How can I force Active Directory to replicate changes?

Generally, Active Directory (AD) replication works completely automatically and, due to the way its replication topology works, provides replication with very low latency. However, there might be times when—either as a troubleshooting step or as a workaround to a problem—you need to force AD perform replication.

Having to force replication is a sign of a problem in most instances. You should attempt to fix the problem so that manual replication isn't necessary.

Check the Topology

Before forcing replication, try to perform a quick fix by checking the replication topology. Windows' Support Tools includes Repadmin.exe on domain controllers to help with this. Simply execute

repadmin /showreps servername

to show the replication partners for a designated server (you can omit servername to run the tool against the local computer, if it's a domain controller). If you suspect that one server isn't replicating properly, check its partners. Then verify that each of those partners is functioning and considers the suspect domain controller to be a partner as well.

If the topology seems to be the problem, a quick fix might be to force the Knowledge Consistency Checker (KCC) to regenerate the topology. It could be that you've caught a recent topology problem and that the KCC simply hasn't run yet. Run

repadmin /kcc servername

to force the KCC on the designated domain controller to regenerate its topology. Follow up with

repadmin /showreps servername to see the newly selected replication partners.

For intersite replication issues, determine which domain controller in each affected site (and domain) is acting as the bridgehead server. These will be the only domain controllers in the site with a connection object to a domain controller in another site. If a designated bridgehead domain controller is unavailable or disconnected, the intersite replication will fail. You can check these connections using either repadmin or the Active Directory Sites and Services console.

One potential cause of intersite replication issues is that the intersite topology generator has failed within the last hour, and problems have occurred with the replication topology (such as a designated bridgehead domain controller also failing). AD will correct this problem automatically within about an hour, because it will choose a new topology generator and recalculate the intersite topology.

Why spend all this time worrying about the replication topology? Simple—forcing replication doesn't recalculate the topology. It simply forces AD to replicate using the existing topology; if that topology is flawed, then forcing replication won't solve any problems.

Forcing Replication

The easiest way to force replication is through the Active Directory Sites and Services console. To do so, open the console, and locate the domain controller that you want to replicate. This domain controller will request changes from its replication partners. Locate the connection over which you want to force replication, right-click the connection, and select Replicate Now.

If the domain controller that you want to replicate doesn't have any valid connection objects, you have a replication topology problem. You can provide a quick fix by manually creating a connection object to a known-working domain controller in the same site (if possible) and domain, and forcing replication over that connection.

For additional methods of forcing replication, refer to the Microsoft article "Initiating Replication Between Active Directory Direct Replication Partners."