Back in 2012, I wrote about a nifty tool known as the Active Directory Replication Status Monitor (inevitably shortened to ADREPLSTATUS for efficiency’s sake) and how it was the first Microsoft tool produced in years to make monitoring Active Directory easier.
Then recently Microsoft sort of took it away.
Then, more recently, they gave it back. This is good news, and it’s also a good excuse to talk about this useful tool again.
What is ADREPLSTATUS?
ADREPLSTATUS was created as a solution to a problem that AD admins have been dealing with since Active Directory was released in 2000: replication of AD-related data between domain controllers (DCs) can be complicated, and native tools to monitor and troubleshoot this process have never been particularly user friendly. One of Active Directory’s strengths is that it is an application whose data is spread across multiple DCs. This makes AD highly fault tolerant, as no single DC contains a unique copy of AD data. To make this distributed model work, however, this data must be efficiently replicated between the DCs in a domain or forest. The AD replication model isn’t simple, and it’s prone to breaking if you don’t have everything (for example, DNS) working correctly in your environment. Thus, responsible AD admins try to monitor replication on a regular basis.
When Windows 2000 came out, REPLMON was provided as a graphical tool to display replication status. Though it lacked a number of capabilities, I personally liked it because it taught me how the complexities of replication connections played out in the real world. But that tool fell by the wayside many years ago. For most of Active Directory’s existence, the only out-of-box tool for monitoring replication status has been REPADMIN. REPADMIN is a powerful but complicated command line tool, and it can spit out reams of replication data for you to peruse. If you’ve upgraded your environment to Windows Server 2012 or R2, you can now use PowerShell to pull replication status. The output, of course, is also command line.
But sometimes you just want to sit down at your desk first thing in the morning, coffee cup in hand, and look at a UI for the red warning lights. This is what ADREPLSTATUS will do for you. As you can see from the screenshot below, ADREPLSTATUS lists DCs and the replication connection objects they have established to other DCs, for every directory partition they host. In this case, everything looks good, but if there were any problems you’d see the screen light up with the various colors listed in the legend at the bottom.
From its release until recently, it was a no-cost tool available for download from the Microsoft Download Center. At the end of January, however, the tool was moved to be a part of the Operations Management Suite (OMS) and was no longer available standalone. What is OMS? It’s Microsoft’s cloud-based management solution designed to extend System Center to manage both on-premises environments and cloud assets. Contrary to what many people thought, it was possible to use ADREPLSTATUS at the free account tier of OMS.
The problem is that people didn’t want ADREPLSTATUS tied up into a bigger management suite; they just want a simple tool they can use in their on-premises environment. Another faction found they suddenly couldn’t use the tool in its OMS configuration because their corporate security policy didn’t allow them to send DC data off premises to any cloud service.
Apparently enough IT pros complained, because last week Microsoft reinstated the standalone download of this great little tool from the Download Center. After such a fight to keep it available, the least you can do is download it and try it out!
You can download the Active Directory Replication Status Tool here.
The post Active Directory Replication Status Tool (ADREPLSTATUS) Rises Again appeared first on Semperis.
This is a Security Bloggers Network syndicated blog post authored by Sean Deuby. Read the original post at: Semperis