repadmin command is the Windows Server CLI tool for diagnosing and managing Active Directory replication between domain controllers. It displays topology, status, and errors from any DC.
repadmin /?Use this reference for syntax, flags, examples, and common error resolution. All commands and flags are verified against official Microsoft documentation.
What is repadmin command?
repadmin command is the Windows Server CLI tool to diagnose and manage Active Directory replication between domain controllers, displaying topology, status, and errors from the perspective of any DC.
Syntax
repadmin [/u:{domainuser}] [/pw:{password|*}] [/retry[:<attempts>][:<delay>]] [/csv] <command> [<arguments>]Tested on Windows Server 2019 with Active Directory Domain Services.
Options and Flags
| Flag / Subcommand | Type | Default | Description |
|---|---|---|---|
/u:{domainuser} |
String | Current logged-on user | Alternate domain credentials for remote DC access. |
/pw:{password|*} |
String | Prompt if * used | Password for the user specified with /u. |
/retry[:<attempts>][:<delay>] |
Integer | 3 attempts / 30s delay | Retry failed operations with optional attempts and delay. |
/csv |
Switch | Disabled | Format output as comma-separated values for parsing/import. |
/replsummary |
Command | N/A | Show replication summary across all DCs: largest delta, failure count, percentage. |
/showrepl |
Command | N/A | Display detailed replication topology, partners, and last attempt status. |
/queue |
Command | N/A | Show pending replication tasks in the outbound queue. |
/syncall |
Command | N/A | Force synchronization with all partners; append /AdeP to push changes outbound. |
/replicate |
Command | N/A | Pull a specific naming context from a source DC to a destination DC. |
/errorsonly |
Switch | N/A | Used with /showrepl to display only failed replication attempts. |
/? |
Command | N/A | Display help menu listing all subcommands and global parameters. |
Usage Examples
Example 1: Get overall replication summary
repadmin /replsummaryCollects replication statistics from all domain controllers. Output includes the Source DSA with the largest replication delta (e.g., 05m:32s), the number of failed attempts, and the error code (if any). Run this first to identify problematic DCs before drilling down.
Example 2: Show replication partners and status for a specific DC
repadmin /showrepl dc2.ad.activedirectory.localDisplays the replication topology from dc2 including each partner DC, the last replication attempt time, result (success/failure), and GUID of the naming context. Append /errorsonly to suppress successful entries.
Example 3: Force outbound replication to all partners
repadmin /syncall /AdePForces the local DC to push all pending changes to every replication partner. The A flag includes all naming contexts, d triggers cross-site replication, e forces enterprise-wide, and P pushes (outbound) instead of pulling. Use on a DC that has fallen behind.
Troubleshooting & Common Errors
| Error Message / Code | Root Cause | Resolution Command |
|---|---|---|
0x214c (Windows 2000/2003)Or 0x2145 (later versions) |
Replication partner is unreachable, or the destination DC is not responding. |
Then check network connectivity and firewall rules. |
Source DSA fails/total: 1/5 |
A specific DC has persistent replication failures, often due to lingering objects or time skew. |
Review event logs and consult AD best practices. |
Access Denied or Logon failure |
Insufficient credentials, or /u parameter not specified when targeting a remote DC. |
|
| Queue contains >0 items for extended periods | Network latency or a bottlenecked DC unable to push changes. |
Monitor size; force sync using |
repadmin command — Performance Considerations and Tuning
repadmin is a diagnostic tool; it does not expose performance knobs directly, but its output surfaces replication delays caused by suboptimal system-level parameters. Key tuning targets include RPC buffer size, network MTU, replication timeouts, and batch sizes. According to Microsoft’s Active Directory documentation, the following registry values under HKLMSYSTEMCurrentControlSetServicesNTDSParameters control these:
- RPC Buffer Size –
RpcBufferSize(default 1 MB). Increase if large replication batches trigger error 0x214c (timeout). - Replication Batch Size –
ReplicationBatchSize(default 30 objects). Larger batches reduce overhead but risk timeouts. - Max Concurrent Replication –
ConcurrentReplicationConnections(default 3). Higher parallelism speeds sync but uses more CPU/bandwidth. - Timeouts –
RPC Replication Timeout(default 120 s). Adjust viaRpcReplicationTimeout. - MTU – Not registry; configure via
netsh int ipv4 set subinterface; repadmin’s/replsummaryreveals jumbo‑frame issues as frequent failures.
Use repadmin commands to surface performance indicators:
repadmin /replsummary
repadmin /showrepl
repadmin /syncall /AdeP # Force push with parallelismThe /replsummary command shows total failures and largest replication delta. A high failure count often points to buffer or timeout tuning. The error code 0x214c in output correlates with insufficient RPC buffer size or MTU fragmentation. The /syncall with /P flag activates push replication; parallelism is implicitly controlled by the registry key ConcurrentReplicationConnections. Always test changes against a single domain controller first, monitoring with /showrepl to verify latency reduction.
Multi-Cloud Comparison
| Feature | repadmin command | Equivalent in AWS / Azure / GCP |
|---|---|---|
| Check replication health summary | repadmin /replsummary |
Azure: Get-ADReplicationPartnerMetadata (PowerShell); AWS Managed AD: Console → Directory → Replication status; GCP: No native AD equivalent. |
| View detailed replication topology | repadmin /showrepl |
Azure AD Connect: Get-ADSyncConnector; AWS: Use AWS Directory Service API DescribeTrusts; GCP: N/A. |
| Force replication | repadmin /syncall /AdeP |
Azure: Sync-ADSyncCycle; AWS: Replication is automatic; manual trigger not supported via CLI. |
| Show replication queue | repadmin /queue |
Azure: Event Viewer logs; AWS: CloudWatch logs; GCP: N/A. |
Note: Cloud platforms do not expose an identical replication diagnostic tool. The commands listed are the closest functional equivalents for on-premises AD or cloud-based directory services.
Frequently Asked Questions
What is the difference between the /replicate and /syncall commands in repadmin?
Answer: /replicate triggers immediate asynchronous replication of a single naming context from source to destination DC.
/replicate is granular per naming context and does not wait for completion. /syncall is a blocking, comprehensive sync. Use /replicate for targeted troubleshooting, /syncall for end-to-end consistency checks. Example syntax:
repadmin /replicate dest-DC source-DC "DC=domain,DC=com"
repadmin /syncall dest-DC /AdePWhen should I use the /dormancy flag with repadmin /showrepl?
Answer: Use /dormancy to identify replication connections that have not been used within a configurable threshold, revealing stale or failed link.
The /dormancy flag outputs how many hours since the last successful replication for each connection. Default threshold is 120 hours; override with /dormancy:N. Ideal for proactive monitoring. Command:
repadmin /showrepl * /dormancy:48How do I fix error 8451 (ERROR_DS_DRA_SYNC_INTERNAL) when running repadmin /syncall?
Answer: Error 8451 indicates database inconsistency.
First, stop the NTDS service, run ntdsutil to compact or fix the database, then restart service and trigger sync:
ntdsutil
activate instance ntds
files
compact to C:temp
integrity
quit
quit
net stop ntds
net start ntds
repadmin /syncall /AdePDoes repadmin work on Windows Server Core installations?
Answer: Yes, repadmin.
Server Core includes the same repadmin binary as GUI versions. No graphical dependencies exist. Commands like repadmin /showrepl * /csv work exactly as on full Windows Server. No compatibility limitations for cloud environments like AWS EC2 or Azure VMs running Server Core.
What is the fastest way to diagnose replication issues across multiple domain controllers using repadmin?
Answer: Use repadmin /showrepl * /csv to export all DC replication status to CSV, then analyze with PowerShell to identify failures, latency, and.
This method avoids parsing verbose output per DC. Sample PowerShell pipeline:
repadmin /showrepl * /csv | Select-String -Pattern "FAIL" | ConvertFrom-Csv
repadmin /showrepl * /csv | ConvertFrom-Csv | Where-Object {$_.'Last Success' -lt (Get-Date).AddHours(-24)}
Command Line Expert & Software Engineer
Welcome! I’m Thomas Heinrich, a software engineer and system administrator with a deep passion for the Command Line Interface (CLI). With years of experience navigating the terminal, building backend architectures, and automating server deployments, I created this space to share practical, real-world terminal knowledge.
Whether you are a beginner taking your first steps in a Linux environment or a seasoned DevOps engineer looking to optimize your deployment scripts, you will find actionable solutions here. My goal is to help you ditch the mouse, speed up your workflow, and harness the full power of the command line.