After an update of our Corporate Firewall the Active Directory replication stuck. After some troubleshooting measures and reading tons of logs we found out that the RPC traffic wasn’t able to pass the firewall. This means that RODC’s are unable to reflect Directory changes and pass logon traffic for non-replicated user- or computer accounts to a writeable Domain Controller. In my case there exist two sites with writeable DC’s. Because only one Firewall was being updated I decided to change site configuration to replicate the RODC’s to another site. But if you watched this text carefully you can find a problem. No Directory Changes are reflected because interrupted replication connection. So what we are able to do?
You can use „repadmin“ on RODC to add replication connection and force replication.
- repadmin /add <configuration partition> <name of the RODC> <FQDN of the source domain controller> /readonly /selsecrets
- repadmin /replicate <RODC> <FQDN of the source domain controller> <configuration partition>
The only thing needed is a clean communication.
Web source:
http://technet.microsoft.com/en-us/library/dd736126(WS.10).aspx