Verify replication across domains
Systems administrators often face a common account-management problem: Account changes or additions can take a long time to replicate between domain controllers (DCs). When these replication intervals are longer than expected, new user and computer accounts don't become available in a timely manner throughout the domain. I created a script called TestUserReplication.pl to test whether a newly created user account exists across an entire domain. This Perl script, which Listing 1 shows, gives systems administrators a simple way to verify the flow of account information to all DCs.
Occasionally, staff members who are used to only GUI environments might need to run your scripts. Packaging your scripts with GUIs lets these staff members easily run the scripts and proves your versatility as a scriptwriter. To accommodate these staff members, I also created another version of this utility, TestUserReplicationGUI.pl, which Web Listing 1 (http://www.winscriptingsolutions.com, InstantDoc ID 26967) shows. This script uses the Perl/Tk module to create a GUI front end. Both Visual Basic (VB) and Perl scripts lend themselves to this type of conversion. If your script takes arguments at the command prompt or prompts the user for input, including a GUI in your script might make sense. You can use input boxes to give users who aren't command-prompt savvy a more familiar interface, and you can display the output in a familiar window. Let's take a quick look at how these scripts test replication and how you can use them in your network.
The Microsoft Windows 2000 Server Resource Kit's Replmon utility shows replication status and performance, but I wanted a simpler tool that would show only the replication pattern of a newly created user account on 10 DCs and verify that my replication configuration worked. Originally, I tried to verify account existence by manually connecting to each DC, but that process took too long. While I was individually testing each server, the replication was already in progress, which made taking a quick snapshot of which DCs had received the new account data difficult. So, I created the TestUserReplication.pl and TestUserReplicationGUI.pl scripts to accomplish this task. Both scripts perform three primary steps:
- The script pings each server.
- If the server is online, the script tests whether the user exists.
- The script determines a replication success percentage and outputs this and other information to the script operator.
Using the Scripts
TestUserReplication.pl and TestUserReplicationGUI.pl run on Windows XP, Win2K, and Windows NT 4.0. To make the scripts work in your environment, follow these steps:
- Download Perl from ActiveState (http://www.activestate.com). If you plan to the use the GUI version of the script, use the Perl Package Manager to install Perl/Tk. For more information about Perl/Tk, see the Tk.htm Help file in the Perl\html\site\lib folder that's installed with the module.
- Configure the script with a list of the DCs for which you want to verify replication.
- Create a new test user account in your domain by using the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in or your typical creation procedure.
- Run the script immediately after you create the user account, and note the percentage of completed replication.
- Periodically rerun the script (every 5 to 10 minutes or whichever test interval you choose), noting the flow of the new user account information to all the DCs.
After you finish running the script, you'll have a better idea of whether replication is working correctly or whether you need to perform additional tests with Replmon and make adjustments with the MMC Active Directory Sites and Services snap-in. For more information about replication problems and troubleshooting, see "How to Configure Replication" in the Active Directory Sites and Services snap-in's online Help.
Automating the Process
Taking a quick snapshot of user-account replication with the TestUserReplication.pl or TestUserReplicationGUI.pl script is a good example of automating a procedure that you could perform manually. Taking a few minutes to write a script that automates the process gives you a tool that can provide timely, accurate results and help diagnose replication problems when they arise.