repadmin.exe NT5DS 6df0b6aa5a105d1051fdd05e60c96287

File info

File name: repadmin.exe.mui
Size: 215040 byte
MD5: 6df0b6aa5a105d1051fdd05e60c96287
SHA1: bcd9ed508387ae99923a8eb72939fe589a764d91
SHA256: bb40d73788ab47b0b33128b925d7e1d9e801ea8e8ae0e660208b5dd97703e330
Operating systems: Windows 10
Extension: MUI
In x64: repadmin.exe NT5DS (32-bit)

Translations messages and strings

If an error occurred or the following message in English (U.S.) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id English (U.S.) English
1000Add Add
1001Delete Delete
1002Sync Sync
1003SyncAll SyncAll
1004ShowReps ShowReps
1005ShowVector ShowVector
1006ShowMeta ShowMeta
1007AddRepsTo AddRepsTo
1008UpdRepsTo UpdRepsTo
1009DelRepsTo DelRepsTo
1010ShowTime ShowTime
1011ShowMsg ShowMsg
1012Options Options
1013FullSyncAll FullSyncAll
1014KCC KCC
1015Bind Bind
1016ShowValue ShowValue
1017Queue Queue
1018PropCheck PropCheck
1019FailCache FailCache
1020ShowIsm ShowIsm
1021GetChanges GetChanges
1022ShowSig ShowSig
1023ShowCtx ShowCtx
1024ShowConn ShowConn
1025ExpertHelp ExpertHelp
1026ShowCert ShowCert
1027Mod Mod
1028Latency Latency
1029Istg Istg
1030Bridgeheads Bridgeheads
1031TestHook TestHook
1032DsaGuid DsaGuid
1033SiteOptions SiteOptions
1034ShowProxy ShowProxy
1035RemoveLingeringObjects RemoveLingeringObjects
1036notifyopt notifyopt
1037ReplSingleObj ReplSingleObj
1038ShowTrust ShowTrust
1039QuerySites QuerySites
1040ShowOutCalls ShowOutCalls
1041ShowNcSig ShowNcSig
1042ShowUtdVec ShowUtdVec
1043Replicate Replicate
1044ShowRepl ShowRepl
1045ShowObjMeta ShowObjMeta
1046CheckProp CheckProp
1047ShowChanges ShowChanges
1048ViewList ViewList
1049ShowAttr ShowAttr
1050showattrp showattrp
1051ReplSummary ReplSummary
1052ReplSum ReplSum
1053Repl Repl
1054Rehost Rehost
1055Unhost Unhost
1056RemoveSources RemoveSources
1057WriteSpn WriteSpn
1058ShowSCP ShowSCP
1059ReplAuthMode ReplAuthMode
1060SetAttr SetAttr
1061RebuildGC RebuildGC
1062RegKey RegKey
1063ShowBackup ShowBackup
1064DnsLookup DnsLookup
1065RodcPwdRepl RodcPwdRepl
1066Prp Prp
1067yes yes
1068no no
0x0The operation was successful. The operation was successful.
0x400003E8Usage: repadmin [/u:{domain\\user}] [/pw:{password|*}] [/retry[:][:]] [/csv]Use these commands to see the help:/? Displays a list of commands available for use in repadmin and their description./help Same as /?/?: Displays the list of possible arguments , appropriate syntaxes and examples for the specified command ./help: Same as /?: /experthelp Displays a list of commands for use by advanced users only./listhelp Displays the variations of syntax available for the DSA_NAME, DSA_LIST, NCNAME and OBJ_LIST strings. /oldhelp Displays a list of deprecated commands that still work but are no longer supported by Microsoft. Supported commands (use /? for detailed help): Usage: repadmin [/u:{domain\\user}] [/pw:{password|*}] [/retry[:][:]] [/csv]Use these commands to see the help:/? Displays a list of commands available for use in repadmin and their description./help Same as /?/?: Displays the list of possible arguments , appropriate syntaxes and examples for the specified command ./help: Same as /?: /experthelp Displays a list of commands for use by advanced users only./listhelp Displays the variations of syntax available for the DSA_NAME, DSA_LIST, NCNAME and OBJ_LIST strings. /oldhelp Displays a list of deprecated commands that still work but are no longer supported by Microsoft. Supported commands (use /? for detailed help):
0x400003E9Supported additional parameters: /u: Specifies the domain and user name separated by a backslash {domain\\user} that has permissions to perform operations in Active Directory. UPN logons not supported. /pw: Specifies the password for the user name entered with the /u parameter. /retry This parameter will cause repadmin to repeat its attempt to bind to the target dc should the first attempt fail with one of the following error status: 1722 / 0x6ba : \"The RPC Server is unavailable\" 1753 / 0x6d9 : \"There are no more endpoints available from the endpoint mapper\" /csv Used with /showrepl to output results in comma separated value format. See /csvhelpNote: Most commands take their parameters in the order of \"Destination or Target DSA_LIST\", then a \"Source DSA_NAME\" if required, and finally the NC or Object DN if required.\t (or ) is a Directory Service Agent binding string. For Active Directory Domain Services, this is simply a network label (such as a DNS, NetBios, or IP address) of a Domain Controller. For Active Directory Lightweight Directory Services, this must be a network label of the AD LDS server followed by a colon and the LDAP port of the AD LDS instance Examples (AD DS): dc-01 dc-01.microsoft.com Examples (AD LDS): ad-am-01:2000 ad-am-01.microsoft.com:2000 is the Distinguished Name of the root of the NC Example: DC=My-Domain,DC=Microsoft,DC=ComNote: Text (Naming Context names, server names, etc) with International or Unicode characters will only display correctly if appropriate fonts and language support are loaded. Supported additional parameters: /u: Specifies the domain and user name separated by a backslash {domain\\user} that has permissions to perform operations in Active Directory. UPN logons not supported. /pw: Specifies the password for the user name entered with the /u parameter. /retry This parameter will cause repadmin to repeat its attempt to bind to the target dc should the first attempt fail with one of the following error status: 1722 / 0x6ba : \"The RPC Server is unavailable\" 1753 / 0x6d9 : \"There are no more endpoints available from the endpoint mapper\" /csv Used with /showrepl to output results in comma separated value format. See /csvhelpNote: Most commands take their parameters in the order of \"Destination or Target DSA_LIST\", then a \"Source DSA_NAME\" if required, and finally the NC or Object DN if required.\t (or ) is a Directory Service Agent binding string. For Active Directory Domain Services, this is simply a network label (such as a DNS, NetBios, or IP address) of a Domain Controller. For Active Directory Lightweight Directory Services, this must be a network label of the AD LDS server followed by a colon and the LDAP port of the AD LDS instance Examples (AD DS): dc-01 dc-01.microsoft.com Examples (AD LDS): ad-am-01:2000 ad-am-01.microsoft.com:2000 is the Distinguished Name of the root of the NC Example: DC=My-Domain,DC=Microsoft,DC=ComNote: Text (Naming Context names, server names, etc) with International or Unicode characters will only display correctly if appropriate fonts and language support are loaded.
0x400003EAWARNING:Some of these commands have the potential to break your Active Directory Domain Services installation,and should be used only under the expert guidance of Microsoft PSS.Expert Help WARNING:Some of these commands have the potential to break your Active Directory Domain Services installation,and should be used only under the expert guidance of Microsoft PSS.Expert Help
0x400003EBnbrflagoptions: SYNC_ON_STARTUP DO_SCHEDULED_SYNCS TWO_WAY_SYNC NEVER_SYNCED IGNORE_CHANGE_NOTIFICATIONS DISABLE_SCHEDULED_SYNC COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS nbrflagoptions: SYNC_ON_STARTUP DO_SCHEDULED_SYNCS TWO_WAY_SYNC NEVER_SYNCED IGNORE_CHANGE_NOTIFICATIONS DISABLE_SCHEDULED_SYNC COMPRESS_CHANGES NO_CHANGE_NOTIFICATIONS
0x400003EC/removelingeringobjects [/ADVISORY_MODE] /removelingeringobjects [/ADVISORY_MODE]
0x400003ED/add [/asyncrep] [/syncdisable] [/dsadn:] [/transportdn:] [/mail] [/async] [/readonly] [/selsecrets] /add [/asyncrep] [/syncdisable] [/dsadn:] [/transportdn:] [/mail] [/async] [/readonly] [/selsecrets]
0x400003EE/mod [/readonly] [/srcdsaaddr:] [/transportdn:] [+nbrflagoption] [-nbrflagoption] /mod [/readonly] [/srcdsaaddr:] [/transportdn:] [+nbrflagoption] [-nbrflagoption]
0x400003EF/delete [] [/localonly] [/nosource] [/async] /delete [] [/localonly] [/nosource] [/async]
0x400003F0/addrepsto [/selsecrets] /addrepsto [/selsecrets]
0x400003F1/updrepsto [/selsecrets] /updrepsto [/selsecrets]
0x400003F2/testhook [DSA_LIST] [{+|-}lockqueue] [{+|-}link_cleaner] [{+rpctime:,,|-rpctime}] [{+rpcsync:,|-rpcsync}] /testhook [DSA_LIST] [{+|-}lockqueue] [{+|-}link_cleaner] [{+rpctime:,,|-rpctime}] [{+rpcsync:,|-rpcsync}]
0x400003F3/siteoptions [DSA] [/site:] [{+|-}IS_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_TOPL_CLEANUP_DISABLED] [{+|-}IS_TOPL_MIN_HOPS_DISABLED] [{+|-}IS_TOPL_DETECT_STALE_DISABLED] [{+|-}IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_GROUP_CACHING_ENABLED] [{+|-}FORCE_KCC_WHISTLER_BEHAVIOR] [{+|-}FORCE_KCC_W2K_ELECTION] [{+|-}IS_RAND_BH_SELECTION_DISABLED] [{+|-}IS_SCHEDULE_HASHING_ENABLED] [{+|-}IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED] [{+|-}W2K3_IGNORE_SCHEDULES] [{+|-}W2K3_BRIDGES_REQUIRED] /siteoptions [DSA] [/site:] [{+|-}IS_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_TOPL_CLEANUP_DISABLED] [{+|-}IS_TOPL_MIN_HOPS_DISABLED] [{+|-}IS_TOPL_DETECT_STALE_DISABLED] [{+|-}IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_GROUP_CACHING_ENABLED] [{+|-}FORCE_KCC_WHISTLER_BEHAVIOR] [{+|-}FORCE_KCC_W2K_ELECTION] [{+|-}IS_RAND_BH_SELECTION_DISABLED] [{+|-}IS_SCHEDULE_HASHING_ENABLED] [{+|-}IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED] [{+|-}W2K3_IGNORE_SCHEDULES] [{+|-}W2K3_BRIDGES_REQUIRED]
0x400003F4/delrepsto /delrepsto
0x400003F5/options [DSA_LIST] [{+|-}IS_GC] [{+|-}DISABLE_INBOUND_REPL] [{+|-}DISABLE_OUTBOUND_REPL] [{+|-}DISABLE_NTDSCONN_XLATE] [{+|-}DISABLE_SPN_REGISTRATION] /options [DSA_LIST] [{+|-}IS_GC] [{+|-}DISABLE_INBOUND_REPL] [{+|-}DISABLE_OUTBOUND_REPL] [{+|-}DISABLE_NTDSCONN_XLATE] [{+|-}DISABLE_SPN_REGISTRATION]
0x400003F6/rehost DSA [/application] If a source DC Address is not specified, a writeable replica will be selected using the DC Locator /rehost DSA [/application] If a source DC Address is not specified, a writeable replica will be selected using the DC Locator
0x400003F7/unhost DSA /unhost DSA
0x400003F8/removesources DSA_LIST /removesources DSA_LIST
0x400003F9/rebuildgc DC /rebuildgc DC
0x400003FA/bind [DSA_LIST] [SPN] /bind [DSA_LIST] [SPN]
0x400003FB/bridgeheads [DSA_LIST] [/verbose] /bridgeheads [DSA_LIST] [/verbose]
0x400003FC/checkprop [DSA_LIST from which to enumerate host DSAs] /checkprop [DSA_LIST from which to enumerate host DSAs]
0x400003FD/dnslookup /alias /dnslookup where DnsReslFlags are combinations of DNSRESL_FLUSH_CACHE (0x1) DNSRESL_FLUSH_CACHE_ON_ERROR (0x2) DNSRESL_GET_IPV4_ONLY (0x4) DNSRESL_GET_IPV6_ONLY (0x8) DNSRESL_PREFER_IPV4 (0x10) /dnslookup /alias /dnslookup where DnsReslFlags are combinations of DNSRESL_FLUSH_CACHE (0x1) DNSRESL_FLUSH_CACHE_ON_ERROR (0x2) DNSRESL_GET_IPV4_ONLY (0x4) DNSRESL_GET_IPV6_ONLY (0x8) DNSRESL_PREFER_IPV4 (0x10)
0x400003FE/dsaguid [DSA_LIST] [GUID] /dsaguid [DSA_LIST] [GUID]
0x400003FF/istg [DSA_LIST] [/verbose] /istg [DSA_LIST] [/verbose]
0x40000400/latency [DSA_LIST] [/verbose] /latency [DSA_LIST] [/verbose]
0x40000401/showscp [DSA_LIST] (Must point at a GC, use \"gc:\" for all) /showscp [DSA_LIST] (Must point at a GC, use \"gc:\" for all)
0x40000402/replauthmode [DSA_LIST] [] (AD LDS only) is either an integer, or one of the ADAM_REPL_AUTHENTICATION_MODE_*** constants /replauthmode [DSA_LIST] [] (AD LDS only) is either an integer, or one of the ADAM_REPL_AUTHENTICATION_MODE_*** constants
0x40000403/setattr [ ...] is either of add delete replace deleteAll can be either a string literal or an integer (decimal or hex) or one of the defined constants /setattr [ ...] is either of add delete replace deleteAll can be either a string literal or an integer (decimal or hex) or one of the defined constants
0x40000404/notifyopt [DSA_LIST] [/first:] [/subs:] /notifyopt [DSA_LIST] [/first:] [/subs:]
0x40000405/querysites [ ...] (may not be called with alternate credentials) /querysites [ ...] (may not be called with alternate credentials)
0x40000406/regkey DSA_LIST [value [/reg_sz]] Well known keys: strict allowDivergent /regkey DSA_LIST [value [/reg_sz]] Well known keys: strict allowDivergent
0x40000407/replicate [/force] [/async] [/full] [/addref] [/readonly] /replicate [/force] [/async] [/full] [/addref] [/readonly]
0x40000408/replsingleobj /replsingleobj
0x40000409/replsummary [DSA_LIST] /bysrc /bydest /errorsonly [/sort:{ delta | partners | failures | error | percent | unresponsive }] /replsummary [DSA_LIST] /bysrc /bydest /errorsonly [/sort:{ delta | partners | failures | error | percent | unresponsive }]
0x4000040A/showattr [OBJ_LIST OPTIONS] [/atts:,...] [/allvalues] [/long] [/dumpallblob] /showattr [OBJ_LIST OPTIONS] [/atts:,...] [/allvalues] [/long] [/dumpallblob]
0x4000040B/showbackup /showbackup
0x4000040C/showcert [DSA_LIST] /showcert [DSA_LIST]
0x4000040D/showchanges . [/cookie:] [/atts:,,...] [/long] [ /showchanges [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:,,...] [/filter:] /showchanges . [/cookie:] [/atts:,,...] [/long] [ /showchanges [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:,,...] [/filter:]
0x4000040E/showism [] [/verbose] (must be executed locally) /showism [] [/verbose] (must be executed locally)
0x4000040F/showmsg { | /NTDSMSG} /showmsg { | /NTDSMSG}
0x40000410/showncsig [DSA_LIST] /showncsig [DSA_LIST]
0x40000411/showobjmeta [DSA_LIST] [/nocache] [/linked] /showobjmeta [DSA_LIST] [/nocache] [/linked]
0x40000412/showoutcalls [DSA_LIST] /showoutcalls [DSA_LIST]
0x40000413/showproxy [DSA_LIST] [Naming Context] [matchstring] (search xdommove proxies) /showproxy [DSA_LIST] [Object DN] [matchstring] /movedobject (dump xdommoved object) /showproxy [DSA_LIST] [Naming Context] [matchstring] (search xdommove proxies) /showproxy [DSA_LIST] [Object DN] [matchstring] /movedobject (dump xdommoved object)
0x40000414/showrepl [DSA_LIST [Source DSA object GUID]] [Naming Context] [/verbose] [/nocache] [/repsto] [/conn] [/all] [/errorsonly] [/intersite] /showrepl [DSA_LIST [Source DSA object GUID]] [Naming Context] [/verbose] [/nocache] [/repsto] [/conn] [/all] [/errorsonly] [/intersite]
0x40000415/showtime /showtime
0x40000416/showtrust [DSA_LIST] /showtrust [DSA_LIST]
0x40000417/showutdvec [/nocache] [/latency] /showutdvec [/nocache] [/latency]
0x40000418/showvalue [DSA_LIST] [Attribute Name] [Value DN] [/nocache] /showvalue [DSA_LIST] [Attribute Name] [Value DN] [/nocache]
0x40000419/syncall [] [] /syncall [] []
0x4000041A/viewlist [OBJ_LIST] /viewlist [OBJ_LIST]
0x4000041B/writespn [DSA_LIST] /writespn [DSA_LIST]
0x4000041CREPADMIN_IDS_CMD__SYNTAX REPADMIN_IDS_CMD__SYNTAX
0x4000041D/failcache [DSA_LIST] /failcache [DSA_LIST]
0x4000041E/kcc [DSA_LIST] [/async] /kcc [DSA_LIST] [/async]
0x4000041F/queue [DSA_LIST] /queue [DSA_LIST]
0x40000420/showconn [DSA_LIST] {serverRDN | Container DN | } [/from:serverRDN] [/intersite] (default is local site) /showconn [DSA_LIST] {serverRDN | Container DN | } [/from:serverRDN] [/intersite] (default is local site)
0x40000421/showctx [DSA_LIST] [/nocache] /showctx [DSA_LIST] [/nocache]
0x40000422/showsig [DSA_LIST] /showsig [DSA_LIST]
0x40000423/sync [/force] [/async] [/full] [/addref] [/readonly] [/selsecrets] /sync [/force] [/async] [/full] [/addref] [/readonly] [/selsecrets]
0x40000424/propcheck [DC from which to enumerate host DCs] /propcheck [DC from which to enumerate host DCs]
0x40000425/getchanges NamingContext [SourceDC] [/cookie:] [/atts:,,...] /getchanges NamingContext [DestDC] SourceDCObjectGUID [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:,,...] [/filter:] /getchanges NamingContext [SourceDC] [/cookie:] [/atts:,,...] /getchanges NamingContext [DestDC] SourceDCObjectGUID [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:,,...] [/filter:]
0x40000426/showreps [Naming Context] [DC [Source DC object GUID]] [/verbose] [/nocache] [/repsto] [/conn] [/all] /showreps [Naming Context] [DC [Source DC object GUID]] [/verbose] [/nocache] [/repsto] [/conn] [/all]
0x40000427/showvector [DC] [/nocache] [/latency] /showvector [DC] [/nocache] [/latency]
0x40000428/showmeta [DC] [/nocache] [/linked] /showmeta [DC] [/nocache] [/linked]
0x40000429(alias command tbd) (alias command tbd)
0x4000042A/rodcpwdrepl [DSA_LIST] [ ...] /rodcpwdrepl [DSA_LIST] [ ...]
0x4000042BPassword: %0 Password: %0
0x4000042CChecking for 'Domain Controller' certificate in store '%1'... Checking for 'Domain Controller' certificate in store '%1'...
0x4000042DDomain Controller Certificate V1 is present. Domain Controller Certificate V1 is present.
0x4000042EDomain Controller Certificate V2 is present. Domain Controller Certificate V2 is present.
0x4000042FBind to %1 succeeded. Bind to %1 succeeded.
0x40000430Extensions supported (cb=%1!d!): Extensions supported (cb=%1!d!):
0x40000431%1!-33S!: %2 %1!-33S!: %2
0x40000432%1!-33S!: Yes %1!-33S!: Yes
0x40000433%1!-33S!: No %1!-33S!: No
0x40000434Site GUID: %1 Site GUID: %1
0x40000435Current Replica flags: %1 Current Replica flags: %1
0x40000436Successfully enqueued operation to establish one-way replication from source:%1 to dest:%2. Successfully enqueued operation to establish one-way replication from source:%1 to dest:%2.
0x40000437One-way replication from source:%1 to dest:%2 established. One-way replication from source:%1 to dest:%2 established.
0x40000438Current source address: %1 Current source address: %1
0x40000439Replication link from source:%1 to dest:%2 modified. Replication link from source:%1 to dest:%2 modified.
0x4000043ASource address set to %1 Source address set to %1
0x4000043BTransport DN set to %1 Transport DN set to %1
0x4000043CReplica flags set to %1 Replica flags set to %1
0x4000043DSuccessfully enqueued operation to delete one-way replication from source:%1 to dest:%2. Successfully enqueued operation to delete one-way replication from source:%1 to dest:%2.
0x4000043EReplication link from source:%1 to dest:%2 deleted. Replication link from source:%1 to dest:%2 deleted.
0x4000043FSuccessfully enqueued operation to update change notifications from %1 to %2. Successfully enqueued operation to update change notifications from %1 to %2.
0x40000440Successfully updated change notifications from %1 to %2. Successfully updated change notifications from %1 to %2.
0x40000441Successfully enqueued consistency check for %1. Successfully enqueued consistency check for %1.
0x40000442Consistency check on %1 successful. Consistency check on %1 successful.
0x40000443Successfully enqueued sync from %1 to %2. Successfully enqueued sync from %1 to %2.
0x40000444Successfully enqueued sync from (all neighbours) to %1. Successfully enqueued sync from (all neighbours) to %1.
0x40000445Sync from %1 to %2 completed successfully. Sync from %1 to %2 completed successfully.
0x40000446Sync from (all neighbours) to %1 completed successfully. Sync from (all neighbours) to %1 completed successfully.
0x40000447Connecting to the writable DSAs: Connecting to the writable DSAs:
0x40000448Disabling inbound/outbound replication & deleting replication state: Disabling inbound/outbound replication & deleting replication state:
0x40000449%1... %1...
0x4000044AInbound/outbound replication disabled. Inbound/outbound replication disabled.
0x4000044B%1%n%0 %1%n%0
0x4000044C%1!S! %1!S!
0x4000044D%1!S!%0 %1!S!%0
0x4000044E%1%0 %1%0
0x4000044F.%0 .%0
0x40000450%n%0 %n%0
0x40000451Removing up-to-date vector... Removing up-to-date vector...
0x40000452No inbound replication partners. No inbound replication partners.
0x40000453Removing link from %1... Removing link from %1...
0x40000454Re-enabling in/out replication: Re-enabling in/out replication:
0x40000455OPERATION SUCCESSFUL!Note that you must demote all GCs -- you can re-promote them a halfhour later. OPERATION SUCCESSFUL!Note that you must demote all GCs -- you can re-promote them a halfhour later.
0x40000456Building starting position from destination server %1 Building starting position from destination server %1
0x40000457********* Cumulative packet totals ************ ********* Cumulative packet totals ************
0x40000458********* Grand total ************************* ********* Grand total *************************
0x40000459Packets: %1!d!Objects: %2!d!Object Additions: %3!d!Object Modifications: %4!d!Object Deletions: %5!d!Object Moves: %6!d! Packets: %1!d!Objects: %2!d!Object Additions: %3!d!Object Modifications: %4!d!Object Deletions: %5!d!Object Moves: %6!d!
0x4000045AAttributes: %1!d!Values: %2!d!Dn-valued Attributes: %3!d!MaxDnVals on any attr:%4!d!ObjectDn with maxattr:%5!S!Attrname with maxattr:%6!S! Attributes: %1!d!Values: %2!d!Dn-valued Attributes: %3!d!MaxDnVals on any attr:%4!d!ObjectDn with maxattr:%5!S!Attrname with maxattr:%6!S!
0x4000045B#dnvals 1-250 251-500 501-750 751-1000 1000+add %1!d! %2!d! %3!d! %4!d! %5!d!mod %6!d! %7!d! %8!d! %9!d! %10!d!*********************************************** #dnvals 1-250 251-500 501-750 751-1000 1000+add %1!d! %2!d! %3!d! %4!d! %5!d!mod %6!d! %7!d! %8!d! %9!d! %10!d!***********************************************
0x4000045C%0 %0
0x4000045DNo Changes No Changes
0x4000045EObjects returned: %1!d! Objects returned: %1!d!
0x4000045F(%1!d!) %2!S! %3 (%1!d!) %2!S! %3
0x40000460%1!d! %2: %0 %1!d! %2: %0
0x40000461; %0 ; %0
0x40000462Using cookie from file %1 (%2!d! bytes) Using cookie from file %1 (%2!d! bytes)
0x40000463Using empty cookie (full sync). Using empty cookie (full sync).
0x40000464Source Neighbor:%1 Source Neighbor:%1
0x40000465Destination's up-to-date vector: Destination's up-to-date vector:
0x40000466%1!-36s! @ USN %2!I64d! %1!-36s! @ USN %2!I64d!
0x40000467==== SOURCE DSA: %1 ==== ==== SOURCE DSA: %1 ====
0x40000468New cookie written to file %1 (%2!d! bytes) New cookie written to file %1 (%2!d! bytes)
0x40000469Queue contains %1!d! items. Queue contains %1!d! items.
0x4000046AThe mail thread is executing. The mail thread is executing.
0x4000046BCurrent task began executing at %1!S!. Current task began executing at %1!S!.
0x4000046CTask has been executing for %1!d! minutes, %2!d! seconds. Task has been executing for %1!d! minutes, %2!d! seconds.
0x4000046D[%1!d!] Enqueued %2!S! at priority %3!d! [%1!d!] Enqueued %2!S! at priority %3!d!
0x4000046E%1!S! NC %2 DSA %3 DSA object GUID %4 DSA transport addr %5 %1!S! NC %2 DSA %3 DSA object GUID %4 DSA transport addr %5
0x4000046F(none) (none)
0x40000470No Failures. No Failures.
0x40000471%1!d! consecutive failures since %2!S!. %1!d! consecutive failures since %2!S!.
0x40000472Repl epoch: %1!d! Repl epoch: %1!d!
0x40000473Last error: %0 Last error: %0
0x40000474==== KCC CONNECTION FAILURES ============================ ==== KCC CONNECTION FAILURES ============================
0x40000475==== KCC LINK FAILURES ================================== ==== KCC LINK FAILURES ==================================
0x40000476DSA Options: %1!S! DSA Options: %1!S!
0x40000477Site Options: %1!S! Site Options: %1!S!
0x40000478DSA object GUID: %1 DSA object GUID: %1
0x40000479DSA invocationID: %1 DSA invocationID: %1
0x4000047ANaming Context: %1 Naming Context: %1
0x4000047B==== INBOUND NEIGHBORS ====================================== ==== INBOUND NEIGHBORS ======================================
0x4000047C==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============ ==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
0x4000047D==== KCC CONNECTION OBJECTS ============================================ ==== KCC CONNECTION OBJECTS ============================================
0x4000047E%1 via %2 %1 via %2
0x4000047FinterSiteTransport object GUID: %1 interSiteTransport object GUID: %1
0x40000480USNs: %1!I64d!/OU,%0 USNs: %1!I64d!/OU,%0
0x40000481%1!I64d!/PU %1!I64d!/PU
0x40000482Last attempt @ %1!S! was successful. Last attempt @ %1!S! was successful.
0x40000483Last attempt @ %1!S! was delayed for a normal reason, result %0 Last attempt @ %1!S! was delayed for a normal reason, result %0
0x40000484Last attempt @ %1!S! failed, result %0 Last attempt @ %1!S! failed, result %0
0x40000485%1!u! consecutive failure(s). %1!u! consecutive failure(s).
0x40000486Last success @ %1!S!. Last success @ %1!S!.
0x40000487Address: %1 Address: %1
0x40000488Added @ %1!S!. Added @ %1!S!.
0x40000489%1!-36s! @ USN %2!9I64d! @ Time %0 %1!-36s! @ USN %2!9I64d! @ Time %0
0x4000048B%1!d! entries. %1!d! entries.
0x4000048CTo avoid truncated \"Originating DSA\" values, redirect output to a text file, or use /nocache To avoid truncated \"Originating DSA\" values, redirect output to a text file, or use /nocache
0x4000048DLoc.USN Originating DSA Org.USN Org.Time/Date Ver Attribute======= =============== ========= ============= === ========= Loc.USN Originating DSA Org.USN Org.Time/Date Ver Attribute======= =============== ========= ============= === =========
0x4000048E%1!7I64d!%0 %1!7I64d!%0
0x4000048F%1!41s!%2!10I64d!%0 %1!41s!%2!10I64d!%0
0x40000490%1!20S!%2!5d! %3 %1!20S!%2!5d! %3
0x40000491Type Attribute Last Mod Time Originating DSA Loc.USN Org.USN Ver======= ============ ============= ================= ======= ======= === Distinguished Name ============================= Type Attribute Last Mod Time Originating DSA Loc.USN Org.USN Ver======= ============ ============= ================= ======= ======= === Distinguished Name =============================
0x40000492LEGACY %1 %2(%3!d!) %4!S! LEGACY %1 %2(%3!d!) %4!S!
0x40000493PRESENT %1 %2(%3!d!) %4!S! PRESENT %1 %2(%3!d!) %4!S!
0x40000494ABSENT %1 %2(%3!d!) %4!S! %5!S! ABSENT %1 %2(%3!d!) %4!S! %5!S!
0x40000495LEGACY %0 LEGACY %0
0x40000496PRESENT %0 PRESENT %0
0x40000497ABSENT %0 ABSENT %0
0x40000498%1!12s!%0 %1!12s!%0
0x40000499%1!20S! %2!38s! %3!7I64d! %0 %1!20S! %2!38s! %3!7I64d! %0
0x4000049A%1!7I64d! %0 %1!7I64d! %0
0x4000049B%1!3d! %1!3d!
0x4000049D%1!37s! %2!8I64d!%0 %1!37s! %2!8I64d!%0
0x4000049E%1!20S! %2!5d! %1!20S! %2!5d!
0x4000049FNo more items. No more items.
0x400004A0%1!d! open context handles. %1!d! open context handles.
0x400004A1%1 @ %2!S! (PID %3!d!) (Handle 0x%4!I64x!) %1 @ %2!S! (PID %3!d!) (Handle 0x%4!I64x!)
0x400004A2bound, refs=%1!d!, last used %2!S! bound, refs=%1!d!, last used %2!S!
0x400004A3NOT bound, refs=%1!d!, last used %2!S! NOT bound, refs=%1!d!, last used %2!S!
0x400004A4All DSAs in site %1 (with trans & hosting NC) are bridgehead candidates. All DSAs in site %1 (with trans & hosting NC) are bridgehead candidates.
0x400004A5%1!d! server(s) are defined as bridgeheads for transport %2 & site %3: %1!d! server(s) are defined as bridgeheads for transport %2 & site %3:
0x400004A6Server(%1!d!) %2 Server(%1!d!) %2
0x400004A7==== TRANSPORT %1 CONNECTIVITY INFORMATION FOR %2!d! SITES: ==== ==== TRANSPORT %1 CONNECTIVITY INFORMATION FOR %2!d! SITES: ====
0x400004A8%1%2!4d!%0 %1%2!4d!%0
0x400004A9Site(%1!d!) %2 Site(%1!d!) %2
0x400004AA%1%2!d!:%3!d!:%4!x!%0 %1%2!d!:%3!d!:%4!x!%0
0x400004ABSchedule between %1 and %2 (cost %3!d!, interval %4!d!): Schedule between %1 and %2 (cost %3!d!, interval %4!d!):
0x400004ACConnection is always available. Connection is always available.
0x400004ADCookie: null Cookie: null
0x400004AECookie: ver %1!d!,HighObjUpdate: %2!I64d!, Cookie: ver %1!d!,HighObjUpdate: %2!I64d!,
0x400004AFHighPropUpdate: %1!I64d! HighPropUpdate: %1!I64d!
0x400004B0%1!I64d!%0 %1!I64d!%0
0x400004B1= 0x%1!I64x!%0 = 0x%1!I64x!%0
0x400004B2= %1!S! UTC = %2!S! local = %1!S! UTC = %2!S! local
0x400004B3Replication suppressed by user request: Replication suppressed by user request:
0x400004B4From: %1 To : %2 From: %1 To : %2
0x400004B5CALLBACK MESSAGE: %0 CALLBACK MESSAGE: %0
0x400004B6The following replication is in progress: The following replication is in progress:
0x400004B7The following replication completed successfully: The following replication completed successfully:
0x400004B8SyncAll Finished. SyncAll Finished.
0x400004B9Unknown. Unknown.
0x400004BArepadmin /showrepl %1 %2 %3 repadmin /showrepl %1 %2 %3
0x400004BBDsReplicaSyncAll commandline interface.repadmin /SyncAll [/adehijpPsS] [] /a: Abort if any server is unavailable /A: Perform /SyncAll for all NC's held by (ignores ) /d: ID servers by DN in messages (instead of GUID DNS) /e: Enterprise, cross sites (default: only home site) /h: Print this help screen /i: Iterate indefinitely /I: Perform showreps on each server pair in path instead of syncing /j: Sync adjacent servers only /p: Pause for possible user abort after every message /P: Push changes outward from home server (default: pull changes) /q: Quiet mode, suppress callback messages /Q: Very quiet, report fatal errors only /s: Do not sync (just analyze topology and generate messages) /S: Skip initial server-response check (assume all servers are available)If is omitted DsReplicaSyncAll defaults to the Configuration NC. DsReplicaSyncAll commandline interface.repadmin /SyncAll [/adehijpPsS] [] /a: Abort if any server is unavailable /A: Perform /SyncAll for all NC's held by (ignores ) /d: ID servers by DN in messages (instead of GUID DNS) /e: Enterprise, cross sites (default: only home site) /h: Print this help screen /i: Iterate indefinitely /I: Perform showreps on each server pair in path instead of syncing /j: Sync adjacent servers only /p: Pause for possible user abort after every message /P: Push changes outward from home server (default: pull changes) /q: Quiet mode, suppress callback messages /Q: Very quiet, report fatal errors only /s: Do not sync (just analyze topology and generate messages) /S: Skip initial server-response check (assume all servers are available)If is omitted DsReplicaSyncAll defaults to the Configuration NC.
0x400004BCSyncAll cancelled by user request. SyncAll cancelled by user request.
0x400004BDSyncAll terminated with no errors. SyncAll terminated with no errors.
0x400004BE[%1!ld!] [%1!ld!]
0x400004BFQ to quit, any other key to continue. Q to quit, any other key to continue.
0x400004C0Press any key to continue . . . Press any key to continue . . .
0x400004C2Sun%0 Sun%0
0x400004C3Mon%0 Mon%0
0x400004C4Tue%0 Tue%0
0x400004C5Wed%0 Wed%0
0x400004C6Thu%0 Thu%0
0x400004C7Fri%0 Fri%0
0x400004C8Sat%0 Sat%0
0x400004C9day: 0123456789ab0123456789ab day: 0123456789ab0123456789ab
0x400004CAPartition Replication Schedule Loading: Partition Replication Schedule Loading:
0x400004CB%1!2.2d!%0 %1!2.2d!%0
0x400004CC%1!d!%0 %1!d!%0
0x400004CD%1!x!%0 %1!x!%0
0x400004CECaching GUIDs. Caching GUIDs.
0x400004CF%1: %0 %1: %0
0x400004D0yes%0 yes%0
0x400004D1** NO! **%0 ** NO! **%0
0x400004D2-- No cursor found! -- No cursor found!
0x400004D3(USN %1!I64d!) (USN %1!I64d!)
0x400004D4Current %0 Current %0
0x400004D5New %0 New %0
0x400004D6%1 retired on %2!S! at USN %3!I64d! %1 retired on %2!S! at USN %3!I64d!
0x400004D7No retired signatures. No retired signatures.
0x400004D8Source: %1\\%2 Source: %1\\%2
0x400004D9******* %1!d! CONSECUTIVE FAILURES since %2!S! ******* %1!d! CONSECUTIVE FAILURES since %2!S!
0x400004DAReplica link has been added. Replica link has been added.
0x400004DBNaming Context Attempt Time Success Time #Fail Last Result ================ =================== =================== ===== ============== Naming Context Attempt Time Success Time #Fail Last Result ================ =================== =================== ===== ==============
0x400004DC%1!22s!%0 %1!22s!%0
0x400004DD%1!21S!%2!21S! %3!5d! %4 %1!21S!%2!21S! %3!5d! %4
0x400004DEConnection -- Connection name : %1 Server DNS name : %2 Server DN name : %3 Connection -- Connection name : %1 Server DNS name : %2 Server DN name : %3
0x400004DFTransportType: %1 TransportType: %1
0x400004E0TransportType: intrasite RPC TransportType: intrasite RPC
0x400004E1options: %0 options: %0
0x400004E2Reason: %0 Reason: %0
0x400004E3enabledConnection: %1 enabledConnection: %1
0x400004E4whenChanged: %0 whenChanged: %0
0x400004E5whenCreated: %0 whenCreated: %0
0x400004E6Schedule: Schedule:
0x400004E7%1!d! connections found. %1!d! connections found.
0x400004E8Base DN: %1 Base DN: %1
0x400004E9ReplicatesNC: %1 ReplicatesNC: %1
0x400004EBOriginating Site Ver Time Local Update Time Orig. Update Latency Since Last ================== ===== =================== =================== ======== ========== Originating Site Ver Time Local Update Time Orig. Update Latency Since Last ================== ===== =================== =================== ======== ==========
0x400004EC%1!24s! %2!6d! %3!20S! %4!20S! %0 %1!24s! %2!6d! %3!20S! %4!20S! %0
0x400004ED%1!02d!:%2!02d!:%3!02d!%0 %1!02d!:%2!02d!:%3!02d!%0
0x400004EESource Site Local Bridge Trns Fail. Time # Status =============== ============== ==== ================= === ======== Source Site Local Bridge Trns Fail. Time # Status =============== ============== ==== ================= === ========
0x400004EF%1!24s!%2!16s!%0 %1!24s!%2!16s!%0
0x400004F0%1!6s!%0 %1!6s!%0
0x400004F1%1!20S!%2!4d! %3!20s!%0 %1!20S!%2!4d! %3!20s!%0
0x400004F2Replication Latency for site %1 (%2): Replication Latency for site %1 (%2):
0x400004F3Bridgeheads for site %1 (%2): Bridgeheads for site %1 (%2):
0x400004F4Gathering topology from site %1 (%2): Gathering topology from site %1 (%2):
0x400004F5Site ISTG ================== ================= Site ISTG ================== =================
0x400004F6%1!24s!%2!20s! %1!24s!%2!20s!
0x400004F7Disclaimer:1. Latency is shown for Configuration NC only.2. Probes are sent once every half hour. Actual replication may occur more frequently.3. What is normal Intersite replication frequency depends on many factors: site link schedules, intervals and bridgehead availability. Disclaimer:1. Latency is shown for Configuration NC only.2. Probes are sent once every half hour. Actual replication may occur more frequently.3. What is normal Intersite replication frequency depends on many factors: site link schedules, intervals and bridgehead availability.
0x400004F8Successfully invoked test hook \"%1\". Successfully invoked test hook \"%1\".
0x400004F9\"%1\" = %2. \"%1\" = %2.
0x400004FASearching naming context: %1 Searching naming context: %1
0x400004FBObject DN: %1 Object DN: %1
0x400004FCProxy DN: %1 Proxy DN: %1
0x400004FDObject GUID: %1 Object GUID: %1
0x400004FEMoved from NC: %1 Moved from NC: %1
0x400004FFProxied (moved to) DN: %1 Proxied (moved to) DN: %1
0x40000500Proxy Type: (%1!d!) %0 Proxy Type: (%1!d!) %0
0x40000501moved object%0 moved object%0
0x40000502proxy%0 proxy%0
0x40000503unknown%0 unknown%0
0x40000504Proxy Epoch: %1!d! Proxy Epoch: %1!d!
0x40000505%1!d! = 0x%2!x! = \"%3\" %1!d! = 0x%2!x! = \"%3\"
0x40000506Current Notification Options: Current Notification Options:
0x40000507New Notification Options: New Notification Options:
0x40000508Replication-Notify-First-DSA-Delay: %1!d! Replication-Notify-First-DSA-Delay: %1!d!
0x40000509Replication-Notify-First-DSA-Delay is not set. Replication-Notify-First-DSA-Delay is not set.
0x4000050AReplication-Notify-Subsequent-DSA-Delay: %1!d! Replication-Notify-Subsequent-DSA-Delay: %1!d!
0x4000050BReplication-Notify-Subsequent-DSA-Delay is not set. Replication-Notify-Subsequent-DSA-Delay is not set.
0x4000050CA Domain Controller Certificate was found with Computer Object GUID %1!S!. A Domain Controller Certificate was found with Computer Object GUID %1!S!.
0x4000050DThe Computer Object Unique ID is %1. The Computer Object Unique ID is %1.
0x4000050ENC %1 retired on %2!S! at USN %3!I64d! NC %1 retired on %2!S! at USN %3!I64d!
0x4000050FRetired NC invocationID: %1 Retired NC invocationID: %1
0x400007D1Warning: Repadmin was unable to set the %1 registry Key. Warning: Repadmin was unable to set the %1 registry Key.
0x400007D2HKLM\\%1: \"%2\" %3 %4 HKLM\\%1: \"%2\" %3 %4
0x400007D3HKLM\\%1: \"%2\" value does not exist HKLM\\%1: \"%2\" value does not exist
0x400007D4HKLM\\%1: \"%2\" REG_TYPE=%3!d! (Unable do display value) HKLM\\%1: \"%2\" REG_TYPE=%3!d! (Unable do display value)
0x400007D5The specified server (%1) is not a GC. The specified server (%1) is not a GC.
0x400007D6The server %1 has been selected as the writeable source for partition %2. The server %1 has been selected as the writeable source for partition %2.
0x400007D7=== WARNING =====================AddSyncPartition was unable to completely sync the partition %1.Any temporary replica links and partial partition contents will be removed. === WARNING =====================AddSyncPartition was unable to completely sync the partition %1.Any temporary replica links and partial partition contents will be removed.
0x400007D8The GC %1 is being rebuilt. Each of its read-only partitions will be rehosted. The GC %1 is being rebuilt. Each of its read-only partitions will be rehosted.
0x400007D9There was a DC Locator error finding a writeable copy of partition %1.The error number is %2!d!. There was a DC Locator error finding a writeable copy of partition %1.The error number is %2!d!.
0x400007DAThe KCC will now remove the temporary replica links to the writeable copies, and re-establish a standard topology, which will include links to both writeable and read-only copies of the partitions. The KCC will now remove the temporary replica links to the writeable copies, and re-establish a standard topology, which will include links to both writeable and read-only copies of the partitions.
0x400007DBRepadmin encountered a failure while trying to rebuild the partition %1.Please use the /rehost command to manually rehost this partition. Repadmin encountered a failure while trying to rebuild the partition %1.Please use the /rehost command to manually rehost this partition.
0x400007E3Successfully replicated object %1 to %2 from %3. Successfully replicated object %1 to %2 from %3.
0x400007E4Syncing partition: %1 Syncing partition: %1
0x400007E5Syncing all NC's held on %1. Syncing all NC's held on %1.
0x400007E6Domain Trust Info: Domain Trust Info:
0x400007E7TRUSTED : %1 TRUSTED : %1
0x400007E8UNTRUSTED : %1 UNTRUSTED : %1
0x400007E9From site: %1To Site Name Cost------------ ---- From site: %1To Site Name Cost------------ ----
0x400007EA%1!-64s! %0 %1!-64s! %0
0x400007EB%1!d! %1!d!
0x400007ECError: 0x%1!x! Error: 0x%1!x!
0x400007ED%1 is making no outgoing DRS RPC calls at this time. %1 is making no outgoing DRS RPC calls at this time.
0x400007EE%1 has %2!d! outgoing DRS RPC calls in progress: %1 has %2!d! outgoing DRS RPC calls in progress:
0x400007EFCall type: %1 Call type: %1
0x400007F0Target server: %1 Target server: %1
0x400007F1Handle info: bound %1!d! FromCache %2!d! InCache %3!d! Handle info: bound %1!d! FromCache %2!d! InCache %3!d!
0x400007F2Client thread id: %1!d! Client thread id: %1!d!
0x400007F3Time call started: %1!S! Time call started: %1!S!
0x400007F4Call timeout: %1!d! minutes Call timeout: %1!d! minutes
0x400007F5Call duration: %1!d! minutes and %2!d! seconds Call duration: %1!d! minutes and %2!d! seconds
0x400007F6repadmin running command %1 against server %2 repadmin running command %1 against server %2
0x400007F7DSA_LIST[%1!d!] = %2 DSA_LIST[%1!d!] = %2
0x400007F8Error: An LDAP lookup operation failed with the following error:%n LDAP Error %1!d!(0x%1!x!): %2 Server Win32 Error %3!u!(0x%3!x!): %4 Extended Information: %5 Error: An LDAP lookup operation failed with the following error:%n LDAP Error %1!d!(0x%1!x!): %2 Server Win32 Error %3!u!(0x%3!x!): %4 Extended Information: %5
0x400007F9Error: An error occurred: Win32 Error %1!u!(0x%1!x!): %2 Error: An error occurred: Win32 Error %1!u!(0x%1!x!): %2
0x400007FAError: An Win32 Error %1!d!(0x%1!x!) occurred. Error: An Win32 Error %1!d!(0x%1!x!) occurred.
0x400007FBRepadmin couldn't parse the DSA_LIST (%1) provided. Try repadmin /listhelp Repadmin couldn't parse the DSA_LIST (%1) provided. Try repadmin /listhelp
0x400007FCDSA_LIST = { | * | * | site: | gc: | nc: | pnc: | mnc: | fsmo_: } Examples: \"*\" = All DSAs in the enterprise/forest/configuration set. \"part_server_name*\" = would pick \"part_server_name_dc_01\" and \"part_server_name_dc_02\" but not server \"part_server_diff_name\". \"site:east_site1\" = All DSAs in site \"east_site1\". \"gc:\" = All GCs in the enterprise. \"nc:DC=fabrikam,...\" = All DSAs hosting DC=fabrikam,... \"pnc:DC=fabrikam,...\" = All DSAs hosting a partial copy of DC=fabrikam,... \"mnc:DC=fabrikam,...\" = All DSAs hosting a master copy of DC=fabrikam,... \"fsmo_pdc:DC=my-corp-dom,DC=com\" - repadmin runs against the PDC in the NC \"DC=my-corp-dom,DC=com\" \"fsmo_istg:east_site1\" would pick the ISTG for the east_site1 site.Additional option for DSA_LIST: /homeserver:[dns name] The initial DS server that facilitates DSA_LIST expansion is called the homeserver. If the DSA_LIST argument is a resolvable server name (such as a DNS or WINS name) this will be used as the homeserver. If a non-resolvable parameter is used for the DSA_LIST, repadmin will use the locator to find a server to be used as the homeserver. If the locator does not find a server, repadmin will try the local box (port 389). The /homeserver:[dns name] option is available to explicitly control home server selection. This is especially useful when there are more than one forest or configuration set possible. For example, the DSA_LIST command \"fsmo_istg:site1\" would target the locally joined domain's directory, so to target an AD/LDS instance, /homeserver:adldsinstance:50000 could be used to resolve the fsmo_istg to site1 defined in the ADAM configuration set on adldsinstance:50000 instead of the fsmo_istg to site1 defined in the locally joined domain.FSMO_TYPE = dnm | schema | pdc | rid | im | istg NOTE: different types of FSMOs require different base DNs/RDNs. \"fsmo_dnm:\" - is an enterprise wide FSMO, and doesn't take any DN. \"fsmo_schema:\" - is an enterprise wide FSMO, and doesn't take any DN. \"fsmo_pdc:\" - is a domain specific FSMO, and takes the DN of the domain the user wants. \"fsmo_rid:\" - is a domain specific FSMO, and takes the DN of the domain the user wants. \"fsmo_im:\" - is a partition/NC specific FSMO, and takes the DN of the NC the user wants. \"fsmo_istg:\" - is a site specific quasi-FSMO, and takes the RDN of the site.DSA_NAME = { . | | | | } . = Tells repadmin to try to pick one for you. adlds_dns:ldap_port = specifies a specific AD LDS instance. server_dns = specifies a specific server by DNS. dsa_guid = specifies a specific server by its DSA GUID. server_obj_rdn$service_short_name = specifies a specific AD LDS instance by its full server object rdn. server_obj_rdn = specifies a server by its server object rdn (usually the same as its NetBios name) The \"$service_short_name\" is not necessarily needed, but the DSA will only find a server, if the portion of the server_obj_rdn specified in unambiguous. dsa_dn = specifies a server by the DN of its DSA object.OBJ_LIST = { ncobj: | dsaobj: } \"ncobj:\" = means use the DN of NC Head specified in NC_NAME. \"dsaobj:\" = means use the DN of the DSA we're connected to.NC_NAME = { config: | schema: | domain: } \"config:\" = Configuration Directory Partition. \"schema:\" = Schema Directory Partition. \"domain:\" = Domain Directory Partition for the Domain of the DC repadmin is running against.OBJ_LIST OPTIONS = { /onelevel | /subtree} /filter: With these options, the showattr and viewlist commands can be used to cover a list of objects, instead of just a single object.NOTES: o The * in wildcards are evaluated by LDAP. o Some options are not valid in AD LDS such as \"gc:\", \"fsmo_pdc:\", \"fsmo_rid\", \"domain:\", etc DSA_LIST = { | * | * | site: | gc: | nc: | pnc: | mnc: | fsmo_: } Examples: \"*\" = All DSAs in the enterprise/forest/configuration set. \"part_server_name*\" = would pick \"part_server_name_dc_01\" and \"part_server_name_dc_02\" but not server \"part_server_diff_name\". \"site:east_site1\" = All DSAs in site \"east_site1\". \"gc:\" = All GCs in the enterprise. \"nc:DC=fabrikam,...\" = All DSAs hosting DC=fabrikam,... \"pnc:DC=fabrikam,...\" = All DSAs hosting a partial copy of DC=fabrikam,... \"mnc:DC=fabrikam,...\" = All DSAs hosting a master copy of DC=fabrikam,... \"fsmo_pdc:DC=my-corp-dom,DC=com\" - repadmin runs against the PDC in the NC \"DC=my-corp-dom,DC=com\" \"fsmo_istg:east_site1\" would pick the ISTG for the east_site1 site.Additional option for DSA_LIST: /homeserver:[dns name] The initial DS server that facilitates DSA_LIST expansion is called the homeserver. If the DSA_LIST argument is a resolvable server name (such as a DNS or WINS name) this will be used as the homeserver. If a non-resolvable parameter is used for the DSA_LIST, repadmin will use the locator to find a server to be used as the homeserver. If the locator does not find a server, repadmin will try the local box (port 389). The /homeserver:[dns name] option is available to explicitly control home server selection. This is especially useful when there are more than one forest or configuration set possible. For example, the DSA_LIST command \"fsmo_istg:site1\" would target the locally joined domain's directory, so to target an AD/LDS instance, /homeserver:adldsinstance:50000 could be used to resolve the fsmo_istg to site1 defined in the ADAM configuration set on adldsinstance:50000 instead of the fsmo_istg to site1 defined in the locally joined domain.FSMO_TYPE = dnm | schema | pdc | rid | im | istg NOTE: different types of FSMOs require different base DNs/RDNs. \"fsmo_dnm:\" - is an enterprise wide FSMO, and doesn't take any DN. \"fsmo_schema:\" - is an enterprise wide FSMO, and doesn't take any DN. \"fsmo_pdc:\" - is a domain specific FSMO, and takes the DN of the domain the user wants. \"fsmo_rid:\" - is a domain specific FSMO, and takes the DN of the domain the user wants. \"fsmo_im:\" - is a partition/NC specific FSMO, and takes the DN of the NC the user wants. \"fsmo_istg:\" - is a site specific quasi-FSMO, and takes the RDN of the site.DSA_NAME = { . | | | | } . = Tells repadmin to try to pick one for you. adlds_dns:ldap_port = specifies a specific AD LDS instance. server_dns = specifies a specific server by DNS. dsa_guid = specifies a specific server by its DSA GUID. server_obj_rdn$service_short_name = specifies a specific AD LDS instance by its full server object rdn. server_obj_rdn = specifies a server by its server object rdn (usually the same as its NetBios name) The \"$service_short_name\" is not necessarily needed, but the DSA will only find a server, if the portion of the server_obj_rdn specified in unambiguous. dsa_dn = specifies a server by the DN of its DSA object.OBJ_LIST = { ncobj: | dsaobj: } \"ncobj:\" = means use the DN of NC Head specified in NC_NAME. \"dsaobj:\" = means use the DN of the DSA we're connected to.NC_NAME = { config: | schema: | domain: } \"config:\" = Configuration Directory Partition. \"schema:\" = Schema Directory Partition. \"domain:\" = Domain Directory Partition for the Domain of the DC repadmin is running against.OBJ_LIST OPTIONS = { /onelevel | /subtree} /filter: With these options, the showattr and viewlist commands can be used to cover a list of objects, instead of just a single object.NOTES: o The * in wildcards are evaluated by LDAP. o Some options are not valid in AD LDS such as \"gc:\", \"fsmo_pdc:\", \"fsmo_rid\", \"domain:\", etc
0x400007FDRepadmin can't connect to a \"home server\", because of the following error. Try specifying a differenthome server with /homeserver:[dns name] Repadmin can't connect to a \"home server\", because of the following error. Try specifying a differenthome server with /homeserver:[dns name]
0x400007FERepadmin can't locate a \"home server\" or determine our domain because of the following error. Try specifying specific \"home server\" with /homeserver:[dns name] Repadmin can't locate a \"home server\" or determine our domain because of the following error. Try specifying specific \"home server\" with /homeserver:[dns name]
0x400007FFRepadmin experienced the following error trying to resolve the DSA_NAME: %1If you are trying to connect to an AD LDS instance, you must use :If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homeserver option. Repadmin experienced the following error trying to resolve the DSA_NAME: %1If you are trying to connect to an AD LDS instance, you must use :If you are trying to connect to an AD LDS instance with wildcarding support, you must use the /homeserver option.
0x40000800Repadmin experienced the following error trying to resolve the SITE_NAME: %1 Repadmin experienced the following error trying to resolve the SITE_NAME: %1
0x40000801Repadmin experienced the following error trying get to the FSMO you requested in this subtree: %1 Repadmin experienced the following error trying get to the FSMO you requested in this subtree: %1
0x40000802These are the old deprecated commands, that are being phased out, butare still presently supported for backwards compatibility.Usage: repadmin [/u:{domain\\user}] [/pw:{password|*}] [/rpc] [/ldap]Deprecated s & args:These deprecated commands are replaced with these improved commands: /sync - /repl or /replicate /propcheck - /checkprop /getchanges - /showchanges /showreps - /showrepl /showvector - /showutdvec /showmeta - /showobjmetaNote:- , , : Names of the appropriate servers is the Distinguished Name of the root of the NC Example: DC=My-Domain,DC=Microsoft,DC=ComNote: Text (Naming Context names, server names, etc) with International or Unicode characters will only display correctly if appropriate fonts and language support are loaded These are the old deprecated commands, that are being phased out, butare still presently supported for backwards compatibility.Usage: repadmin [/u:{domain\\user}] [/pw:{password|*}] [/rpc] [/ldap]Deprecated s & args:These deprecated commands are replaced with these improved commands: /sync - /repl or /replicate /propcheck - /checkprop /getchanges - /showchanges /showreps - /showrepl /showvector - /showutdvec /showmeta - /showobjmetaNote:- , , : Names of the appropriate servers is the Distinguished Name of the root of the NC Example: DC=My-Domain,DC=Microsoft,DC=ComNote: Text (Naming Context names, server names, etc) with International or Unicode characters will only display correctly if appropriate fonts and language support are loaded
0x40000803This %1 command does not support Comma Separated Values (/csv) output mode. This %1 command does not support Comma Separated Values (/csv) output mode.
0x40000804RepadminParserMessage RepadminParserMessage
0x40000805Destination DSA Site Destination DSA Site
0x40000806Destination DSA Destination DSA
0x40000807Message Message
0x40000808Naming Context Naming Context
0x40000809Source DSA Site Source DSA Site
0x4000080ASource DSA Source DSA
0x4000080BTransport Type Transport Type
0x4000080CNumber of Failures Number of Failures
0x4000080DLast Failure Time Last Failure Time
0x4000080ELast Success Time Last Success Time
0x4000080FLast Failure Status Last Failure Status
0x40000810The /csv mode makes the /showrepl command print in a Comma Separated Values (CSV)%0format for import into Microsoft Excel or programmatic analysis. The output format%0(the order of the columns) is rigid and will not change from release to release.The CSV output is printed to stdout and can be redirected to a file. Criticalerrors will be printed in a CSV friendly format to stdout, and also printed in auser friendly format to the screen via stderr.The repadmin commands supporting /csv output: /showreplThe generic format is: column_1 - test_specifier + printing_type. column_2 - site of the DSA the test is running against. column_3 - DSA the test is running against. column_4+ - columns_4 and beyond are specific to the test. test_specifier = repadmin_ | showrepl_ printing_type = INFO | ERROR | COLUMNSExample 1: \"repadmin /showrepl ad-server-22 /csv\" Output: showrepl_COLUMNS,Destination DSA Site,Destination DSA,Naming Context,Source DSA Site,Source DSA, ... showrepl_INFO,WestCoastSite,ad-server-22,\"DC=myfavoritecorp,DC=com\",EastCoastSite,DC-35,...Example 2: \"repadmin /showrepl down-dsa /csv file.csv\" Output To Screen (note redirect): Repadmin experienced the following error trying to resolve the DSA_NAME: down-dsa file.csv: repadmin_ERROR,-,-,Repadmin experienced the following error trying to resolve the DSA_NAME: down-dsaThis /csv mode works in conjunction with the lists of DSAs as well. See /listhelp for ways inwhich you can specify subsets of servers to target. The /csv mode makes the /showrepl command print in a Comma Separated Values (CSV)%0format for import into Microsoft Excel or programmatic analysis. The output format%0(the order of the columns) is rigid and will not change from release to release.The CSV output is printed to stdout and can be redirected to a file. Criticalerrors will be printed in a CSV friendly format to stdout, and also printed in auser friendly format to the screen via stderr.The repadmin commands supporting /csv output: /showreplThe generic format is: column_1 - test_specifier + printing_type. column_2 - site of the DSA the test is running against. column_3 - DSA the test is running against. column_4+ - columns_4 and beyond are specific to the test. test_specifier = repadmin_ | showrepl_ printing_type = INFO | ERROR | COLUMNSExample 1: \"repadmin /showrepl ad-server-22 /csv\" Output: showrepl_COLUMNS,Destination DSA Site,Destination DSA,Naming Context,Source DSA Site,Source DSA, ... showrepl_INFO,WestCoastSite,ad-server-22,\"DC=myfavoritecorp,DC=com\",EastCoastSite,DC-35,...Example 2: \"repadmin /showrepl down-dsa /csv file.csv\" Output To Screen (note redirect): Repadmin experienced the following error trying to resolve the DSA_NAME: down-dsa file.csv: repadmin_ERROR,-,-,Repadmin experienced the following error trying to resolve the DSA_NAME: down-dsaThis /csv mode works in conjunction with the lists of DSAs as well. See /listhelp for ways inwhich you can specify subsets of servers to target.
0x40000811There is no help in csv mode. Do not use the \"/csv\" option, when listing help.If you want csv mode help, \"repadmin /csvhelp\" will give you help. There is no help in csv mode. Do not use the \"/csv\" option, when listing help.If you want csv mode help, \"repadmin /csvhelp\" will give you help.
0x40000812OBJ_LIST[%1!d!] = %2 OBJ_LIST[%1!d!] = %2
0x40000813DN: %1 DN: %1
0x40000814%1!d!+ %2: %0 %1!d!+ %2: %0
0x40000815(never)%0 (never)%0
0x40000816Replication Summary Start Time: %1!S! Replication Summary Start Time: %1!S!
0x40000817Beginning data collection for replication summary, this may take awhile: ....%0 Beginning data collection for replication summary, this may take awhile: ....%0
0x40000818Destination DSA %1 largest delta fails/total %%%% error Destination DSA %1 largest delta fails/total %%%% error
0x40000819Source DSA %1 largest delta fails/total %%%% error Source DSA %1 largest delta fails/total %%%% error
0x4000081AExperienced the following operational errors trying to retrieve replication information: Experienced the following operational errors trying to retrieve replication information:
0x4000081B%1!11d! - %2 %1!11d! - %2
0x4000081DCan not locate the object for this DN: %1 Can not locate the object for this DN: %1
0x4000081EUser provided a bad syntax for the OBJ_LIST please see repadmin /listhelp. User provided a bad syntax for the OBJ_LIST please see repadmin /listhelp.
0x4000081Fmore values exist...%0 more values exist...%0
0x40000820Removal of partition %1 was preempted by higher priority work. Performing the removal of the partition again. Removal of partition %1 was preempted by higher priority work. Performing the removal of the partition again.
0x40000821As part of the rebuild of %1, a replica link was added to a new source %2. Synchronization with that source was preempted due to higher priority work in another partition. Performing the synchronization again. As part of the rebuild of %1, a replica link was added to a new source %2. Synchronization with that source was preempted due to higher priority work in another partition. Performing the synchronization again.
0x40000822Removal of partition %1 is in progress... Removal of partition %1 is in progress...
0x40000823Full sync of partition %1 is in progress. Please be patient. This step may take many hours on a large partition. You can monitor the progress of the full sync using repadmin /showreps /v in another window. Full sync of partition %1 is in progress. Please be patient. This step may take many hours on a large partition. You can monitor the progress of the full sync using repadmin /showreps /v in another window.
0x40000824/dnslookup Allows the lookup of an IP address. /dnslookup Allows the lookup of an IP address.
0x40000825This command allows an admin to view or modify the password replication policy for RODCs. /prp [ADDITIONAL_ARGS] can be either of view add delete move for view, add, and delete, can be either of rodc_name * for move, is rodc_name [ADDITIONAL_ARGS] depend on view: This operation displays the principals in the specified list or displays the current password replication policy for a specified principal. /prp view {|} is either of auth2 - the list of security principals which have been authenticated by the RODC allow - security principals (or groups of security principals) for which the RODC is explicitly allowed to replicate passwords. deny - the list of security principals (or groups of security principals) for which RODC is explicitly denied permission to replicate passwords. reveal - the list of security principals (users and computers) which have their current password cached by the RODC The allow and deny lists typically contain groups - direct or nested membership of any of the groups implies membership of the relevant \"list\". add: This operation adds the specified principal to the allow list. /prp add allow delete: This operation deletes the specified principal (or all principals) from the auth2/allow list. /prp delete allow {|/all} /prp delete auth2 /all move: This operation moves all the principals from the auth2 list to the specified group. If the group does not exist, it is created. If the group is not in the allow list of the RODC, it is added. /prp move [/noauth2cleanup] [/users_only|/comps_only] /noauth2cleanup - The auth2 list will be cleaned up by default when using the move operation. Use this switch to avoid the cleanup. /users_only - Only user objects will be moved from the auth2 list to the allow list. /comps_only - Only computer objects will be moved from the auth2 list to the allow list. This command allows an admin to view or modify the password replication policy for RODCs. /prp [ADDITIONAL_ARGS] can be either of view add delete move for view, add, and delete, can be either of rodc_name * for move, is rodc_name [ADDITIONAL_ARGS] depend on view: This operation displays the principals in the specified list or displays the current password replication policy for a specified principal. /prp view {|} is either of auth2 - the list of security principals which have been authenticated by the RODC allow - security principals (or groups of security principals) for which the RODC is explicitly allowed to replicate passwords. deny - the list of security principals (or groups of security principals) for which RODC is explicitly denied permission to replicate passwords. reveal - the list of security principals (users and computers) which have their current password cached by the RODC The allow and deny lists typically contain groups - direct or nested membership of any of the groups implies membership of the relevant \"list\". add: This operation adds the specified principal to the allow list. /prp add allow delete: This operation deletes the specified principal (or all principals) from the auth2/allow list. /prp delete allow {|/all} /prp delete auth2 /all move: This operation moves all the principals from the auth2 list to the specified group. If the group does not exist, it is created. If the group is not in the allow list of the RODC, it is added. /prp move [/noauth2cleanup] [/users_only|/comps_only] /noauth2cleanup - The auth2 list will be cleaned up by default when using the move operation. Use this switch to avoid the cleanup. /users_only - Only user objects will be moved from the auth2 list to the allow list. /comps_only - Only computer objects will be moved from the auth2 list to the allow list.
0x40000826RODC \"%1\": RODC \"%1\":
0x40000827Allow list (msDS-RevealOnDemandGroup): Allow list (msDS-RevealOnDemandGroup):
0x40000828Deny list (msDS-NeverRevealGroup): Deny list (msDS-NeverRevealGroup):
0x40000829Auth2 list (msDS-AuthenticatedToAccountlist): Auth2 list (msDS-AuthenticatedToAccountlist):
0x4000082AReveal List (msDS-RevealedList): Reveal List (msDS-RevealedList):
0x4000082BFor RODC \"%1\", all values deleted from the allow list. For RODC \"%1\", all values deleted from the allow list.
0x4000082CFor RODC \"%1\", \"%2\" deleted from the allow list. For RODC \"%1\", \"%2\" deleted from the allow list.
0x4000082DFor RODC \"%1\", either the allow list is empty OR \"%2\" is not present on the allow list. For RODC \"%1\", either the allow list is empty OR \"%2\" is not present on the allow list.
0x4000082EFor RODC \"%1\", all values deleted from the auth2 list. For RODC \"%1\", all values deleted from the auth2 list.
0x4000082FFor RODC \"%1\", \"%2\" added to the allow list. For RODC \"%1\", \"%2\" added to the allow list.
0x40000830For RODC \"%1\", \"%2\" is already present on the allow list. For RODC \"%1\", \"%2\" is already present on the allow list.
0x40000831%1 %1
0x40000832Principal's password can already replicate on to the RODC. Principal's password can already replicate on to the RODC.
0x40000833Principal on the deny list. Won't be added to Allow. Principal on the deny list. Won't be added to Allow.
0x40000834Principal successfully added to allow list. Principal successfully added to allow list.
0x40000835Principal could not be added to the allow list. Add failed with LDAP Error: 0x%1!x! Principal could not be added to the allow list. Add failed with LDAP Error: 0x%1!x!
0x40000836Principal successfully deleted from auth2 list. Principal successfully deleted from auth2 list.
0x40000837Principal could not be deleted from auth2 list. Delete failed with LDAP Error: 0x%1!x! Principal could not be deleted from auth2 list. Delete failed with LDAP Error: 0x%1!x!
0x40000838The list is empty. The list is empty.
0x40000839Displays inbound replication requests that the DC needs to issue to become consistent with its source replication partners. Growth in the number of items in the queue with system up time can be caused by too many concurrent replication partners, high change rates to objects in Active Directory, or insufficient CPU or network bandwidth for the amount of data being replicated. [SYNTAX] /queue [DSA_LIST] [EXAMPLES] The following command targets all DC's in the site HQ and returns the queue of inbound replication requests yet to be processed on each one. repadmin /queue site:HQ Displays inbound replication requests that the DC needs to issue to become consistent with its source replication partners. Growth in the number of items in the queue with system up time can be caused by too many concurrent replication partners, high change rates to objects in Active Directory, or insufficient CPU or network bandwidth for the amount of data being replicated. [SYNTAX] /queue [DSA_LIST] [EXAMPLES] The following command targets all DC's in the site HQ and returns the queue of inbound replication requests yet to be processed on each one. repadmin /queue site:HQ
0x4000083ATriggers the immediate replication of the specified directory partition to the destination domain controller from the source DC. Tests replication success after removing suspected fault conditions without waiting for the replication schedule to open. Source and destination domain controllers can be referenced by single-label hostname, fully qualified hostname or the object GUID assigned to a DC's NTDS Settings object. The DSA Object GUID can be obtained from the header of the command repadmin /showrepl . The repadmin computer, destination DC and source DC must have network connectivity over the ports and protocols used by the relevant connection object. [SYNTAX] /replicate [/force] [/async] [/full] [/addref] [/readonly] /force overrides connections disabled by repadmin /options. /async /full will request the source DC to re-replicate ALL changes for the specified partition. Both the UTD and HWM vectors are reset. Does not remove lingering objects on the destination DC. Do not use when USN Rollbacks are suspected. /addref enables change notification between the source and destination. /readonly is used when the destination DC holds a read-only copy of the partition being replicated [EXAMPLES] The following command will replicate the Contoso NC from source-dc01 to dest-dc01 repadmin /replicate dest-dc01 source-dc01 DC=contoso,DC=com The following command will replicate the Mayberry NC from source-dc01 to dest-dc01 specifying that the NC is readonly on the destination repadmin /replicate dest-dc01 source-dc01 DC=Mayberry,DC=contoso,DC=com /readonly Triggers the immediate replication of the specified directory partition to the destination domain controller from the source DC. Tests replication success after removing suspected fault conditions without waiting for the replication schedule to open. Source and destination domain controllers can be referenced by single-label hostname, fully qualified hostname or the object GUID assigned to a DC's NTDS Settings object. The DSA Object GUID can be obtained from the header of the command repadmin /showrepl . The repadmin computer, destination DC and source DC must have network connectivity over the ports and protocols used by the relevant connection object. [SYNTAX] /replicate [/force] [/async] [/full] [/addref] [/readonly] /force overrides connections disabled by repadmin /options. /async /full will request the source DC to re-replicate ALL changes for the specified partition. Both the UTD and HWM vectors are reset. Does not remove lingering objects on the destination DC. Do not use when USN Rollbacks are suspected. /addref enables change notification between the source and destination. /readonly is used when the destination DC holds a read-only copy of the partition being replicated [EXAMPLES] The following command will replicate the Contoso NC from source-dc01 to dest-dc01 repadmin /replicate dest-dc01 source-dc01 DC=contoso,DC=com The following command will replicate the Mayberry NC from source-dc01 to dest-dc01 specifying that the NC is readonly on the destination repadmin /replicate dest-dc01 source-dc01 DC=Mayberry,DC=contoso,DC=com /readonly
0x4000083BReplicates a single object between any two domain controllers that have common directory partitions. The two domain controllers do not have a replication agreement (inbound connection object). Replication agreements can be shown using the Repadmin /showrepl command. [SYNTAX] /replsingleobj [EXAMPLES] The following command will trigger replication of the object specified from source-dc01 to dest-dc01 repadmin /replsingleobj dest-dc01 source-dc01 cn=VPSales,ou=execs,dc=contoso,dc=com Replicates a single object between any two domain controllers that have common directory partitions. The two domain controllers do not have a replication agreement (inbound connection object). Replication agreements can be shown using the Repadmin /showrepl command. [SYNTAX] /replsingleobj [EXAMPLES] The following command will trigger replication of the object specified from source-dc01 to dest-dc01 repadmin /replsingleobj dest-dc01 source-dc01 cn=VPSales,ou=execs,dc=contoso,dc=com
0x4000083CThe replsummary operation quickly and concisely summarizes the replication state and relative health of a forest. [SYNTAX] /replsummary [DSA_LIST] /bysrc /bydest /errorsonly [/sort:{ delta | partners | failures | error | percent | unresponsive }] delta: sort results list by time since last successful replication for each respective DC partners: sort results list by the # of replication partners for each respective DC failures: sort results list by the # of partner replication failures for each respective DC error: sort results list by the last replication result (ie, error code) for each respective DC percent: sort results list by the partner replication failure percentage (failures/total * 100) for each respective DC unresponsive: group results list into responsive and unresponsive DC. [EXAMPLES] The following command will target all DC's in the forest to retrieve summary replication status from each, listing the output by source then destination and ordering by the largest time difference. repadmin /replsum * /bysrc /bydest /sort:delta The replsummary operation quickly and concisely summarizes the replication state and relative health of a forest. [SYNTAX] /replsummary [DSA_LIST] /bysrc /bydest /errorsonly [/sort:{ delta | partners | failures | error | percent | unresponsive }] delta: sort results list by time since last successful replication for each respective DC partners: sort results list by the # of replication partners for each respective DC failures: sort results list by the # of partner replication failures for each respective DC error: sort results list by the last replication result (ie, error code) for each respective DC percent: sort results list by the partner replication failure percentage (failures/total * 100) for each respective DC unresponsive: group results list into responsive and unresponsive DC. [EXAMPLES] The following command will target all DC's in the forest to retrieve summary replication status from each, listing the output by source then destination and ordering by the largest time difference. repadmin /replsum * /bysrc /bydest /sort:delta
0x4000083DDisplays the attributes of an object. While /showobjmeta displays the number of times the attributes on an object have changed and which DC made those changes, the /showattr command shows the actual values for an object Objects can be referenced by their DN path or by object guid SHOWATTR can also display the values for objects returned by a command line LDAP query. By default, showattr queries writable directory partitions using LDAP port 389 can optionally query the read-only partitions of global catalogs using LDAP port 3268 [SYNTAX] /showattr [OBJ_LIST OPTIONS] [/atts:,...] [/allvalues] [/long] [/dumpallblob] std text Enter the single label, fully qualified, object GUID or DCLIST parameters. See /VIEWLIST for more info. [OBJ_LIST OPTIONS] - the DN path or object GUID of the object whose attributes should be enumerated. When performing a command line LDAP query, this form the base DN path for the search. Wrap DN paths containing spaces (\" \") in quotes. /atts: Return values for specified attributes only. Values for multiple attributes can be displayed when separated by a \",\" /allvalues displays all attribute values. By default only 20 attribute values are displayed for an attribute unless /long - displays one line per attribute value /dumpallblob Similar to /all values but for binary attribute values. [EXAMPLES] Query a specific DC and show all attributes for an object using its DN path. repadmin /showattr hq-dc-01 \"cn=enterprise administrators,cn=users,dc=contoso,dc=com\" Query a specific DC and show all attributes for an object using its object guid repadmin /showattr hq-dc-01 \"\" query all DC's whose computer names start with HQ-DC and show the value for a specific attribute, msDS-Behavior-Version, which denotes the domain functional level. Repadmin /showattr hq-dc* \"DC=contoso,DC=com\" /atts:msDS-Behavior-Version query a single domain controller and return two attributes, OS version and service pack revision, for all domain controllers in the domain (primary group ID = 516). repadmin /showattr hq-dc-01 ncobj:domain: /filter:\"(&(objectCategory=computer)(primaryGroupID=516))\" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack Query the read-only partition (\"/gc\") of all global catalogs (\"gc:\") in the forest to see if they contain a copy of a specific object referenced by its object guid. Useful to determine which DC's have replicated an important change or contain a lingering object. repadmin /showattr gc: \"\" /gc Displays the attributes of an object. While /showobjmeta displays the number of times the attributes on an object have changed and which DC made those changes, the /showattr command shows the actual values for an object Objects can be referenced by their DN path or by object guid SHOWATTR can also display the values for objects returned by a command line LDAP query. By default, showattr queries writable directory partitions using LDAP port 389 can optionally query the read-only partitions of global catalogs using LDAP port 3268 [SYNTAX] /showattr [OBJ_LIST OPTIONS] [/atts:,...] [/allvalues] [/long] [/dumpallblob] std text Enter the single label, fully qualified, object GUID or DCLIST parameters. See /VIEWLIST for more info. [OBJ_LIST OPTIONS] - the DN path or object GUID of the object whose attributes should be enumerated. When performing a command line LDAP query, this form the base DN path for the search. Wrap DN paths containing spaces (\" \") in quotes. /atts: Return values for specified attributes only. Values for multiple attributes can be displayed when separated by a \",\" /allvalues displays all attribute values. By default only 20 attribute values are displayed for an attribute unless /long - displays one line per attribute value /dumpallblob Similar to /all values but for binary attribute values. [EXAMPLES] Query a specific DC and show all attributes for an object using its DN path. repadmin /showattr hq-dc-01 \"cn=enterprise administrators,cn=users,dc=contoso,dc=com\" Query a specific DC and show all attributes for an object using its object guid repadmin /showattr hq-dc-01 \"\" query all DC's whose computer names start with HQ-DC and show the value for a specific attribute, msDS-Behavior-Version, which denotes the domain functional level. Repadmin /showattr hq-dc* \"DC=contoso,DC=com\" /atts:msDS-Behavior-Version query a single domain controller and return two attributes, OS version and service pack revision, for all domain controllers in the domain (primary group ID = 516). repadmin /showattr hq-dc-01 ncobj:domain: /filter:\"(&(objectCategory=computer)(primaryGroupID=516))\" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack Query the read-only partition (\"/gc\") of all global catalogs (\"gc:\") in the forest to see if they contain a copy of a specific object referenced by its object guid. Useful to determine which DC's have replicated an important change or contain a lingering object. repadmin /showattr gc: \"\" /gc
0x4000083EDisplays the replication metadata for a specified object stored in Active Directory, such as attribute ID, version number, originating and local Update Sequence Number (USN), and originating server's GUID and Date and Time stamp. By comparing the replication metadata for the same object on different domain controllers, an administrator can determine whether replication has taken place or which DC added, modified or deleted an attribute or object. Objects may be referenced by their DN path, ObjectGUID or SID. DN paths with spaces need to be wrapped in quotes. [SYNTAX] /showobjmeta [DSA_LIST] [/nocache] [/linked] \t /linked will display the metadata for attributes like \"member\" on \t security groups when 2003 FFL is enabled.\t [EXAMPLES]\t The following command targets all dc's which have a name prefixed with the string \"dst\" and requests the replication metadata for an object by specifying the DN. Note the quotes around the DN path containing spaces. repadmin /showobjmeta dst* \"CN=Joe Smith,OU=UserAccounts,DC=contoso,DC=com\" The following command targets all dc's which have a name prefixed with the string \"dst\" (dst-01,dst-02...)and requests the replication metadata for an object by specifying the DN. repadmin /showobjmeta dst* CN=Finance,OU=UserGroups,DC=contoso,DC=com /linked The following command targets a specific dc and requests the replication metadata for an object by specifying the objectGuid. repadmin /showobjmeta destdc01 \"\" The following command targets a specific dc requests the replication metadata for an object by specifying the objectSid. repadmin /showobjmeta destdc01 \"\" Displays the replication metadata for a specified object stored in Active Directory, such as attribute ID, version number, originating and local Update Sequence Number (USN), and originating server's GUID and Date and Time stamp. By comparing the replication metadata for the same object on different domain controllers, an administrator can determine whether replication has taken place or which DC added, modified or deleted an attribute or object. Objects may be referenced by their DN path, ObjectGUID or SID. DN paths with spaces need to be wrapped in quotes. [SYNTAX] /showobjmeta [DSA_LIST] [/nocache] [/linked] \t /linked will display the metadata for attributes like \"member\" on \t security groups when 2003 FFL is enabled.\t [EXAMPLES]\t The following command targets all dc's which have a name prefixed with the string \"dst\" and requests the replication metadata for an object by specifying the DN. Note the quotes around the DN path containing spaces. repadmin /showobjmeta dst* \"CN=Joe Smith,OU=UserAccounts,DC=contoso,DC=com\" The following command targets all dc's which have a name prefixed with the string \"dst\" (dst-01,dst-02...)and requests the replication metadata for an object by specifying the DN. repadmin /showobjmeta dst* CN=Finance,OU=UserGroups,DC=contoso,DC=com /linked The following command targets a specific dc and requests the replication metadata for an object by specifying the objectGuid. repadmin /showobjmeta destdc01 \"\" The following command targets a specific dc requests the replication metadata for an object by specifying the objectSid. repadmin /showobjmeta destdc01 \"\"
0x4000083FDisplays the replication status when specified domain controller last attempted to inbound replicate Active Directory partitions. Status is reported for each source DC that the destination has an inbound connection object from, grouped by partition. SHOWREPL helps administrators understand the replication topology and replication failures. The REPADMIN console must have RPC network connectivity to all DC's targeted by the DCLIST parameter. Replication errors may be caused by the source DC, destination DC, DNS or the underlying network. The Windows Server 2003 and 2008 version of REPADMIN /SHOWREPL do not display outbound intra-site replication partners as previous version did. Use the /repsto parameter to display outbound partners. [SYNTAX] /showrepl [DSA_LIST [Source DSA object GUID]] [Naming Context] [/verbose] [/nocache] [/repsto] [/conn] [/all] [/errorsonly] [/intersite] [/csv] [naming context] DN path of directory partition for which replication status should be reported. By default, replication status is reported on all partitions held by the destination DC. /verbose displays additional information about the source partners that the destination DC inbound replicates from, including fully qualified cname, invocation id, replication flags, USN OU and USN PU values. /nocache - disbles translation of DC guid to friendly name. /repsto lists partner DC(s) that the targeted DC(s) outbound replicates to using change notification (i.e. DC's in the same Active Directory site and DC's in remote sites where change notification has been enabled) This list is appended under \"OUTBOUND NEIGHBOURS FOR CHANGE NOTIFICATIONS\" of the repadmin output. /conn appends a \"KCC CONNECTION OBJECTS\" section to repadmin output listing all connections and why they were created /all - is equivalent to the /repsto and /conn options /errorsonly - displays replication status only for source domain controllers that the destination DC is encountering replication errors. /intersite displays the replication status for connections from out-of-site DC's that the DCLIST DC inbound replicates from /csv formats the replication status in comma-separated value format where it can be viewed in spreadsheets like Microsoft Excel or parsed by reporting tools. [EXAMPLES] Reports the inbound replication status for all DC's in the forest output in CSV format repadmin /showrepl * /csv Reports the inbound replication status for all DC's in the forest experiencing a replication error. repadmin /showrepl * /errorsonly Reports the inbound replication status for all DC's in the \"HQ\" Active Directory site that inbound replicate a read-only or writable copy of the MAYBERRY.CONTOSO.COM domain partition. repadmin /showrepl site:HQ DC=Mayberry,DC=Contoso,dc=Com Displays the replication status when specified domain controller last attempted to inbound replicate Active Directory partitions. Status is reported for each source DC that the destination has an inbound connection object from, grouped by partition. SHOWREPL helps administrators understand the replication topology and replication failures. The REPADMIN console must have RPC network connectivity to all DC's targeted by the DCLIST parameter. Replication errors may be caused by the source DC, destination DC, DNS or the underlying network. The Windows Server 2003 and 2008 version of REPADMIN /SHOWREPL do not display outbound intra-site replication partners as previous version did. Use the /repsto parameter to display outbound partners. [SYNTAX] /showrepl [DSA_LIST [Source DSA object GUID]] [Naming Context] [/verbose] [/nocache] [/repsto] [/conn] [/all] [/errorsonly] [/intersite] [/csv] [naming context] DN path of directory partition for which replication status should be reported. By default, replication status is reported on all partitions held by the destination DC. /verbose displays additional information about the source partners that the destination DC inbound replicates from, including fully qualified cname, invocation id, replication flags, USN OU and USN PU values. /nocache - disbles translation of DC guid to friendly name. /repsto lists partner DC(s) that the targeted DC(s) outbound replicates to using change notification (i.e. DC's in the same Active Directory site and DC's in remote sites where change notification has been enabled) This list is appended under \"OUTBOUND NEIGHBOURS FOR CHANGE NOTIFICATIONS\" of the repadmin output. /conn appends a \"KCC CONNECTION OBJECTS\" section to repadmin output listing all connections and why they were created /all - is equivalent to the /repsto and /conn options /errorsonly - displays replication status only for source domain controllers that the destination DC is encountering replication errors. /intersite displays the replication status for connections from out-of-site DC's that the DCLIST DC inbound replicates from /csv formats the replication status in comma-separated value format where it can be viewed in spreadsheets like Microsoft Excel or parsed by reporting tools. [EXAMPLES] Reports the inbound replication status for all DC's in the forest output in CSV format repadmin /showrepl * /csv Reports the inbound replication status for all DC's in the forest experiencing a replication error. repadmin /showrepl * /errorsonly Reports the inbound replication status for all DC's in the \"HQ\" Active Directory site that inbound replicate a read-only or writable copy of the MAYBERRY.CONTOSO.COM domain partition. repadmin /showrepl site:HQ DC=Mayberry,DC=Contoso,dc=Com
0x40000840Displays the highest committed Update Sequence Number (USN) that the targeted DC's copy of Active Directory shows as committed for itself and its transitive partners. The up-to-dateness vector (UTDVEC) shows the highest USN that the destination DC has seen via replication in the form of changes it has received from its direct and transitive replication partners for the selected partition. Destination DC's request changes starting with the last received USNchanged from a given source. All USN numbers for a given source DC appear in the context of the local USN for that source not the USN numbers on the destination DC. The UTDvec for a local machine shows the highest committed USN that the DC's has inbound replicated or originated. /SHOWUTDVEC output lists current and historical replication partners, including transitive replication partners. By comparing the USN values from /SHOWUTDVEC on a source and destination domain controller, you can determine how up-to-date a destination DC is with it source partners. USN Rollbacks may also be detected if /SHOWUTDVEC is run when the destination DC has a higher committed USN than the source DC Obtain /SHOWUTDEV from destination DC's immediately followed by source DC's for best results and to avoid false USN Rollbacks. [SYNTAX] /showutdvec [/nocache] [/latency] Enter the DN path of the desired directory partition. /nocache Disables translation of DC GUID to friendly name. /latency - orders the entries in the UTDVEC from least current to most current. [EXAMPLES] repadmin /showutdvec dc=contoso,dc=com repadmin /showudvec dc=mayberry,dc=contoso,dc=com /latency Displays the highest committed Update Sequence Number (USN) that the targeted DC's copy of Active Directory shows as committed for itself and its transitive partners. The up-to-dateness vector (UTDVEC) shows the highest USN that the destination DC has seen via replication in the form of changes it has received from its direct and transitive replication partners for the selected partition. Destination DC's request changes starting with the last received USNchanged from a given source. All USN numbers for a given source DC appear in the context of the local USN for that source not the USN numbers on the destination DC. The UTDvec for a local machine shows the highest committed USN that the DC's has inbound replicated or originated. /SHOWUTDVEC output lists current and historical replication partners, including transitive replication partners. By comparing the USN values from /SHOWUTDVEC on a source and destination domain controller, you can determine how up-to-date a destination DC is with it source partners. USN Rollbacks may also be detected if /SHOWUTDVEC is run when the destination DC has a higher committed USN than the source DC Obtain /SHOWUTDEV from destination DC's immediately followed by source DC's for best results and to avoid false USN Rollbacks. [SYNTAX] /showutdvec [/nocache] [/latency] Enter the DN path of the desired directory partition. /nocache Disables translation of DC GUID to friendly name. /latency - orders the entries in the UTDVEC from least current to most current. [EXAMPLES] repadmin /showutdvec dc=contoso,dc=com repadmin /showudvec dc=mayberry,dc=contoso,dc=com /latency
0x40000841Synchronizes a specified domain controller with all replication partners. By default, if no directory partition is provided in the namingcontext parameter, the command performs its operations on the configuration directory partition. [SYNTAX] /syncall [] [] The following flags are supported /a\tAbort if any server is unavailable.\t /A\tSync all naming contexts which are held on the home server.\t /d\tIdentify servers by distinguished name in messages.\t /e\tEnterprise, cross sites.\t /h\tPrint this help screen.\t /i\tIterate indefinitely.\t /I\tPerform showreps on each server pair in path instead of syncing.\t /j\tSynchronize adjacent servers only.\t /p\tPause for possible user abort after every message.\t /P\tPush changes outward from home server.\t /q\tRun in quiet mode, suppress call back messages.\t /Q\tRun in very quiet mode, report fatal errors only.\t /s\tDo not synchronize.\t /S\tSkip initial server response check.\t By default /syncall does not cross site boundaries [EXAMPLES] Synchronizes the target dc will all its partners including ones cross-site, displaying the partners by DN rather than GUID and aborting the command if any one partner is not available. repadmin /syncall dst-dc01 dc=contoso,dc=com /d /e /a Synchronizes a specified domain controller with all replication partners. By default, if no directory partition is provided in the namingcontext parameter, the command performs its operations on the configuration directory partition. [SYNTAX] /syncall [] [] The following flags are supported /a\tAbort if any server is unavailable.\t /A\tSync all naming contexts which are held on the home server.\t /d\tIdentify servers by distinguished name in messages.\t /e\tEnterprise, cross sites.\t /h\tPrint this help screen.\t /i\tIterate indefinitely.\t /I\tPerform showreps on each server pair in path instead of syncing.\t /j\tSynchronize adjacent servers only.\t /p\tPause for possible user abort after every message.\t /P\tPush changes outward from home server.\t /q\tRun in quiet mode, suppress call back messages.\t /Q\tRun in very quiet mode, report fatal errors only.\t /s\tDo not synchronize.\t /S\tSkip initial server response check.\t By default /syncall does not cross site boundaries [EXAMPLES] Synchronizes the target dc will all its partners including ones cross-site, displaying the partners by DN rather than GUID and aborting the command if any one partner is not available. repadmin /syncall dst-dc01 dc=contoso,dc=com /d /e /a
0x40000842Triggers replication of passwords for the specified user(s) from the source (Hub DC) to one or more Read Only DC's. For each destination RODC the cacheability of the user(s) passwords on that DC will be evaluated before the request succeeds. If cacheability of a given users password is not permitted for a particular RODC the request for that specific user / destination RODC combination will fail. [SYNTAX] /rodcpwdrepl [DSA_LIST] [ ...] [EXAMPLES] The following command triggers replication of the passwords for the user specified from source-dc01 to DC with the name prefix dest-rodc. repadmin /rodcpwdrepl dest-rodc* source-dc01 cn=JaneOh,ou=execs,dc=contoso,dc=com Triggers replication of passwords for the specified user(s) from the source (Hub DC) to one or more Read Only DC's. For each destination RODC the cacheability of the user(s) passwords on that DC will be evaluated before the request succeeds. If cacheability of a given users password is not permitted for a particular RODC the request for that specific user / destination RODC combination will fail. [SYNTAX] /rodcpwdrepl [DSA_LIST] [ ...] [EXAMPLES] The following command triggers replication of the passwords for the user specified from source-dc01 to DC with the name prefix dest-rodc. repadmin /rodcpwdrepl dest-rodc* source-dc01 cn=JaneOh,ou=execs,dc=contoso,dc=com
0x40000843This is an alias for /replicate. This is an alias for /replicate.
0x40000844This is an alias for /ReplSummary. This is an alias for /ReplSummary.
0x40000845This is an alias for /ShowAttr. This is an alias for /ShowAttr.
0x40000846Displays a list of commands for use by advanced users only. Displays a list of commands for use by advanced users only.
0x40000847REPADMIN_IDS_ALIAS_CMD_DETAIL REPADMIN_IDS_ALIAS_CMD_DETAIL
0x40000848/removelingeringobjects Removes lingering objects - an object stored in Active Dircetory that has seen, deleted and garbage collected by a reference DC but continues to incorrectly exist on direct or transitive replication partners DC's that have not inbound replicated knowledge of the objects deletion within tombstone lifetime number of days. /removelingeringobjects Removes lingering objects - an object stored in Active Dircetory that has seen, deleted and garbage collected by a reference DC but continues to incorrectly exist on direct or transitive replication partners DC's that have not inbound replicated knowledge of the objects deletion within tombstone lifetime number of days.
0x40000849/add The add command will create a RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller. /add The add command will create a RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller.
0x4000084A/mod The mod command will modify the RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller. /mod The mod command will modify the RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller.
0x4000084B/delete The delete command will remove a RepsFrom attribute on the destination domain controller for the specified naming context. /delete The delete command will remove a RepsFrom attribute on the destination domain controller for the specified naming context.
0x4000084C/addrepsto This will create Reps-To attribute on the domain controller for the specified naming context. Ordinarily there is no requirement to perform this command as the KCC will automatically create the RepsTo attributes on destination DSA's from other DSA's Reps-From entries. /addrepsto This will create Reps-To attribute on the domain controller for the specified naming context. Ordinarily there is no requirement to perform this command as the KCC will automatically create the RepsTo attributes on destination DSA's from other DSA's Reps-From entries.
0x4000084D/updrepsto This will update the Reps-To attribute on the domain controller for the specified naming context. More specifically it updates the network address used by the source DSA to contact the destination DSA. /updrepsto This will update the Reps-To attribute on the domain controller for the specified naming context. More specifically it updates the network address used by the source DSA to contact the destination DSA.
0x4000084E/testhook Internal use only /testhook Internal use only
0x4000084F/siteoptions used to modify the options attribute of an NTDS Site Settings Object. /siteoptions used to modify the options attribute of an NTDS Site Settings Object.
0x40000850/delrepsto Delrepsto deletes the Reps-To attribute on the domain controller for the specified naming context. /delrepsto Delrepsto deletes the Reps-To attribute on the domain controller for the specified naming context.
0x40000851/options Modifies the ntdssettings object of the domain controller targeted by the \"[DC]\"parameter. /options Modifies the ntdssettings object of the domain controller targeted by the \"[DC]\"parameter.
0x40000852/rehost Instructs a global catalog to drop its copy of a read-only domain partition, then perform a full sync of that partition from a domain controller that contains a writable copy of that partition. /rehost Instructs a global catalog to drop its copy of a read-only domain partition, then perform a full sync of that partition from a domain controller that contains a writable copy of that partition.
0x40000853/unhost Remove a specific read-only partition from a GC /unhost Remove a specific read-only partition from a GC
0x40000854/removesources Removes all replication links for a given naming context. /removesources Removes all replication links for a given naming context.
0x40000855/rebuildgc Rehosts all the GC partitions. /rebuildgc Rehosts all the GC partitions.
0x40000856/bind Connects to and displays the replication features for a domain controller. /bind Connects to and displays the replication features for a domain controller.
0x40000857/bridgeheads Lists the domain controllers acting as bridgehead servers for a specified site. /bridgeheads Lists the domain controllers acting as bridgehead servers for a specified site.
0x40000858/checkprop Compares the properties of specified domain controllers to determine if they are up to date with each other. /checkprop Compares the properties of specified domain controllers to determine if they are up to date with each other.
0x40000859/dsaguid Returns a server name when given a GUID. /dsaguid Returns a server name when given a GUID.
0x4000085A/istg Returns the computer name of the Intersite Topology Generator (ISTG) server for a specified site. /istg Returns the computer name of the Intersite Topology Generator (ISTG) server for a specified site.
0x4000085B/latency Displays the amount of time between replications, using the ISTG Keep Alive time stamp. /latency Displays the amount of time between replications, using the ISTG Keep Alive time stamp.
0x4000085C/showscp dumps service connection points on a GC. /showscp dumps service connection points on a GC.
0x4000085D/replauthmode Modifies or displays the replication authentication mode in use by an ADAM configuration set. /replauthmode Modifies or displays the replication authentication mode in use by an ADAM configuration set.
0x4000085E/setattr Sets / modifies the value of an attribute. /setattr Sets / modifies the value of an attribute.
0x4000085F/notifyopt used to view / change the notification timing settings of a specified directory partition. /notifyopt used to view / change the notification timing settings of a specified directory partition.
0x40000860/querysites Uses routing information to determine the cost of a route from a specified site to another specified site or sites. /querysites Uses routing information to determine the cost of a route from a specified site to another specified site or sites.
0x40000861/regkey Enables and disables the values for two registry keys located under HKLM\\system\\ccs\\services\
tds\\parameters : \"Strict Replication Consistency\" \"Allow Replication With Divergent and Corrupt Partner\"
/regkey Enables and disables the values for two registry keys located under HKLM\\system\\ccs\\services\
tds\\parameters : \"Strict Replication Consistency\" \"Allow Replication With Divergent and Corrupt Partner\"
0x40000862/showbackup Displays the date, time and domain controller that last backed up each writable directory partition in the forest by reading the DSASignature attribute on the root of the NC head of each directory partition. /showbackup Displays the date, time and domain controller that last backed up each writable directory partition in the forest by reading the DSASignature attribute on the root of the NC head of each directory partition.
0x40000863/showcert Displays the certificates (used with Simple Mail Transfer Protocol (SMTP)-based replication) that are loaded on a specified domain controller. /showcert Displays the certificates (used with Simple Mail Transfer Protocol (SMTP)-based replication) that are loaded on a specified domain controller.
0x40000864/showchanges Can be used to determine which changes have not yet been replicated between two replication partners or track statistics for changes which have replicated between them. /showchanges Can be used to determine which changes have not yet been replicated between two replication partners or track statistics for changes which have replicated between them.
0x40000865/showism displays inter-site messaging routes calculated by the Inter-site Messaging Service. /showism displays inter-site messaging routes calculated by the Inter-site Messaging Service.
0x40000866/showmsg Displays the error message string for a given error number or the event text for a given Directory Services Event. /showmsg Displays the error message string for a given error number or the event text for a given Directory Services Event.
0x40000867/showncsig This command displays a list of the removed application partition GUIDs. /showncsig This command displays a list of the removed application partition GUIDs.
0x40000868/showoutcalls A list of the entries in the DS Bind cache. /showoutcalls A list of the entries in the DS Bind cache.
0x40000869/showproxy Lists cross-domain move proxy objects. When an object is moved from one domain to another, a marker remains in the original domain. This marker is called a proxy. /showproxy Lists cross-domain move proxy objects. When an object is moved from one domain to another, a marker remains in the original domain. This marker is called a proxy.
0x4000086A/showtime Converts a directory service time value to string format for both the local and the Universal Time, Coordinated (UTC) time zones. /showtime Converts a directory service time value to string format for both the local and the Universal Time, Coordinated (UTC) time zones.
0x4000086B/showtrust Lists all Active Directory domains that are trusted by a specified Active Directory domain. /showtrust Lists all Active Directory domains that are trusted by a specified Active Directory domain.
0x4000086C/showvalue Displays the values of the type, last modified time, originating domain controller, and distinguished name of a specified object. /showvalue Displays the values of the type, last modified time, originating domain controller, and distinguished name of a specified object.
0x4000086D/viewlist Displays a list of domain controllers. /viewlist Displays a list of domain controllers.
0x4000086E/writespn Used to add a new SPN or to delete or modify an existing SPN. /writespn Used to add a new SPN or to delete or modify an existing SPN.
0x4000086FREPADMIN_IDS_CMD__DESCRIPTION REPADMIN_IDS_CMD__DESCRIPTION
0x40000870/failcache Displays a list of replication failures that (KCC) is aware of. /failcache Displays a list of replication failures that (KCC) is aware of.
0x40000871/showconn Displays the connection objects for a specified domain controller. The default is local site /showconn Displays the connection objects for a specified domain controller. The default is local site
0x40000872/showctx Displays a list of computers that have opened sessions with a specified domain controller. /showctx Displays a list of computers that have opened sessions with a specified domain controller.
0x40000873/showsig Displays the retired invocation IDs on a domain controller. A domain controller changes its invocation ID when it is restored or when it rehosts an application partition. /showsig Displays the retired invocation IDs on a domain controller. A domain controller changes its invocation ID when it is restored or when it rehosts an application partition.
0x40000874/sync [TODO] /sync [TODO]
0x40000875/propcheck [TODO] /propcheck [TODO]
0x40000876/getchanges [TODO] /getchanges [TODO]
0x40000877/showreps [TODO] /showreps [TODO]
0x40000878/showvector [TODO] /showvector [TODO]
0x40000879/showmeta [TODO] /showmeta [TODO]
0x4000087ARemoves lingering objects - an object stored in Active Directory that has seen, deleted and garbage collected by a reference DC but continues to incorrectly exist on direct or transitive replication partners DC's that have not inbound replicated knowledge of the objects deletion within tombstone lifetime number of days. The PC running repadmin may have Windows Vista or Windows Server 2008 installed, and must have network connectivity to all domain controllers targeted by the parameter. The reference DC must host a writeable copy of the directory partition targeted for lingering object removal and have network connectivity to all domain controllers targeted by the parameter. DC's targeted by the parameter may host read-only or writeable copies of directory partition targeted for lingering object removal. DC's and Global catalogs targeted by continue to advertise and service ldap request during lingering object removal. The reference DC and domain controllers targeted by the parameter may have Windows Server 2003, Windows Server 2003 R2 or Windows Server 2008 installed. There are no domain or forest functional requirements for this command. ADVISORY_MODE is a test mode that logs NTDS Replication events 1938, 1946 and 1942 in the targeted domain controllers' directory service event log identifying the lingering objects that should be removed but does not actually remove them. Lingering objects are removed when \"repadmin /removelingeringobjects\" is run without the /advisory_mode switch. NTDS Replication events 1937, 1945 and 1939 logged on the target DC's directory services event log identify the start, conclusion and set of objects removed from a directory partition. You should conceptually think of DC's in the as the \"bad\" DC's that you want to test or remove lingering objects from and as the \"reference\" DC. Microsoft recommends enabling strict replication consistency before removing lingering objects. [SYNTAX] /removelingeringobjects [/ADVISORY_MODE] [EXAMPLES] The following command would check the Europe NC on all DC's in the site HQ for lingering objects using the DC specified by its ObjectGUID 667f7037-8198-4357-8f15-8f709f04b6e2 as reference. The /ADVISORY_MODE will cause events to be written to the Directory Service Event Log for each of the target DC's indicating how many lingering objects were found. /removelingeringobjects site:HQ 667f7037-8198-4357-8f15-8f709f04b6e2 DC=europe,DC=contoso,DC=com /ADVISORY_MODE The following command would check and remove lingering objects from the Europe NC on DC dubdc03 using the DC specified by ObjectGUID 667f7037-8198-4357-8f15-8f709f04b6e2. /removelingeringobjects dubdc03.contoso.com 667f7037-8198-4357-8f15-8f709f04b6e2 DC=europe,DC=contoso,DC=com Removes lingering objects - an object stored in Active Directory that has seen, deleted and garbage collected by a reference DC but continues to incorrectly exist on direct or transitive replication partners DC's that have not inbound replicated knowledge of the objects deletion within tombstone lifetime number of days. The PC running repadmin may have Windows Vista or Windows Server 2008 installed, and must have network connectivity to all domain controllers targeted by the parameter. The reference DC must host a writeable copy of the directory partition targeted for lingering object removal and have network connectivity to all domain controllers targeted by the parameter. DC's targeted by the parameter may host read-only or writeable copies of directory partition targeted for lingering object removal. DC's and Global catalogs targeted by continue to advertise and service ldap request during lingering object removal. The reference DC and domain controllers targeted by the parameter may have Windows Server 2003, Windows Server 2003 R2 or Windows Server 2008 installed. There are no domain or forest functional requirements for this command. ADVISORY_MODE is a test mode that logs NTDS Replication events 1938, 1946 and 1942 in the targeted domain controllers' directory service event log identifying the lingering objects that should be removed but does not actually remove them. Lingering objects are removed when \"repadmin /removelingeringobjects\" is run without the /advisory_mode switch. NTDS Replication events 1937, 1945 and 1939 logged on the target DC's directory services event log identify the start, conclusion and set of objects removed from a directory partition. You should conceptually think of DC's in the as the \"bad\" DC's that you want to test or remove lingering objects from and as the \"reference\" DC. Microsoft recommends enabling strict replication consistency before removing lingering objects. [SYNTAX] /removelingeringobjects [/ADVISORY_MODE] [EXAMPLES] The following command would check the Europe NC on all DC's in the site HQ for lingering objects using the DC specified by its ObjectGUID 667f7037-8198-4357-8f15-8f709f04b6e2 as reference. The /ADVISORY_MODE will cause events to be written to the Directory Service Event Log for each of the target DC's indicating how many lingering objects were found. /removelingeringobjects site:HQ 667f7037-8198-4357-8f15-8f709f04b6e2 DC=europe,DC=contoso,DC=com /ADVISORY_MODE The following command would check and remove lingering objects from the Europe NC on DC dubdc03 using the DC specified by ObjectGUID 667f7037-8198-4357-8f15-8f709f04b6e2. /removelingeringobjects dubdc03.contoso.com 667f7037-8198-4357-8f15-8f709f04b6e2 DC=europe,DC=contoso,DC=com
0x4000087BThe add command will create a RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller. When creating temporary replication links between replication partners, the process could fail if the KCC starts while you are performing the procedure. The KCC will delete any replication links for which no corresponding connection object exists. Since these commands can take a very long time to complete as they trigger the replication of the corresponding naming context, it is important to ensure that KCC do not disturb the process. This is where you would use +DISABLE_NTDSCONN_XLATE which effectively disables KCC's capability to translate connection objects to replication links. [SYNTAX] /add [/asyncrep] [/syncdisable] [/dsadn:] [/transportdn:] [/mail] [/async] [/readonly] [/selsecrets] /asyncrep\tQueue the replication event, but do no wait for the replication to complete before returning control to the user.\t /syncdisable add the RepsFrom attribute but do not participate in the replication cycle. To perform replication between the destination and source domain controllers, repadmin /sync /force must be used.\t /dsadn: /transportdn the distinguished name of the Inter Site Message transport, only used for mail based replication\t /mail specify that the replication is mail based, therefore requires the /transportdn option /async\tQueue the add/delete operation without interrupting the current replication cycle and return control to the user.\t /readonly\tSpecify that the partition is readonly. /selsecrets Used to specify that the destination DC is a Read-Only DC. The source DSA must be specified by fully qualified computername. [EXAMPLES] The following command would create a temporary replication connection for a read-only NC on a GC from another DC. The source DC must be specified by fully qualified DNS name. repadmin /add DC=maybery,DC=contoso,DC=com childdc01 hubdc03.contoso.com /readonly The following command would create a temporary replication connection for the configuration NC on a Read Only DC from a full DC. The source DC must be specified by fully qualified DNS name. repadmin /add cn=configuration,DC=contoso,DC=com rodc01 hubdc03.contoso.com /readonly /selsecrets The add command will create a RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller. When creating temporary replication links between replication partners, the process could fail if the KCC starts while you are performing the procedure. The KCC will delete any replication links for which no corresponding connection object exists. Since these commands can take a very long time to complete as they trigger the replication of the corresponding naming context, it is important to ensure that KCC do not disturb the process. This is where you would use +DISABLE_NTDSCONN_XLATE which effectively disables KCC's capability to translate connection objects to replication links. [SYNTAX] /add [/asyncrep] [/syncdisable] [/dsadn:] [/transportdn:] [/mail] [/async] [/readonly] [/selsecrets] /asyncrep\tQueue the replication event, but do no wait for the replication to complete before returning control to the user.\t /syncdisable add the RepsFrom attribute but do not participate in the replication cycle. To perform replication between the destination and source domain controllers, repadmin /sync /force must be used.\t /dsadn: /transportdn the distinguished name of the Inter Site Message transport, only used for mail based replication\t /mail specify that the replication is mail based, therefore requires the /transportdn option /async\tQueue the add/delete operation without interrupting the current replication cycle and return control to the user.\t /readonly\tSpecify that the partition is readonly. /selsecrets Used to specify that the destination DC is a Read-Only DC. The source DSA must be specified by fully qualified computername. [EXAMPLES] The following command would create a temporary replication connection for a read-only NC on a GC from another DC. The source DC must be specified by fully qualified DNS name. repadmin /add DC=maybery,DC=contoso,DC=com childdc01 hubdc03.contoso.com /readonly The following command would create a temporary replication connection for the configuration NC on a Read Only DC from a full DC. The source DC must be specified by fully qualified DNS name. repadmin /add cn=configuration,DC=contoso,DC=com rodc01 hubdc03.contoso.com /readonly /selsecrets
0x4000087CThe mod command will modify the RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller.\t [SYNTAX] /mod [/readonly] [/srcdsaaddr:] [/transportdn:] [+nbrflagoption] [-nbrflagoption] The mod command will modify the RepsFrom attribute on the destination domain controller for the specified naming context and initiate a replication request. During a normal replication cycle, the destination domain controller will request updates from the source domain controller.\t [SYNTAX] /mod [/readonly] [/srcdsaaddr:] [/transportdn:] [+nbrflagoption] [-nbrflagoption]
0x4000087DThe delete command will remove a RepsFrom attribute on the destination domain controller for the specified naming context. [SYNTAX] /delete [] [/localonly] [/nosource] [/async] The delete command will remove a RepsFrom attribute on the destination domain controller for the specified naming context. [SYNTAX] /delete [] [/localonly] [/nosource] [/async]
0x4000087EThis will create Reps-To attribute on the domain controller for the specified naming context. Ordinarily there is no requirement to perform this command as the KCC will automatically create the RepsTo attributes on destination DSA's from other DSA's Reps-From entries. [SYNTAX] /addrepsto [/selsecrets] This will create Reps-To attribute on the domain controller for the specified naming context. Ordinarily there is no requirement to perform this command as the KCC will automatically create the RepsTo attributes on destination DSA's from other DSA's Reps-From entries. [SYNTAX] /addrepsto [/selsecrets]
0x4000087FThis will update the Reps-To attribute on the domain controller for the specified naming context. More specifically it updates the network address used by the source DSA to contact the destination DSA. [SYNTAX] /updrepsto [/selsecrets] This will update the Reps-To attribute on the domain controller for the specified naming context. More specifically it updates the network address used by the source DSA to contact the destination DSA. [SYNTAX] /updrepsto [/selsecrets]
0x40000880INTERNAL USE ONLY /testhook [DSA_LIST] [{+|-}lockqueue] [{+|-}link_cleaner] [{+rpctime:,,|-rpctime}] [{+rpcsync:,|-rpcsync}] INTERNAL USE ONLY /testhook [DSA_LIST] [{+|-}lockqueue] [{+|-}link_cleaner] [{+rpctime:,,|-rpctime}] [{+rpcsync:,|-rpcsync}]
0x40000881Used to modify the options attribute of an NTDS Site Settings Object. [SYNTAX] /siteoptions [DSA] [/site:] [{+|-}IS_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_TOPL_CLEANUP_DISABLED] [{+|-}IS_TOPL_MIN_HOPS_DISABLED] [{+|-}IS_TOPL_DETECT_STALE_DISABLED] [{+|-}IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_GROUP_CACHING_ENABLED] [{+|-}FORCE_KCC_WHISTLER_BEHAVIOR] [{+|-}FORCE_KCC_W2K_ELECTION] [{+|-}IS_RAND_BH_SELECTION_DISABLED] [{+|-}IS_SCHEDULE_HASHING_ENABLED] [{+|-}IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED] [{+|-}W2K3_IGNORE_SCHEDULES] [{+|-}W2K3_BRIDGES_REQUIRED] Used to modify the options attribute of an NTDS Site Settings Object. [SYNTAX] /siteoptions [DSA] [/site:] [{+|-}IS_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_TOPL_CLEANUP_DISABLED] [{+|-}IS_TOPL_MIN_HOPS_DISABLED] [{+|-}IS_TOPL_DETECT_STALE_DISABLED] [{+|-}IS_INTER_SITE_AUTO_TOPOLOGY_DISABLED] [{+|-}IS_GROUP_CACHING_ENABLED] [{+|-}FORCE_KCC_WHISTLER_BEHAVIOR] [{+|-}FORCE_KCC_W2K_ELECTION] [{+|-}IS_RAND_BH_SELECTION_DISABLED] [{+|-}IS_SCHEDULE_HASHING_ENABLED] [{+|-}IS_REDUNDANT_SERVER_TOPOLOGY_ENABLED] [{+|-}W2K3_IGNORE_SCHEDULES] [{+|-}W2K3_BRIDGES_REQUIRED]
0x40000882Delrepsto deletes the Reps-To attribute on the domain controller for the specified naming context. [SYNTAX] /delrepsto Delrepsto deletes the Reps-To attribute on the domain controller for the specified naming context. [SYNTAX] /delrepsto
0x40000883Modfies the ntdssettings object of the domain controller targeted by the \"[DC]\"parameter . Capabilities include Add or remove a global catalog Enable or Disable inbound replication Enable or Disable outbound replication Enable or disable KCC connection translation Global Catalog promotion and demotion is identified by NTDS Replication events 1119 (GC promotion) and 1120 (GC demotion) logged in the target computers Directory Service event log. Destination domain controller log error 8456: \"the source server is currently rejecting replication requests\" when inbound replicating from source domain controllers with outbound replication disabled. Source domain controllers log error 8457: \"the destination server is currently rejecting replication requests\" when outbound replicating to destination domain controllers with inbound replication disabled. REPADMIN replicate and sync commands with the /force switch overrides disabled inbound or outbound replication. DISABLE_NTDSCONN_XLATE toggles KCC's ability to translate connection objects into replication links. This switch is often used in conjunction with \"repadmin /add\" command. REPADMIN /options supports the values in place of the \"[DC]\" parameter. Current capabilities or settings are enumerated with \"repadmin /options \" or in the header of \"repadmin /showreps\" [SYNTAX] /options [DC] [{+|-}IS_GC] [{+|-}DISABLE_INBOUND_REPL] [{+|-}DISABLE_OUTBOUND_REPL] [{+|-}DISABLE_NTDSCONN_XLATE] [EXAMPLES] Display the current options set on the target DC repadmin options hub-dc01 Designate the target DC to host the global catalog repadmin /options hub-dc01 +GC Disable inbound replication on all DC's in an Active Directory site. repadmin /options site:HQ DISABLE_INBOUND_REPL Modfies the ntdssettings object of the domain controller targeted by the \"[DC]\"parameter . Capabilities include Add or remove a global catalog Enable or Disable inbound replication Enable or Disable outbound replication Enable or disable KCC connection translation Global Catalog promotion and demotion is identified by NTDS Replication events 1119 (GC promotion) and 1120 (GC demotion) logged in the target computers Directory Service event log. Destination domain controller log error 8456: \"the source server is currently rejecting replication requests\" when inbound replicating from source domain controllers with outbound replication disabled. Source domain controllers log error 8457: \"the destination server is currently rejecting replication requests\" when outbound replicating to destination domain controllers with inbound replication disabled. REPADMIN replicate and sync commands with the /force switch overrides disabled inbound or outbound replication. DISABLE_NTDSCONN_XLATE toggles KCC's ability to translate connection objects into replication links. This switch is often used in conjunction with \"repadmin /add\" command. REPADMIN /options supports the values in place of the \"[DC]\" parameter. Current capabilities or settings are enumerated with \"repadmin /options \" or in the header of \"repadmin /showreps\" [SYNTAX] /options [DC] [{+|-}IS_GC] [{+|-}DISABLE_INBOUND_REPL] [{+|-}DISABLE_OUTBOUND_REPL] [{+|-}DISABLE_NTDSCONN_XLATE] [EXAMPLES] Display the current options set on the target DC repadmin options hub-dc01 Designate the target DC to host the global catalog repadmin /options hub-dc01 +GC Disable inbound replication on all DC's in an Active Directory site. repadmin /options site:HQ DISABLE_INBOUND_REPL
0x40000884/rehost Instructs a global catalog to drop its copy of a read-only domain partition, then perform a full sync of that partition from a DC that contains a writable copy of that partition. Targets read-only partitions on Windows 2000 and Windows Server 2003 global catalogs and read-only partitions of full and read-only Windows Server 2008 Global Catalogs. REHOST is useful for removing lingering objects in the read-only partitions of Windows 2000 global catalogs which do not support the preferred \"repadmin /removelingeringobjects\" command, or when the writable domain partition contains only Windows 2000 domain controllers. Cannot be used on any partition for which the target DC hosts a writable copy (schema, configuration or writable domain partition). For example, a GC in root.contoso.com can rehost its read-only copy of child.contoso.com but cannot rehost root.contoso.com. A computer executing /rehost may run Windows Vista or Windows Server 2008 and must have network connectivity to domain controllers specified in the \"DSA\" parameter. Target computers in the \"DSA\" parameter may be referenced by single-label hostname or fully qualified computername (preferred). values are also supported. Enterprise administrator credentials are recommended. The global catalog targeted by /rehost must have Windows 2000 Service Pack 4 or later installed. The reference DC must have Windows 2000 Service Pack 4 or later installed and have network connectivity to the GC's targeted by the \"DSA\" parameter. Time to task is determined by partition size and link speed between the reference and target computers. Global catalogs continue to \"advertise\" and service LDAP requests during the rehost operation even when not authoritative for all partitions in the forest. ITADMINS should consider the service impact on native-mode domains and application which rely on global catalog consistency. Rehosting a partition is preferred over unchecking and rechecking the gc checkbox because the read-only partitions can be replicated from a deterministic source. Microsoft recommends enabling strict replication consistency before rehosting read-only domain partitions. See \"repadmin /regkey\". [SYNTAX] /rehost DSA [/application] /rehost DSA [EXAMPLES] repadmin /rehost root-dc01 child.contoso.com child-dc01.child.contoso.com /rehost Instructs a global catalog to drop its copy of a read-only domain partition, then perform a full sync of that partition from a DC that contains a writable copy of that partition. Targets read-only partitions on Windows 2000 and Windows Server 2003 global catalogs and read-only partitions of full and read-only Windows Server 2008 Global Catalogs. REHOST is useful for removing lingering objects in the read-only partitions of Windows 2000 global catalogs which do not support the preferred \"repadmin /removelingeringobjects\" command, or when the writable domain partition contains only Windows 2000 domain controllers. Cannot be used on any partition for which the target DC hosts a writable copy (schema, configuration or writable domain partition). For example, a GC in root.contoso.com can rehost its read-only copy of child.contoso.com but cannot rehost root.contoso.com. A computer executing /rehost may run Windows Vista or Windows Server 2008 and must have network connectivity to domain controllers specified in the \"DSA\" parameter. Target computers in the \"DSA\" parameter may be referenced by single-label hostname or fully qualified computername (preferred). values are also supported. Enterprise administrator credentials are recommended. The global catalog targeted by /rehost must have Windows 2000 Service Pack 4 or later installed. The reference DC must have Windows 2000 Service Pack 4 or later installed and have network connectivity to the GC's targeted by the \"DSA\" parameter. Time to task is determined by partition size and link speed between the reference and target computers. Global catalogs continue to \"advertise\" and service LDAP requests during the rehost operation even when not authoritative for all partitions in the forest. ITADMINS should consider the service impact on native-mode domains and application which rely on global catalog consistency. Rehosting a partition is preferred over unchecking and rechecking the gc checkbox because the read-only partitions can be replicated from a deterministic source. Microsoft recommends enabling strict replication consistency before rehosting read-only domain partitions. See \"repadmin /regkey\". [SYNTAX] /rehost DSA [/application] /rehost DSA [EXAMPLES] repadmin /rehost root-dc01 child.contoso.com child-dc01.child.contoso.com
0x40000885Remove a specific read-only partition from a GC. [SYNTAX] /unhost DSA Remove a specific read-only partition from a GC. [SYNTAX] /unhost DSA
0x40000886Removes all replication links for a given naming context. This does not delete the connection objects so the KCC will build new links on its regular cycle as required. [SYNTAX] /removesources DSA_LIST Removes all replication links for a given naming context. This does not delete the connection objects so the KCC will build new links on its regular cycle as required. [SYNTAX] /removesources DSA_LIST
0x40000887Rehosts all the read-only partitions on a Global Catalog. This command disables connection translation, enables strict replication consistency, drops all existing read-only partitions and then rehosts each in turn. On completion connection translation is enabled. The DC does not advertise as a GC during this process. This command is not supported on Read Only GC's. [SYNTAX] /rebuildgc DC Rehosts all the read-only partitions on a Global Catalog. This command disables connection translation, enables strict replication consistency, drops all existing read-only partitions and then rehosts each in turn. On completion connection translation is enabled. The DC does not advertise as a GC during this process. This command is not supported on Read Only GC's. [SYNTAX] /rebuildgc DC
0x40000888Connects to and displays the replication features for a domain controller. [SYNTAX] /bind [DSA_LIST] [SPN] Connects to and displays the replication features for a domain controller. [SYNTAX] /bind [DSA_LIST] [SPN]
0x40000889Lists the domain controllers acting as bridgehead servers for a specified site. [SYNTAX] /bridgeheads [DSA_LIST] [/verbose] Lists the domain controllers acting as bridgehead servers for a specified site. [SYNTAX] /bridgeheads [DSA_LIST] [/verbose]
0x4000088ACompares the properties of specified domain controllers to determine if they are up to date with each other. The source domain controller contains the original information that needs to be checked. The data on the destination domain controller is compared to the data on the source domain controller. [SYNTAX] /checkprop [DSA_LIST from which to enumerate host DSAs] Compares the properties of specified domain controllers to determine if they are up to date with each other. The source domain controller contains the original information that needs to be checked. The data on the destination domain controller is compared to the data on the source domain controller. [SYNTAX] /checkprop [DSA_LIST from which to enumerate host DSAs]
0x4000088BReturns a server name when given a DSA GUID. [SYNTAX] /dsaguid [DSA_LIST] [GUID] Returns a server name when given a DSA GUID. [SYNTAX] /dsaguid [DSA_LIST] [GUID]
0x4000088CReturns the computer name of the Intersite Topology Generator (ISTG) server for a specified site. [SYNTAX] /istg [DSA_LIST] [/verbose] Returns the computer name of the Intersite Topology Generator (ISTG) server for a specified site. [SYNTAX] /istg [DSA_LIST] [/verbose]
0x4000088DDisplays the amount of time between replications, using the ISTG Keep Alive time stamp. The ISTG Keep Alive time stamp is not used in forests that are set to Windows Server 2003 forest functional level or later. Instead, in those environments, use repadmin /showutdvec /latency. [SYNTAX] /latency [DSA_LIST] [/verbose] Displays the amount of time between replications, using the ISTG Keep Alive time stamp. The ISTG Keep Alive time stamp is not used in forests that are set to Windows Server 2003 forest functional level or later. Instead, in those environments, use repadmin /showutdvec /latency. [SYNTAX] /latency [DSA_LIST] [/verbose]
0x4000088EDumps service connection points on a GC /showscp [DSA_LIST] (Must point at a GC, use \"gc:\" for all) Dumps service connection points on a GC /showscp [DSA_LIST] (Must point at a GC, use \"gc:\" for all)
0x4000088FModifies or displays the replication authentication mode in use by an ADAM configuration set. [SYNTAX] /replauthmode [DSA_LIST] [] (AD LDS only) is either an integer, or one of the ADAM_REPL_AUTHENTICATION_MODE_*** constants Modifies or displays the replication authentication mode in use by an ADAM configuration set. [SYNTAX] /replauthmode [DSA_LIST] [] (AD LDS only) is either an integer, or one of the ADAM_REPL_AUTHENTICATION_MODE_*** constants
0x40000890Sets, modifies or deletes the value of an attribute. [SYNTAX] /setattr [ ...] is either of add delete replace deleteAll can be either a string literal or an integer (decimal or hex) or one of the defined constants Sets, modifies or deletes the value of an attribute. [SYNTAX] /setattr [ ...] is either of add delete replace deleteAll can be either a string literal or an integer (decimal or hex) or one of the defined constants
0x40000891Used to view / change the notification timing settings of a specified directory partition. Must be targeted at the Domain Naming Master FSMO Only supported against Windows Server 2003 or later. [SYNTAX] /notifyopt [DSA_LIST] [/first:] [/subs:] /first\tThe number of seconds after a change is made before the domain controller notifies its first replication partner that there is a change. /subs\tOnce the first replication partner is notified of a change, the subs parameter specifies the number of seconds to wait before notifying the next replication partner.\t [EXAMPLE] View the notification options for given partition. repadmin /notifyopt rootdc01 dc=contoso,dc=com Used to view / change the notification timing settings of a specified directory partition. Must be targeted at the Domain Naming Master FSMO Only supported against Windows Server 2003 or later. [SYNTAX] /notifyopt [DSA_LIST] [/first:] [/subs:] /first\tThe number of seconds after a change is made before the domain controller notifies its first replication partner that there is a change. /subs\tOnce the first replication partner is notified of a change, the subs parameter specifies the number of seconds to wait before notifying the next replication partner.\t [EXAMPLE] View the notification options for given partition. repadmin /notifyopt rootdc01 dc=contoso,dc=com
0x40000892Uses routing information to determine the cost of a route from a specified site to another specified site or sites. The querysites parameter does not allow the use of alternate credentials. The relative distinguished names that are used in this command are case sensitive. [SYNTAX] /querysites [ ...] (may not be called with alternate credentials) Uses routing information to determine the cost of a route from a specified site to another specified site or sites. The querysites parameter does not allow the use of alternate credentials. The relative distinguished names that are used in this command are case sensitive. [SYNTAX] /querysites [ ...] (may not be called with alternate credentials)
0x40000893Enables and disables the values for two registry keys located under HKLM\\system\\ccs\\services\
tds\\parameters \"allowDivergent\" || \"strict\" allowDivergent for \"Allow Replication With Divergent and Corrupt Partner\" When a Windows Server 2003 domain controller has not inbound replicated a directory partition from any source in the preceding tombstone lifetime number of days, it logs NTDS Replication event 2042, then quarantines inbound replication from that source DC. Event 2042 indicates that replication can be unblocked by modifying \"Allow Replication With Divergent and Corrupt Partner\" in the registry to a value of 1. This replication quarantine should only be relaxed after checking for lingering objects, and removing them if present. \"repadmin /regkey - allowDivergent\" provides a reliable method to relax \"Allow Replication With Divergent and Corrupt Partner\" on one or more domain controllers in a forest. [SYNTAX] repadmin /regkey [value [/reg_sz]] [EXAMPLE] set \"Allow Replication With Divergent...\" on a single DC repadmin /regkey dc01.contoso.com +allowDivergent set \"Allow Replication With Divergent...\" on a all DC's repadmin /regkey GC: +allowDivergent set \"Allow Replication With Divergent...\" on a all GC's repadmin /regkey * +allowDivergent strict for \"Strict Replication Consistency\" Determines how a destination domain controller behaves when a source domain controller sends an update (as opposed to an object create) for an object that does not exist in the destination DC's copy of Active Directory. This behaviour is indicative of a lingering object being sent from the source DC to the destination dc. When strict replication consistency is enabled, the destination DC halts inbound replication from the source with and logs NTDS Replication events 1388, and Event 1084 with the extended error \"there is no such object on the server\" identify and attempt by the source DC to send a lingering object to the destination. When loose replication consistency is enabled, the destination DC reanimates the object sent by the DC and inbound replication is allowed to continue. The default value for replication consistency is determined by the how your Active Directory forest was created. Strict replication consistency quarantine lingering objects for easier removal but requires monitoring diligence. \"repadmin /regkey +|- strict\" provides a reliable way to configure values for the \"Strict Replication Consistency\" on one or more domain controllers in a forest. [SYNTAX] repadmin /regkey [value [/reg_sz]] [EXAMPLE] enable strict replication consistency on all DC's in forest repadmin /regkey * +strict enable strict replication consistency on all GC's in forest repadmin /regkey gc: +strict disable strict replication consistency on all DC's in forest repadmin /regkey * -strict
Enables and disables the values for two registry keys located under HKLM\\system\\ccs\\services\
tds\\parameters \"allowDivergent\" || \"strict\" allowDivergent for \"Allow Replication With Divergent and Corrupt Partner\" When a Windows Server 2003 domain controller has not inbound replicated a directory partition from any source in the preceding tombstone lifetime number of days, it logs NTDS Replication event 2042, then quarantines inbound replication from that source DC. Event 2042 indicates that replication can be unblocked by modifying \"Allow Replication With Divergent and Corrupt Partner\" in the registry to a value of 1. This replication quarantine should only be relaxed after checking for lingering objects, and removing them if present. \"repadmin /regkey - allowDivergent\" provides a reliable method to relax \"Allow Replication With Divergent and Corrupt Partner\" on one or more domain controllers in a forest. [SYNTAX] repadmin /regkey [value [/reg_sz]] [EXAMPLE] set \"Allow Replication With Divergent...\" on a single DC repadmin /regkey dc01.contoso.com +allowDivergent set \"Allow Replication With Divergent...\" on a all DC's repadmin /regkey GC: +allowDivergent set \"Allow Replication With Divergent...\" on a all GC's repadmin /regkey * +allowDivergent strict for \"Strict Replication Consistency\" Determines how a destination domain controller behaves when a source domain controller sends an update (as opposed to an object create) for an object that does not exist in the destination DC's copy of Active Directory. This behaviour is indicative of a lingering object being sent from the source DC to the destination dc. When strict replication consistency is enabled, the destination DC halts inbound replication from the source with and logs NTDS Replication events 1388, and Event 1084 with the extended error \"there is no such object on the server\" identify and attempt by the source DC to send a lingering object to the destination. When loose replication consistency is enabled, the destination DC reanimates the object sent by the DC and inbound replication is allowed to continue. The default value for replication consistency is determined by the how your Active Directory forest was created. Strict replication consistency quarantine lingering objects for easier removal but requires monitoring diligence. \"repadmin /regkey +|- strict\" provides a reliable way to configure values for the \"Strict Replication Consistency\" on one or more domain controllers in a forest. [SYNTAX] repadmin /regkey [value [/reg_sz]] [EXAMPLE] enable strict replication consistency on all DC's in forest repadmin /regkey * +strict enable strict replication consistency on all GC's in forest repadmin /regkey gc: +strict disable strict replication consistency on all DC's in forest repadmin /regkey * -strict
0x40000894Displays the date, time and domain controller that last backed up each writable directory partition in the forest by reading the DSASignature attribute on the root of the NC head of each directory partition The DSASignature attribute is populated on Windows 2003 Service Pack 1 and newer domain controllers after a legacy or VSS (Volume snapshot service) system state backup is performed. Backup dates are not reported for Read-only partitions. Domain controller prior to Windows Server 2003 Service Pack 1 do not update the DSASignature timestamp. Failure to perform a timely backup is identified by NTDS Replication event 2089. The Backup event threshold for event 2089 is controlled by the registry key \"HKLM\\SYSTEM\\CCS\\Services\\NTDS\\Parameters\\Backup Latency Threshold (days)\" (reg_dword) The default is conservatively set to half of TSL but should be configured to 1 day in production environments. Backup frequency is examined 1x per day during the replication latency check that generates events 1862, 1863, 1864. For more information see MSKB article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;914034 [SYNTAX] /showbackup [EXAMPLES] repadmin /showbackup site:HQ Displays the date, time and domain controller that last backed up each writable directory partition in the forest by reading the DSASignature attribute on the root of the NC head of each directory partition The DSASignature attribute is populated on Windows 2003 Service Pack 1 and newer domain controllers after a legacy or VSS (Volume snapshot service) system state backup is performed. Backup dates are not reported for Read-only partitions. Domain controller prior to Windows Server 2003 Service Pack 1 do not update the DSASignature timestamp. Failure to perform a timely backup is identified by NTDS Replication event 2089. The Backup event threshold for event 2089 is controlled by the registry key \"HKLM\\SYSTEM\\CCS\\Services\\NTDS\\Parameters\\Backup Latency Threshold (days)\" (reg_dword) The default is conservatively set to half of TSL but should be configured to 1 day in production environments. Backup frequency is examined 1x per day during the replication latency check that generates events 1862, 1863, 1864. For more information see MSKB article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;914034 [SYNTAX] /showbackup [EXAMPLES] repadmin /showbackup site:HQ
0x40000895Displays the certificates (used with Simple Mail Transfer Protocol (SMTP)-based replication) that are loaded on a specified directory server. [SYNTAX] /showcert [DSA_LIST] Displays the certificates (used with Simple Mail Transfer Protocol (SMTP)-based replication) that are loaded on a specified directory server. [SYNTAX] /showcert [DSA_LIST]
0x40000896Can be used to determine which changes have not yet been replicated between two replication partners or track statistics or changes which have replicated between them. There are two syntaxes. The first could be used to compare changes made to a directory partition over time. This is a two step process. First a reference cookie is created for the partition. Then at a later date use the cookie to determine what changes have been seen. All changed attributes in the partition will be displayed and the cookie updated. The second form of the syntax determines what changes have yet to replicate from a given source DC to one or more destination DC's. [SYNTAX] /showchanges . [/cookie:] [/atts:,,...] [/long] [ /showchanges [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:,,...] [/filter:] [EXAMPLES] Create a reference cookie for a given partition on a DC repadmin /showchanges rootdc01 cn=configuration,dc=contoso,dc=com /cookie:config Determine what changes have been made since the cookie was last updated. repadmin /showchanges childdc01 cn=configuration,dc=contoso,dc=com /cookie:config Determine what changes for the CONTOSO partition have yet to replicate to rootdc01 repadmin /showchanges rootdc01 2a9e3e32-531f-4c4f-9d95-e2e943aab7e0 dc=contoso,dc=com Can be used to determine which changes have not yet been replicated between two replication partners or track statistics or changes which have replicated between them. There are two syntaxes. The first could be used to compare changes made to a directory partition over time. This is a two step process. First a reference cookie is created for the partition. Then at a later date use the cookie to determine what changes have been seen. All changed attributes in the partition will be displayed and the cookie updated. The second form of the syntax determines what changes have yet to replicate from a given source DC to one or more destination DC's. [SYNTAX] /showchanges . [/cookie:] [/atts:,,...] [/long] [ /showchanges [/verbose] [/statistics] [/noincremental] [/objectsecurity] [/ancestors] [/atts:,,...] [/filter:] [EXAMPLES] Create a reference cookie for a given partition on a DC repadmin /showchanges rootdc01 cn=configuration,dc=contoso,dc=com /cookie:config Determine what changes have been made since the cookie was last updated. repadmin /showchanges childdc01 cn=configuration,dc=contoso,dc=com /cookie:config Determine what changes for the CONTOSO partition have yet to replicate to rootdc01 repadmin /showchanges rootdc01 2a9e3e32-531f-4c4f-9d95-e2e943aab7e0 dc=contoso,dc=com
0x40000897SHOWISM can very useful for locating improperly configured sites. This operation cannot be executed remotely. As the KCC runs through the progressions of analyzing inter-site site links and connections, it must query the ISM service to retrieve data about the network configuration to make intelligent decisions about routing changes. [SYNTAX] /showism [] [/verbose] (must be executed locally) SHOWISM can very useful for locating improperly configured sites. This operation cannot be executed remotely. As the KCC runs through the progressions of analyzing inter-site site links and connections, it must query the ISM service to retrieve data about the network configuration to make intelligent decisions about routing changes. [SYNTAX] /showism [] [/verbose] (must be executed locally)
0x40000898Displays the error message string for a given error number or the event text for a given Directory Services Event id. [SYNTAX] /showmsg { | /NTDSMSG} Displays the error message string for a given error number or the event text for a given Directory Services Event id. [SYNTAX] /showmsg { | /NTDSMSG}
0x40000899Each domain controller maintains a directory partition signature list. This command displays a list of the removed application partition GUIDs. An application directory partition can be configured to be held or not held on a particular domain controller using ntdsutil (for Active Directory). [SYNTAX] /showncsig [DSA_LIST] Each domain controller maintains a directory partition signature list. This command displays a list of the removed application partition GUIDs. An application directory partition can be configured to be held or not held on a particular domain controller using ntdsutil (for Active Directory). [SYNTAX] /showncsig [DSA_LIST]
0x4000089AA list of the entries in the DS Bind cache. These are outgoing calls. [SYNTAX] /showoutcalls [DSA_LIST] A list of the entries in the DS Bind cache. These are outgoing calls. [SYNTAX] /showoutcalls [DSA_LIST]
0x4000089BLists cross-domain move proxy objects. When an object is moved from one domain to another, a marker remains in the original domain. This marker is called a proxy. [SYNTAX] /showproxy [DSA_LIST] [Naming Context] [matchstring] (search xdommove proxies) /showproxy [DSA_LIST] [Object DN] [matchstring] /movedobject (dump xdommoved object) Lists cross-domain move proxy objects. When an object is moved from one domain to another, a marker remains in the original domain. This marker is called a proxy. [SYNTAX] /showproxy [DSA_LIST] [Naming Context] [matchstring] (search xdommove proxies) /showproxy [DSA_LIST] [Object DN] [matchstring] /movedobject (dump xdommoved object)
0x4000089CConverts a directory service time value to string format for both the local and the Universal Time, Coordinated (UTC) time zones. [SYNTAX] /showtime Converts a directory service time value to string format for both the local and the Universal Time, Coordinated (UTC) time zones. [SYNTAX] /showtime
0x4000089DLists all Active Directory domains that are trusted by a specified Active Directory domain. [SYNTAX] /showtrust [DSA_LIST] Lists all Active Directory domains that are trusted by a specified Active Directory domain. [SYNTAX] /showtrust [DSA_LIST]
0x4000089EDisplays the values of the type, last modified time, originating directory server, and distinguished name of a specified object. [SYNTAX] /showvalue [DSA_LIST] [Attribute Name] [Value DN] [/nocache] Displays the values of the type, last modified time, originating directory server, and distinguished name of a specified object. [SYNTAX] /showvalue [DSA_LIST] [Attribute Name] [Value DN] [/nocache]
0x4000089FDisplays a list of domain controllers. [SYNTAX] /viewlist [OBJ_LIST] Displays a list of domain controllers. [SYNTAX] /viewlist [OBJ_LIST]
0x400008A0Used to add a new SPN or to delete or modify an existing SPN. [SYNTAX] /writespn [DSA_LIST] Used to add a new SPN or to delete or modify an existing SPN. [SYNTAX] /writespn [DSA_LIST]
0x400008A1REPADMIN_IDS_CMD__DETAIL REPADMIN_IDS_CMD__DETAIL
0x400008A2Displays a list of replication failures that Knowledge Consistency Checker (KCC) is aware of. Run this command from the console of each ISTG domain controller in the forest to discover replication failures for bridgeheads in the site for that ISTG. [SYNTAX] /failcache [DSA_LIST] Displays a list of replication failures that Knowledge Consistency Checker (KCC) is aware of. Run this command from the console of each ISTG domain controller in the forest to discover replication failures for bridgeheads in the site for that ISTG. [SYNTAX] /failcache [DSA_LIST]
0x400008A3Displays the connection objects for a specified domain controller. The default is local site. [SYNTAX] /showconn [DSA_LIST] {serverRDN | Container DN | } [/from:serverRDN] [/intersite] (default is local site) Displays the connection objects for a specified domain controller. The default is local site. [SYNTAX] /showconn [DSA_LIST] {serverRDN | Container DN | } [/from:serverRDN] [/intersite] (default is local site)
0x400008A4Displays a list of computers that have opened sessions with a specified domain controller. [SYNTAX] /showctx [DSA_LIST] [/nocache] Displays a list of computers that have opened sessions with a specified domain controller. [SYNTAX] /showctx [DSA_LIST] [/nocache]
0x400008A5Displays the retired invocation IDs on a domain controller. A directory server changes its invocation ID when it is restored or when it rehosts an application partition. [SYNTAX] /showsig [DSA_LIST] Displays the retired invocation IDs on a domain controller. A directory server changes its invocation ID when it is restored or when it rehosts an application partition. [SYNTAX] /showsig [DSA_LIST]
0x400008ABDisplays the replication metadata for a specified object stored in Active Directory, such as attribute ID, version number, originating and local Update Sequence Number (USN), and originating server's GUID and Date and Time stamp /showmeta [DC] [/nocache] [/linked] Displays the replication metadata for a specified object stored in Active Directory, such as attribute ID, version number, originating and local Update Sequence Number (USN), and originating server's GUID and Date and Time stamp /showmeta [DC] [/nocache] [/linked]
0x400008ACNo such subcommand. Please use /? for help. No such subcommand. Please use /? for help.
0x400008AD/kcc Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology. /kcc Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology.
0x400008AE/prp This command allows an admin to view or modify the password replication policy for RODCs. /prp This command allows an admin to view or modify the password replication policy for RODCs.
0x400008AF/queue Displays inbound replication requests that the DC needs to issue to become consistent with its source replication partners. /queue Displays inbound replication requests that the DC needs to issue to become consistent with its source replication partners.
0x400008B0/replicate Triggers the immediate replication of the specified directory partition to the destination domain controller from the source DC. /replicate Triggers the immediate replication of the specified directory partition to the destination domain controller from the source DC.
0x400008B1/replsingleobj Replicates a single object between any two domain controllers that have common directory partitions. /replsingleobj Replicates a single object between any two domain controllers that have common directory partitions.
0x400008B2/replsummary The replsummary operation quickly and concisely summarizes the replication state and relative health of a forest. /replsummary The replsummary operation quickly and concisely summarizes the replication state and relative health of a forest.
0x400008B3/showattr Displays the attributes of an object. /showattr Displays the attributes of an object.
0x400008B4/showobjmeta Displays the replication metadata for a specified object stored in Active Directory, such as attribute ID, version number, originating and local Update Sequence Number (USN), and originating server's GUID and Date and Time stamp. /showobjmeta Displays the replication metadata for a specified object stored in Active Directory, such as attribute ID, version number, originating and local Update Sequence Number (USN), and originating server's GUID and Date and Time stamp.
0x400008B5/showrepl Displays the replication status when specified domain controller last attempted to inbound replicate Active Directory partitions. /showrepl Displays the replication status when specified domain controller last attempted to inbound replicate Active Directory partitions.
0x400008B6/showutdvec displays the highest committed Update Sequence Number (USN) that the targeted DC's copy of Active Directory shows as committed for itself and its transitive partners. /showutdvec displays the highest committed Update Sequence Number (USN) that the targeted DC's copy of Active Directory shows as committed for itself and its transitive partners.
0x400008B7/syncall Synchronizes a specified domain controller with all replication partners. /syncall Synchronizes a specified domain controller with all replication partners.
0x400008B8/rodcpwdrepl Triggers replication of passwords for the specified user(s) from the source (Hub DC) to one or more Read Only DC's. /rodcpwdrepl Triggers replication of passwords for the specified user(s) from the source (Hub DC) to one or more Read Only DC's.
0x400008B9
0x400008BAAllows the lookup of an IP address. Flags are used to control whether the resolver cache should be flushed [SYNTAX] /dnslookup /alias /dnslookup where DnsReslFlags are combinations of DNSRESL_FLUSH_CACHE (0x1) DNSRESL_FLUSH_CACHE_ON_ERROR (0x2) DNSRESL_GET_IPV4_ONLY (0x4) DNSRESL_GET_IPV6_ONLY (0x8) DNSRESL_PREFER_IPV4 (0x10)\t NOTE flag 0x2 is default if not specified DNSRESL_FLUSH_CACHE flushes the resolver cache before issuing the lookup DNSRESL_FLUSH_CACHE_ON_ERROR flushes the resolver cache if there is a DNS lookup error and retries the lookup. If a second error occurs that would be returned. DNSRESL_GET_IPV6_ONLY returns only IP V6 addresses DNSRESL_PREFER_IPV4 displays the returned address with IP V4 at the top of the list. Default is IP V6 at the top of the list. [EXAMPLE]Flushes the resolver cache & looks up a CNAME and returns the IPV4 address(es)first. repadmin /dnslookup a1544517-4158-4d35-b582-6ab83ac6f39b._msdcs.contoso.com 0x13 Allows the lookup of an IP address. Flags are used to control whether the resolver cache should be flushed [SYNTAX] /dnslookup /alias /dnslookup where DnsReslFlags are combinations of DNSRESL_FLUSH_CACHE (0x1) DNSRESL_FLUSH_CACHE_ON_ERROR (0x2) DNSRESL_GET_IPV4_ONLY (0x4) DNSRESL_GET_IPV6_ONLY (0x8) DNSRESL_PREFER_IPV4 (0x10)\t NOTE flag 0x2 is default if not specified DNSRESL_FLUSH_CACHE flushes the resolver cache before issuing the lookup DNSRESL_FLUSH_CACHE_ON_ERROR flushes the resolver cache if there is a DNS lookup error and retries the lookup. If a second error occurs that would be returned. DNSRESL_GET_IPV6_ONLY returns only IP V6 addresses DNSRESL_PREFER_IPV4 displays the returned address with IP V4 at the top of the list. Default is IP V6 at the top of the list. [EXAMPLE]Flushes the resolver cache & looks up a CNAME and returns the IPV4 address(es)first. repadmin /dnslookup a1544517-4158-4d35-b582-6ab83ac6f39b._msdcs.contoso.com 0x13
0x400008BBForces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology. By default, each DC performs this recalculation every 15 minutes. Run this command to troubleshoot KCC errors after removing suspected fault conditions, or to \"activate\" newly created manual connection objects. [SYNTAX] /kcc [DSA_LIST] [/async] [EXAMPLES] The following command targets all DC's in the site HQ and triggers the KCC to run on each one. repadmin /kcc site:HQ Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology. By default, each DC performs this recalculation every 15 minutes. Run this command to troubleshoot KCC errors after removing suspected fault conditions, or to \"activate\" newly created manual connection objects. [SYNTAX] /kcc [DSA_LIST] [/async] [EXAMPLES] The following command targets all DC's in the site HQ and triggers the KCC to run on each one. repadmin /kcc site:HQ
0x400008BCThis command allows an admin to view or modify the password replication policy for RODCs. \t[SYNTAX] /prp [ADDITIONAL_ARGS] can be either of view add delete move for view, add, and delete, can be either of rodc_name * for move, is rodc_name [ADDITIONAL_ARGS] depend on view: This operation displays the principals in the specified list or displays the current password replication policy for a specified user. /prp view {|} is either of auth2 - the list of security principals which have been authenticated by the RODC reveal - the list of security principals (users and computers) which have their current password cached by the RODC allow - security principals explicitly listed in the attribute msds-revealondemandgroup associated with the RODC specified. The RODC is only permitted to cache passwords for \"members\" of this \"list\" deny - security principals explicitly listed in the attribute msds-neverrevealgroup associated with the RODC. The RODC is not permitted to cache passwords for \"members\" of this \"list\" The allow and deny lists typically contain groups. Direct or nested membership of any of the groups implies membership of the relevant \"list\". add: This operation adds the specified principal to the \"allow list\" - msds-revealondemandgroup attribute associated with the RODC. /prp add allow delete: This operation deletes the specified principal (or all principals) from the auth2/allow list. /prp delete allow {|/all} /prp delete auth2 /all move: This operation moves all the principals from the auth2 list to the specified group. If the group does not exist, it is created. If the group is not in the allow list of the RODC, it is added. /prp move [/noauth2cleanup] [/users_only|/comps_only] /noauth2cleanup - The auth2 list will be cleaned up by default when using the move operation. Use this switch to avoid the cleanup. /users_only - Only user objects will be moved from the auth2 list to the allow list. /comps_only - Only computer objects will be moved from the auth2 list to the allow list. Note: typically the /prp command will be executed on a \"Full\" Windows Server 2008 DC rather than an RODC. [EXAMPLE] The following command would list the users whose password are currently cached on the specified dc. repadmin /prp view br1-rodc01 reveal The following command would allow the specified user's password to be cached on the specified dc. repadmin /prp add br1-rodc1 allow cn=br1-cachable,ou=user-groups,dc=contoso,dc=com This command allows an admin to view or modify the password replication policy for RODCs. \t[SYNTAX] /prp [ADDITIONAL_ARGS] can be either of view add delete move for view, add, and delete, can be either of rodc_name * for move, is rodc_name [ADDITIONAL_ARGS] depend on view: This operation displays the principals in the specified list or displays the current password replication policy for a specified user. /prp view {|} is either of auth2 - the list of security principals which have been authenticated by the RODC reveal - the list of security principals (users and computers) which have their current password cached by the RODC allow - security principals explicitly listed in the attribute msds-revealondemandgroup associated with the RODC specified. The RODC is only permitted to cache passwords for \"members\" of this \"list\" deny - security principals explicitly listed in the attribute msds-neverrevealgroup associated with the RODC. The RODC is not permitted to cache passwords for \"members\" of this \"list\" The allow and deny lists typically contain groups. Direct or nested membership of any of the groups implies membership of the relevant \"list\". add: This operation adds the specified principal to the \"allow list\" - msds-revealondemandgroup attribute associated with the RODC. /prp add allow delete: This operation deletes the specified principal (or all principals) from the auth2/allow list. /prp delete allow {|/all} /prp delete auth2 /all move: This operation moves all the principals from the auth2 list to the specified group. If the group does not exist, it is created. If the group is not in the allow list of the RODC, it is added. /prp move [/noauth2cleanup] [/users_only|/comps_only] /noauth2cleanup - The auth2 list will be cleaned up by default when using the move operation. Use this switch to avoid the cleanup. /users_only - Only user objects will be moved from the auth2 list to the allow list. /comps_only - Only computer objects will be moved from the auth2 list to the allow list. Note: typically the /prp command will be executed on a \"Full\" Windows Server 2008 DC rather than an RODC. [EXAMPLE] The following command would list the users whose password are currently cached on the specified dc. repadmin /prp view br1-rodc01 reveal The following command would allow the specified user's password to be cached on the specified dc. repadmin /prp add br1-rodc1 allow cn=br1-cachable,ou=user-groups,dc=contoso,dc=com
0x40000C10Forest GUID: %1 Forest GUID: %1
0x40000C11Forest GUID: (none) Forest GUID: (none)
0x40000C12Successfully replicated secrets for user %1 on read-only DC %2 from full DC %3. Successfully replicated secrets for user %1 on read-only DC %2 from full DC %3.
0x40000C13Server Error: %1 Server Error: %1
0x40000C14Unable to replicate secrets for user %1 on read-only DC %2 from full DC %3.Error: %4 (%5!d!) Unable to replicate secrets for user %1 on read-only DC %2 from full DC %3.Error: %4 (%5!d!)
0x40000C15Unable to replicate secrets for user %1 on read-only DC %2 from full DC %3.The cause of this error is due to one of the following:* The caller does not have the \"Secret Synchronization\" control access right on the read-only DC above.* The user above is a security sensitive user that cannot have secrets replicated to any read-only DC.* The user above is not a member of the RevealOnDemand group associated with the read-only DC above.* The user above is a member of the NeverReveal group associated with the read-only DC above. Unable to replicate secrets for user %1 on read-only DC %2 from full DC %3.The cause of this error is due to one of the following:* The caller does not have the \"Secret Synchronization\" control access right on the read-only DC above.* The user above is a security sensitive user that cannot have secrets replicated to any read-only DC.* The user above is not a member of the RevealOnDemand group associated with the read-only DC above.* The user above is a member of the NeverReveal group associated with the read-only DC above.
0x40000C24This operation will move all user security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no): This operation will move all user security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no):
0x40000C25This operation will move all the computer security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no): This operation will move all the computer security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no):
0x40000C26This operation will move all the security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no): This operation will move all the security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no):
0x40000C27This operation will add all user security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no): This operation will add all user security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no):
0x40000C28This operation will add all the computer security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no): This operation will add all the computer security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no):
0x40000C29This operation will add all the security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no): This operation will add all the security principals from the Auth2 list of the RODC to the Allow list.Do you wish to continue? (yes/no):
0x40000C2APrincipal %1 is in the RODC's Allow list. Principal %1 is in the RODC's Allow list.
0x40000C2BPrincipal %1 is in the RODC's Deny list. Principal %1 is in the RODC's Deny list.
0x40000C2CPrincipal %1 is neither in the RODC's Allow list nor Deny list. Principal %1 is neither in the RODC's Allow list nor Deny list.
0x40000C2DAn error was encountered while performing the requested operation: 0x%1!x!. An error was encountered while performing the requested operation: 0x%1!x!.
0x40000C2EExtended error information:%1 Extended error information:%1
0x40000C32The specified group %1 does not exist. This operation will create this group in the default Users container and add the group to the RODC's Allow list.Do you wish to continue? (yes/no): The specified group %1 does not exist. This operation will create this group in the default Users container and add the group to the RODC's Allow list.Do you wish to continue? (yes/no):
0x40000C33If the specified group %1 is not in the RODCs's Allow list, this operation will add this group to the Allow list.Do you wish to continue? (yes/no): If the specified group %1 is not in the RODCs's Allow list, this operation will add this group to the Allow list.Do you wish to continue? (yes/no):
0x40000C3ARepadmin: running command %1 against full DC %2 Repadmin: running command %1 against full DC %2
0x40000C3BRepadmin: running command %1 against read-only DC %2 Repadmin: running command %1 against read-only DC %2
0x40000C42Modifying options for RODC %1 on writable DC %2. Modifying options for RODC %1 on writable DC %2.
0x40000C43Unable to load resource string. Unable to load resource string.
0x800007D0Unused Unused
0x800007DCThe following flags are not modifiable: %1 The following flags are not modifiable: %1
0x800007DDNOTE: Replication on writable DSAs has been left disabled. NOTE: Replication on writable DSAs has been left disabled.
0x800007DEDN is missing! DN is missing!
0x800007DF(%1!d!) (%1!d!)
0x800007E0WARNING: Not advertising as a global catalog. WARNING: Not advertising as a global catalog.
0x800007E1******* WARNING: KCC could not add this REPLICA LINK due to error. ******* WARNING: KCC could not add this REPLICA LINK due to error.
0x800007E2Site %1 is not connected by this transport. Site %1 is not connected by this transport.
0x80000C37Unable to continue since DsReplicaGetInfo returned no neighbours for the specified SourceDSAObjectGuid. Unable to continue since DsReplicaGetInfo returned no neighbours for the specified SourceDSAObjectGuid.
0x80000C38Repadmin: not running against full DC %1 since it is incompatible with this command. Repadmin: not running against full DC %1 since it is incompatible with this command.
0x80000C39Repadmin: not running against read-only DC %1 since it is incompatible with this command. Repadmin: not running against read-only DC %1 since it is incompatible with this command.
0xC0000BB8The password is too long. The password is too long.
0xC0000BB9User name must be prefixed by domain name. User name must be prefixed by domain name.
0xC0000BBAPassword must be accompanied by user name. Password must be accompanied by user name.
0xC0000BBBFailed to query the console mode. Failed to query the console mode.
0xC0000BBDUnknown option \"%1\". Unknown option \"%1\".
0xC0000BBERepadmin failed to allocate memory. Repadmin failed to allocate memory.
0xC0000BBFAccess to store denied.Try authenticating (net use) to the system using an administrator account. Access to store denied.Try authenticating (net use) to the system using an administrator account.
0xC0000BC0Access to store denied.CertOpenStore on remote My store failed! Error is %1 Access to store denied.CertOpenStore on remote My store failed! Error is %1
0xC0000BC1Domain Controller Certificate was not found. Domain Controller Certificate was not found.
0xC0000BC2Certificate has no alt subject name. Certificate has no alt subject name.
0xC0000BC3Can't decode alt subject name, encountered error: 0x%1!x! %2 Can't decode alt subject name, encountered error: 0x%1!x! %2
0xC0000BC4CAFindCertTypeByName failed, error 0x%1!x! CAFindCertTypeByName failed, error 0x%1!x!
0xC0000BC5CAGetCertTypeProperty failed, error 0x%1!x! CAGetCertTypeProperty failed, error 0x%1!x!
0xC0000BC6CAFreeCertTypeProperty failed, error 0x%1!x! CAFreeCertTypeProperty failed, error 0x%1!x!
0xC0000BC7CACloseCertType failed, error 0x%1!x! CACloseCertType failed, error 0x%1!x!
0xC0000BC8DsBindWithCred to %1 failed with status %0 DsBindWithCred to %1 failed with status %0
0xC0000BC9DsBindWithCred to %1 failed with status %2!d! DsBindWithCred to %1 failed with status %2!d!
0xC0000BCA%1!d! (0x%2!x!): %3 %1!d! (0x%2!x!): %3
0xC0000BCB%1!d! (0x%2!x!): %1!d! (0x%2!x!):
0xC0000BCCDsUnBind() failed with status %0 DsUnBind() failed with status %0
0xC0000BCDError converting GUID %1, error %0 Error converting GUID %1, error %0
0xC0000BCEEither a single Reps-To DSA or \"/nosource\" must be specified, but not both. Either a single Reps-To DSA or \"/nosource\" must be specified, but not both.
0xC0000BCF%1() failed with status %0 %1() failed with status %0
0xC0000BD0%1() failed with status %2!d! %1() failed with status %2!d!
0xC0000BD1%1( %2 ) failed with status %0 %1( %2 ) failed with status %0
0xC0000BD2A single source GUID must be specified. A single source GUID must be specified.
0xC0000BD3[%1!S!, %2!d!] LDAP error %3!d! (%4) Win32 Err %5!d!. [%1!S!, %2!d!] LDAP error %3!d! (%4) Win32 Err %5!d!.
0xC0000BD4Must specify a Naming Context. Must specify a Naming Context.
0xC0000BD5Must specify a target DSA. Must specify a target DSA.
0xC0000BD6Cannot open LDAP connection to %1. Cannot open LDAP connection to %1.
0xC0000BD7Cannot open LDAP connection to %1 (%2). Cannot open LDAP connection to %1 (%2).
0xC0000BD8Cannot open LDAP connection to localhost. Cannot open LDAP connection to localhost.
0xC0000BD9No instances of this NC found -- please check the NC name and your credentials. No instances of this NC found -- please check the NC name and your credentials.
0xC0000BDAFailed to bind to registry on %1, error %0 Failed to bind to registry on %1, error %0
0xC0000BDBFailed to open DS registry key on %1, error %0 Failed to open DS registry key on %1, error %0
0xC0000BDCCould not set registry value, error %0 Could not set registry value, error %0
0xC0000BDDFailed to delete replica link, error %0 Failed to delete replica link, error %0
0xC0000BE0Couldn't read cookie from file %1 Couldn't read cookie from file %1
0xC0000BE1Couldn't write cookie to file %1 Couldn't write cookie to file %1
0xC0000BE2Couldn't open cookie file %1 Couldn't open cookie file %1
0xC0000BE3Must specify an object. Must specify an object.
0xC0000BE4I_ISMGetConnectivity() returned NULL for site connectivity! I_ISMGetConnectivity() returned NULL for site connectivity!
0xC0000BE5Must supply zero or one transport DN. Must supply zero or one transport DN.
0xC0000BE6Fatal error at line %1!d!, file %2!S! Fatal error at line %1!d!, file %2!S!
0xC0000BE7%1!S! had unexpected null value at line %2!d!, file %3!S! %1!S! had unexpected null value at line %2!d!, file %3!S!
0xC0000BE8%1!S! had unexpected failure value at line %2!d!, file %3!S! %1!S! had unexpected failure value at line %2!d!, file %3!S!
0xC0000BE9Error in ber_printf. Error in ber_printf.
0xC0000BEAError in ber_flatten. Error in ber_flatten.
0xC0000BEBDid not get a replication server control back. Did not get a replication server control back.
0xC0000BECMust specify message number. Must specify message number.
0xC0000BEDInvalid message ID, \"%1\". Invalid message ID, \"%1\".
0xC0000BEEError contacting server %1 (network error): %0 Error contacting server %1 (network error): %0
0xC0000BEFError issuing replication: %0 Error issuing replication: %0
0xC0000BF0The following server could not be reached (topology incomplete): %1 The following server could not be reached (topology incomplete): %1
0xC0000BF1Unknown error. Unknown error.
0xC0000BF2SyncAll exited with fatal Win32 error: %0 SyncAll exited with fatal Win32 error: %0
0xC0000BF3Invalid commandline; use repadmin /SyncAll /h for help. Invalid commandline; use repadmin /SyncAll /h for help.
0xC0000BF4SyncAll reported the following errors: SyncAll reported the following errors:
0xC0000BF5Invalid arguments. Invalid arguments.
0xC0000BF6Invalid argument %1 Invalid argument %1
0xC0000BF7Cannot add & remove same option. Cannot add & remove same option.
0xC0000BF8The site %1 was not found! The site %1 was not found!
0xC0000BF9Format of retiredReplDsaSignatures is unrecognized. Format of retiredReplDsaSignatures is unrecognized.
0xC0000BFAinvalid distname binary value %1 invalid distname binary value %1
0xC0000BFBunexpected distname binary length %1!d! unexpected distname binary length %1!d!
0xC0000BFCPlease specify one of: RDN, DN, or GUID. Please specify one of: RDN, DN, or GUID.
0xC0000BFDAmbiguous name: more than one server exists with RDN %1. Ambiguous name: more than one server exists with RDN %1.
0xC0000BFEMust specify invocation ID to translate Must specify invocation ID to translate
0xC0000BFFRemoveLingeringObjects successful on %1. RemoveLingeringObjects successful on %1.
0xC0000C00The set operation is allowed on the Domain Naming Master Only.Your Domain Naming Master is: %1 The set operation is allowed on the Domain Naming Master Only.Your Domain Naming Master is: %1
0xC0000C01Partition %1 does not have expected writeability for source %2. Partition %1 does not have expected writeability for source %2.
0xC0000C02NTDSAPI V1 BindState, printing extended members. NTDSAPI V1 BindState, printing extended members.
0xC0000C03NTDSAPI V2 BindState, printing extended members. NTDSAPI V2 BindState, printing extended members.
0xC0000C04bindAddr: %1 bindAddr: %1
0xC0000C05pszAnnot: %1 pszAnnot: %1
0xC0000C06InstGuid = {%1} InstGuid = {%1}
0xC0000C07InstGuid = (none) InstGuid = (none)
0xC0000C08NTDSAPI DsBind appears to have returned an invalid V1 bind handle for a V2 bind. NTDSAPI DsBind appears to have returned an invalid V1 bind handle for a V2 bind.
0xC0000C09The following DSA_NAME is ambiguous, and did not resolve to a single server: DSA_NAME: %1 The following DSA_NAME is ambiguous, and did not resolve to a single server: DSA_NAME: %1
0xC0000C0AThe provided DSA_LIST or DSA_NAME format is not supported in AD LDS: The provided DSA_LIST or DSA_NAME format is not supported in AD LDS:
0xC0000C0BAn attempt to resolve %1 to a valid connection/binding string, failed with 0x%2!x! An attempt to resolve %1 to a valid connection/binding string, failed with 0x%2!x!
0xC0000C0CAn inquiry into the authentication information on the binding failed with 0x%1!x! An inquiry into the authentication information on the binding failed with 0x%1!x!
0xC0000C0DSecurity information on the binding is as follows: SPN Requested: %1 Authn Service: %2!d! Authn Level: %3!d! Authz Service: %4!d! Security information on the binding is as follows: SPN Requested: %1 Authn Service: %2!d! Authn Level: %3!d! Authz Service: %4!d!
0xC0000C0EUnable to write the requested SPN's, failed with 0x%1!x! Unable to write the requested SPN's, failed with 0x%1!x!
0xC0000C0FSuccessfully wrote the requested SPN's. Successfully wrote the requested SPN's.
0xC0000C16An integer overflow has occurred. An integer overflow has occurred.
0xC0000C17Failed to connect to DC: %1. Failed to connect to DC: %1.
0xC0000C18Problems with RODC/s Search, failed with 0x%1!x! Problems with RODC/s Search, failed with 0x%1!x!
0xC0000C19The following RODC_NAME couldn't be found: RODC: %1 The following RODC_NAME couldn't be found: RODC: %1
0xC0000C1AThe following RODC_NAME is ambiguous, and did not resolve to a single server: RODC: %1 The following RODC_NAME is ambiguous, and did not resolve to a single server: RODC: %1
0xC0000C1BSearch found no RODCs. Search found no RODCs.
0xC0000C1CAuth2 list is empty. No values added to the allow list. Auth2 list is empty. No values added to the allow list.
0xC0000C1DNo user accounts found on Auth2 list. No values added to the allow list. No user accounts found on Auth2 list. No values added to the allow list.
0xC0000C1ENo computer accounts found on Auth2 list. No values added to the allow list. No computer accounts found on Auth2 list. No values added to the allow list.
0xC0000C1FFor RODC \"%1\", \"%2\" could not be added to the allow list. Ldap Error: %3!d!. For RODC \"%1\", \"%2\" could not be added to the allow list. Ldap Error: %3!d!.
0xC0000C20Couldn't find a domain controller that meets the requirements. Couldn't find a domain controller that meets the requirements.
0xC0000C21Specified Domain Controller: %1 doesn't meet the requirements. Specified Domain Controller: %1 doesn't meet the requirements.
0xC0000C22Couldn't connect to Domain Controller: %1. Couldn't connect to Domain Controller: %1.
0xC0000C23Couldn't bind to Domain Controller: %1. Couldn't bind to Domain Controller: %1.
0xC0000C2FThe following group name is ambiguous, and did not resolve to a single group: %1. The following group name is ambiguous, and did not resolve to a single group: %1.
0xC0000C30The following user name is ambiguous, and did not resolve to a single user: %1. The following user name is ambiguous, and did not resolve to a single user: %1.
0xC0000C31The specified user %1 does not exist. The specified user %1 does not exist.
0xC0000C34An error was encountered while creating the group %1. An error was encountered while creating the group %1.
0xC0000C35An error was encountered while adding the group %1 to the RODC's Allow list. An error was encountered while adding the group %1 to the RODC's Allow list.
0xC0000C36An error occured while parsing the revealed list entry %1. An error occured while parsing the revealed list entry %1.
0xC0000C3CThe specified user or group %1 does not exist. The specified user or group %1 does not exist.
0xC0000C3DInvalid argument in object list. Invalid argument in object list.
0xC0000C3ELDAP error %1!d! (%2) Win32 Err %3!d!. LDAP error %1!d! (%2) Win32 Err %3!d!.
0xC0000C3FFatal error. Fatal error.
0xC0000C40%1!S! had unexpected null value. %1!S! had unexpected null value.
0xC0000C41%1!S! had unexpected failure value. %1!S! had unexpected failure value.

EXIF

File Name:repadmin.exe.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-d..-repadmin.resources_31bf3856ad364e35_10.0.15063.0_en-us_2ee1698e029acbfa\
File Size:210 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:214528
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Executable application
File Subtype:0
Language Code:English (U.S.)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:NT5DS
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:repadmin.exe
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:repadmin.exe.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\x86_microsoft-windows-d..-repadmin.resources_31bf3856ad364e35_10.0.15063.0_en-us_d2c2ce0a4a3d5ac4\

What is repadmin.exe.mui?

repadmin.exe.mui is Multilingual User Interface resource file that contain English (U.S.) language for file repadmin.exe (NT5DS).

File version info

File Description:NT5DS
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:repadmin.exe
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:repadmin.exe.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x409, 1200