How-to: Troubleshoot Active Directory Replication Initial check list 1.

Check Directory Service Event Log for error and warning events and follow up accordingly 2. Rule out the obvious problems
o o o o o

Check event logs for any errors Network connectivity Name resolution DNS errors are the most common reason for failed replication Replication topology Replication/Database overload can the server process the replication information in time Kerberose and time stamps

Network Connectivity 1. Use ping and tracert to check connectivity 2. Use telnet < serverip > 389 to confirm LDAP connectivity (port is open if you do NOT get a connection failed message) Name resolution 1. Use ping and nslookup to check if names resolves to the correct addresses 2. Clear the cache on the server(s) and client 3. Examine DNS records for accuracy (include PTR records) 4. DNSLint (http://support.microsoft.com/kb/321046)
o o

To get general dns information = dnslint /d < domain.name > /s <dnsipaddress > To determine whether DNS is causing an Active Directory replication problem among domain controllers in an Active Directory forest = dnslint /ad <dcipaddress > /s <dnsipaddress > To determine whether a particular Active Directory domain controller can resolve all of the DNS records needed to successfully synchronize partition replicas among domain controllers in an Active Directory forest = dnslint /ad /s localhost

5. Continue to check event logs for errors