Skip to main content

How to Check Active Directory Replication Status in Batch Script

For any network that relies on Active Directory, replication is the single most critical process. It ensures that changes made on one Domain Controller (DC), like a user password reset or a new group policy, are synchronized to all other DCs. A failure in replication can lead to authentication issues, inconsistent policy application, and a host of other problems. The standard command-line tool for diagnosing AD replication is repadmin.exe.

This guide will teach you how to use repadmin from a batch script to get a high-level summary of the replication health of your entire Active Directory forest. You will learn how to parse its output to programmatically detect failures, a crucial task for any automated monitoring or daily health check script.

Prerequisites: Getting the repadmin Tool

This is the most important first step. The repadmin.exe command is not installed by default on Windows client operating systems (like Windows 10/11) or on servers that are not Domain Controllers. It is part of the Remote Server Administration Tools (RSAT).

To install it on Windows 10/11:

  1. Go to Settings -> Apps -> Optional features.
  2. Click View features or Add a feature.
  3. Search for and install RSAT: Active Directory Domain Services and Lightweight Directory Services Tools.

Your script should be run from a domain-joined machine.

The Core Command: repadmin

repadmin.exe (Replication Administrator) is the definitive command-line tool for all tasks related to Active Directory replication. It can be used to view status, troubleshoot issues, and even force replication events. This is a powerful tool that requires a good understanding of AD concepts.

The Key Command for Scripting: repadmin /replsummary

While repadmin has dozens of options, the single most useful command for a high-level, automated check is /replsummary. This command contacts all Domain Controllers in the forest and provides a concise summary of their inbound replication status.

Syntax: repadmin /replsummary

The output is a table showing each DC, the time since its last successful replication ("largest delta"), and, most importantly, the number of failed replication attempts.

Basic Example: Displaying the Replication Summary

Running this command in a command prompt on a domain-joined machine (with RSAT installed) will give you an instant health check.

@ECHO OFF
ECHO --- Active Directory Replication Summary ---
ECHO.
repadmin /replsummary

The output is a clear, human-readable table. The key columns are Fails, Total, and Error.

Replication Summary Start Time: 2023-10-27 19:30:15

Beginning data collection for replication summary, this may take awhile:
...
Source DSA          largest delta    fails/total %%   error
 DC-01               03h:15m:10s    0 /   5    0
 DC-02               02h:10m:05s    0 /   5    0
 DC-03 (unavailable)                           1068 (0x42c) The dependency service or group failed to start.


Destination DSA     largest delta    fails/total %%   error
 DC-01               02h:10m:05s    0 /   5    0
 DC-02               03h:15m:10s    0 /   5    0

How to Capture and Analyze the Results in a Script

For automation, we need to programmatically check for failures. The easiest way is to parse the output of repadmin /replsummary and look for a non-zero value in the "fails" column.

@ECHO OFF
SET "ReplicationErrors=0"

ECHO --- Analyzing Replication Status ---

REM 'skip=3' ignores the header lines. 'tokens=3' gets the 3rd column ("fails/total").
FOR /F "skip=3 tokens=3" %%F IN ('repadmin /replsummary') DO (
    REM The token will be in the format "fails/total", e.g., "0/5" or "1/5".
    REM We split it again by the "/" to get just the "fails" number.
    FOR /F "tokens=1 delims=/" %%N IN ("%%F") DO (
        IF %%N GTR 0 (
            ECHO [FAILURE] A replication error was detected!
            SET "ReplicationErrors=1"
        )
    )
)

ECHO.
IF %ReplicationErrors% EQU 1 (
    ECHO One or more Domain Controllers are reporting replication failures.
) ELSE (
    ECHO [SUCCESS] No replication failures were detected.
)

Common Pitfalls and How to Solve Them

Problem: 'repadmin' is not recognized...

This is the most common issue. It means the repadmin.exe tool is not installed or not in the system's PATH.

Solution: Install the RSAT for Active Directory as described above. A robust script should always check if the command exists before trying to run it.

WHERE repadmin > NUL 2> NUL
IF %ERRORLEVEL% NEQ 0 (
    ECHO [ERROR] repadmin.exe not found. Please install the RSAT for AD DS.
    GOTO :EOF
)

Problem: The Script Needs Domain Privileges

repadmin needs to communicate with Domain Controllers.

Solution: The script must be run on a domain-joined computer and under the context of a domain user account. Standard Domain User permissions are sufficient to read the replication summary.

Practical Example: A Daily Replication Health Check Script

This script is designed to be run as a scheduled task. It checks for the existence of repadmin, runs the summary, and logs a simple success or failure message.

@ECHO OFF
SETLOCAL
SET "LOG_FILE=C:\Logs\AD_Replication_Health.log"
SET "ErrorFlag=0"

ECHO %DATE% %TIME% - Starting AD Replication Check >> "%LOG_FILE%"

REM --- Prerequisite Check ---
WHERE repadmin > NUL 2> NUL
IF %ERRORLEVEL% NEQ 0 (
    ECHO %DATE% %TIME% - [FAILURE] repadmin.exe not found. >> "%LOG_FILE%"
    GOTO :End
)

REM --- The Main Logic ---
FOR /F "skip=3 tokens=3" %%F IN ('repadmin /replsummary') DO (
    FOR /F "tokens=1 delims=/" %%N IN ("%%F") DO (
        IF %%N GTR 0 SET "ErrorFlag=1"
    )
)

IF %ErrorFlag% EQU 1 (
    ECHO %DATE% %TIME% - [FAILURE] One or more replication errors were detected. >> "%LOG_FILE%"
    REM Optionally, save the full report for analysis.
    repadmin /replsummary >> "%LOG_FILE%"
) ELSE (
    ECHO %DATE% %TIME% - [SUCCESS] No replication errors detected. >> "%LOG_FILE%"
)

:End
ENDLOCAL

Conclusion

The repadmin command is the essential tool for monitoring and diagnosing Active Directory replication.

Key takeaways for using it in a batch script:

  • The repadmin /replsummary command provides the best high-level overview for automation.
  • Ensure the RSAT for Active Directory tools are installed on the machine running the script.
  • The script must be run on a domain-joined machine as a domain user.
  • Use a FOR /F loop to parse the output, specifically looking for non-zero values in the "fails" column to detect errors programmatically.

Table of Contents