AD Replications Test

Replication is the process by which the changes that are made on one domain controller are synchronized with all other domain controllers in the domain that store copies of the same information or replica. Given the various types of information that Active Directory can store, changes to Active Directory can swiftly accumulate across multiple domain controllers in a large organization. It is therefore necessary for Windows to frequently synchronize the domain controllers through the replication process. If replication fails, it causes Active Directory objects that represent the replication topology, replication schedule, domain controllers, users, computers, passwords, security groups, group memberships, and Group Policy to be inconsistent between domain controllers. Directory inconsistency causes either operational failures or inconsistent results, depending on the domain controller that is contacted for the operation at hand.

To avoid such inconsistencies, its best to capture failures promptly, isolate the source of failures, and fix them, The AD Replications test aids in this regard. This test closely monitors the replication activities on the domain controller and promptly reports replication failures, so that administrators can investigate such failures, discover the reasons for the same, fix them, and restore normalcy.

Target of the test : An Active Directory or Domain Controller on Windows

Agent deploying the test : An internal agent

Outputs of the test : One set of results for every Active Directory server being monitored

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.


The IP address of the machine where the Active Directory is installed.


The port number through which the Active Directory communicates. The default port number is 389.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Replication failures

Indicates the number of replication failures in the target domain controller.


Ideally, the value of this measure should be low.

Total replications

Indicates the number of replication successes in the target domain controller.



Percent replication failures

Indicates the percentage of replication failures in the target domain controller.


Ideally, the value of this measure should be low. A high value is indicative of too many replication failures.

Active Directory replication problems can have several different sources. For example, Domain Name System (DNS) problems, networking issues, or security problems can all cause Active Directory replication to fail.

  • Network connectivity: The network connection might be unavailable or network settings are not configured properly.
  • Name resolution: DNS misconfigurations are a common cause for replication failures.
  • Authentication and authorization: Authentication and authorization problems cause "Access denied" errors when a domain controller tries to connect to its replication partner.
  • Directory database (store): The directory database might not be able to process transactions fast enough to keep up with replication timeouts.
  • Replication engine: If intersite replication schedules are too short, replication queues might be too large to process in the time that is required by the outbound replication schedule. In this case, replication of some changes can be stalled indefinitely — potentially, long enough to exceed the tombstone lifetime.
  • Replication topology: Domain controllers must have intersite links in Active Directory that map to real wide area network (WAN) or virtual private network (VPN) connections. If you create objects in Active Directory for the replication topology that are not supported by the actual site topology of your network, replication that requires the misconfigured topology fails.