REPADMIN is the main utility Active Directory administrators use for checking replication. It’s very powerful and can provide a ton of insight about what’s going on between your domain controllers as they merrily pass those little objects and attributes amongst each other. However, as any less-than-experienced or part-time AD admin can tell you, there are a number of pain points around working with it:
- It’s huge. REPADMIN has 69 possible commands between its old (deprecated) command set, current ones, and expert “we warned you not to break your AD” advanced ones. And most commands have a stack of switches and parameters. Even the help on how you can specify a list of domain controllers for the command prints out to three pages!
- The syntax is byzantine – even the help is. There are three levels of help within the utility, and the syntax is different for each and can change between the product releases. I mean, who ever heard of /?:<command> ? Oh, and it falls into that special category of command line utilities from hell where if you don’t get the syntax exactly right, it simply spits the general help file back at you with no hint as to what you’ve done wrong. This is clearly a case where a few hours spent by the developer will save thousands of hours administrator’s time across the globe.
- The output is equally complex and takes experience to understand.
- There are few scenario-based examples on how to use the tool – which is the handiest approach. After all, most REPADMIN users are using it to solve a specific problem.
This is okay-ish for dedicated, experienced AD admins; they can impress their geek friends at TEC with their superior knowledge :). But the majority of AD admins in the world aren’t dedicated; they have other things to do as well. (Microsoft’s TAGM – technical audience global marketing – says the majority of IT pros are generalists that have to do many roles.) These people visit REPADMIN occasionally as needed, and can remember two or three commands. They have to look up the rest, either from their own notes, an article, general searching, or trial and error. And there’s so much REPADMIN can do, even the dedicated AD admins can usually find new cool things to do.
After whining about this on a Directory Services MVP conference call with the DS team, I learned that back in 2008 Microsoft published a comprehensive (111-page!) reference document on REPADMIN, including various scenarios. The document is available on Microsoft Downloads at http://bit.ly/16xir3; every AD admin should have a local soft copy they can CTL+F their way through.
It does not include Windows Server 2008 updates, but it’s a huge help to those of us used to squinting at syntax in command prompts.
No comments:
Post a Comment