Replication is bidirectional, occurring both inbound and outbound. Each of these directions can be disabled/enabled indepedently of the other using the Repadmin command. Repadmin is part of the support tools, included on the Windows 2000 and Windows Server 2003 CDs but not installed by default. (Installing them is highly recommended in all situations.)
To disable outbound replication from a particular DC, use this command:
repadmin /options <DC NAME> +DISABLE_OUTBOUND_REPL
Likewise, to disable inbound replication for a particular DC, use this command:
repadmin /options <DC NAME> +DISABLE_INBOUND_REPL
In these commands, we are adding the “DISABLE_OUTBOUND_REPL†or “DISABLE_INBOUND_REPL†flag to the DC, so that running “repadmin /options†will show that flag as an option on the selected DC. To re-enable replication, then, we need to remove the flag using one of the two commands:
repadmin /options <DC NAME> -DISABLE_OUTBOUND_REPL repadmin /options <DC NAME> -DISABLE_INBOUND_REPL
When replication is disabled, warning events 1115 (for disabled outbound replication) or 1113 (for disabled inbound replication) from source NTDS General will be logged in the Directory Service event log during system startup. As far as I am aware, no events are regularly logged during normal operation to indicate that replication is disabled. When replication is re-enabled, informational events 1116 (for outbound replication) and 1114 (for inbound replication) are logged.
When replication is disabled, NTDS KCC warning events (typically with event ID 1265) will be logged; the text of the message will provide information on the specific DCs and naming contexts involved, but the useful information is near the end of the event, where the message states that “The destination/source server is currently rejecting replication requests.†If you see this, make sure that replication is enabled by searching the Directory Service event log for messages indicating that replication has been disabled.
Tags: ActiveDirectory, Microsoft
-
Does disabling Replication also apply to DNS? I have a situation where I need to add a DNS zone. I don’t want users to use this zone until I am finished populating it with all the host records. So essentially, I want to temporarily disable DNS resolution on this server and disable the zone replication until it is completed……
-
Jason,
If the DNS zones are AD-integrated, then yes–disabling AD replication will also disable DNS replication, since the two use the same replication mechanisms in that situation. If DNS is not AD-integrated, then you’ll need to stop the DNS zone transfers in order to prevent DNS information from moving from the master to the slave.
One trick that may help you in this instance is to mass-create all the DNS records at once using dnscmd.exe. Have a look at http://blog.scottlowe.org/2006/06/30/bulk-adding-entries-in-dns/ for more information.
Later,
Scott -
I’m looking for an attribute or registry entry that gives a current status of inbound or outbound replication. I’m creating a little GUI for my “recovery DC” in my lag site so we can just press a button to turn inbound repl off, and then back on, but I can’t find anything. I figured it’d be an attribute somewhere on a site transport or dc in the configuration partition, but can’t seem to find anything. Any help would be much appreciated.
Thanks,
Eric Jansen
-
OK, I guess I was looking a bit too hard. If you type repadmin /options then it gives the current status.
Eric
-
Helped do what I needed! Thanks for the info!
-
the repadmin from windows 2003 verion support tool does not support the /option for diable and enable replications. I have to use repadmin from windows 2000 tool. So how can I disable the replication with 2003 version tool repadmin.exe?
Thanks
-
Is there a way to disable replication for a site for 2-3 weeks? I built a domain controller and site up for a new location and the server is being shipped there now, but all my other DC’s are crying every few minutes to a couple of hours, depending on the events, about not being able to reach it.
I set the replication timer on the site link to 1440 minutes, and the “KCC site generator renewal interval (minutes)” value to 180 minutes, but is there a way to stop replication attempts altogether for a couple of weeks and then turn it back on right before the DC is powered up in the new location?
-
MikeF:
Put the DC that your shipping in it’s own site, and then build a single link to the site with a really long time.
You will still get the errors but only say every 12 hours instead. -
MikeF:
Put the DC that your shipping in it’s own site, and then build a single link to the site with a really long time.
You will still get the errors but only say every 12 hours instead.Plus, be careful that the DC is not offline past tombstone or it will be worthless once you try to bring it back online (because the data will be too stale).
Once had a time sync issue. All my DC’s were a year off. Made the mistake of going go to each one and fixing the date. None of them ever talked to each other again because they were all thinking it had been a year since they talked to each other.
So, my lesson was never move the date more then about 90% of your tombstone time, without the servers replicating.
-
My DC isn’t available (Damaged) any more and i need add new user in additional dc but it keeps give me a message (windows can’t verify the user name is unique ).
and the user can’t log on only after verify the user name is unique).
Site Sponsors
10 comments
Comments feed for this article
Trackback link: http://blog.scottlowe.org/2006/08/02/disabling-ad-replication/trackback/