjmeta [dsa] ObjectDN [/nocache] [/linked]

Displays the replication metadata for a specified object that is stored in the directory, including attribute ID, version number, originating and local update sequence number (USN), and originating server's GUID and Date and Time stamp. When you compare the replication metadata for the same object on different directory servers, you can determine whether replication has occurred.

showoutcalls

repadmin /showoutcalls [dsa]

Displays calls that have been made by the specified directory server to other directory servers but not yet answered.

showproxy

Syntax 1

repadmin /showproxy [dsa] [Naming Context] [matchstring]

Syntax 2

repadmin /showproxy [dsa] [ObjectDN] [matchstring] /movedobject

Lists cross-domain move proxy objects. When an object is moved from one domain to another, a marker remains in the original domain. This marker is called a proxy.

showrepl

repadmin /showrepl [dsa] [SourceDCObjectGUID] [Naming Context] [/verbose] [/nocache] [/repsto] [/conn] [/csv] [/all] [/errorsonly] [/intersite]

Displays replication information. Inbound replica links are displayed by default. Outbound links can also be shown, as well as connections corresponding to those links. The command also displays errors that correspond to replica links that cannot be created by KCC. This helps an administrator build a visual representation of the replication topology and see the role of each directory server in the replication process.

showcig

repadmin /showsig [dsa]

Displays the retired invocation IDs on a directory server. A directory server changes its invocation ID when it is restored or when it rehosts an application partition.

showtime

repadmin /showtime [DSTimeValue]

Converts a directory service time value to string format for both the local and the UTC time zones.

showtrust

repadmin /showtrust [dsa]

Lists all Active Directory domains that are trusted by a specified Active Directory domain.

showutdvec

repadmin /showutdvec dsaNaming Context [/nocache] [/latency]

Displays the highest USN for the specified directory server. This information shows how up to date a replica is with its replication partners.

showvalue

repadmin /showvalue [dsa] ObjectDN [AttributeName] [ValueDN] [/nocache]

Displays the values of the type, last modified time, originating directory server, and distinguished name of a specified object.

syncall

repadmin /syncall dsa [Naming Context] [Flags]

Synchronizes a specified directory server with all replication partners. This command contains several subcommands, which are described in the usage scenarios.

By default, if no directory partition is provided in the NamingContext parameter, the command performs its operations on the configuration directory partition.

viewlist

repadmin /viewlist [dsa] [OBJ_LIST]

Displays a list of directory servers.

oldhelp

Displays a list of the operations that have been deprecated in this version of repadmin.

Repadmin /listhelp

Arguments

Values

Description

DC_LIST

“*”

All domain controllers in the enterprise

DC_Name

See under DC_NAME argument

Part-server_name*

Would pick "part_server_name_dc_01" and "part_server_name_dc_02" but not server "part_server_diff_name".

Site:site_name

All domain controllers in the specified site.

Gc:

All global catalog servers in the enterprise.

Fsmo_fsmo_type:fsmo_dn

See under FSMO_TYPE

FSMO_TYPE

Types of operations master (also known as flexible single master operations or FSMO) role holders require different base distinguished names or relative distinguished names.

Fsmo_dnm:

Enterprise-wide FSMO; does not take any distinguished name (also known as DN).

Fsmo_schema:

Enterprise-wide FSMO; does not take any distinguished name.

Fsmo_pdc:

Domain-specific FSMO; takes the distinguished name of the domain that the user specifies.

Fsmo_rid:

Domain-specific FSMO; takes the distinguished name of the domain that the user specifies.

Fsmo_im:

Domain-specific FSMO; takes the distinguished name of the domain that the user specifies.

Fsmo_istg:

Site-specific quasi-FSMO; takes the relative distinguished name of the site.

DC_NAME

“.”

Tells repadmin to try to pick a domain controller for you.

Server_dns

Specifies a server by DNS.

Dc_dsa_guid

Specifies a specific server by its Directory System Agent (DSA) GUID.

Server_obj_rdn

Specifies a server by its server object relative distinguished name (usually the same as its NetBios name).

Dsa_dn

Specifies a server by the distinguished name of its DSA object.

OBJ_LIST

Ncobj:NC_NAME

Specifies the use of the distinguished name of NC Head that is specified in NC_NAME.

Dsaobj:

Specifies the use of the distinguished name of the DSA that repadmin is connected to.

NC_NAME

Config:

Configuration directory partition.

Schema:

Schema directory partition.

Domain:

Domain directory partition for the domain of the domain controller that repadmin is running against.

OBJ_LIST OPTIONS

{/onelevel | /subtree} /filter:{ldap_filter}

With these options, you can use the showattr and viewlist commands to cover a list of objects, instead of just a single object.

CSV format

The output that repadmin /showrepl returns can be difficult to navigate when you are troubleshooting replication errors or viewing replication topology in a large enterprise. There is a new feature (/CSV) that you can use to force /showrepl output to print in a tightly constrained comma-separated-value (CSV) format for programmatic manipulation or quick import and correlation in Excel.

The CSV format is also an effective way to exchange repadmin outputs because it is not prone to user errors.

To generate output as a .csv (comma-delimited) file, perform the following steps:

  1. Open a command prompt, type the following command, and then press ENTER:

    repadmin /showrepl <DC_NAME> /csv > Repl.csv

  2. Open Repl.csv, and then delete or hide column A and both RPC and SMTP columns.

  3. Select row 2. Click View, and then click Freeze Panes.

  4. Highlight the column heading row. Click Data, point to Filter, and then click AutoFilter.

  5. Click the drop-down arrow to display replication status based on your situation.

CSV formatted output