Understanding where AD replication vector information is stored

Author: NetworkAdminKB.com
Created: 2007-05-24
Modified: 2008-11-19

Symptoms:

When using “Repadmin /showvector <Naming Context> [DC] [/nocache] [/latency]” command you may notice several entries listed as GUIDs.

 

For Example:

C:\repadmin /showvector dc=domain,dc=com server1.domain.com

Caching GUIDs...

01ca6e90-7d20-4f9c-ba7b-823a72fc459e      @ USN   2210490 @ Time 2005-08-21 15:54:21

1d9bb4b6-054a-440c-aedf-7a3f28837e7f       @ USN  26245013 @ Time 2007-02-27 10:17:33

24980c9d-39fa-44d7-a153-c0c5c27f0577      @ USN   4606302 @ Time 2006-08-20 23:33:09

SiteName1\Server1                                          @ USN   4046573 @ Time 2007-05-24 14:32:28

SiteName2\Server2                                          @ USN  19242325 @ Time 2007-05-24 14:32:30

SiteName3\Server3                                          @ USN   3231161 @ Time 2007-05-24 14:32:30

 

Cause:

Every DC is assigned a unique GUID, the information is stored in replUpToDateVector and is not deleted if a DC is removed from the domain in any manner (DCPromo or through a method described in MS KB 216498).  This information may be considered historical or a bug that Microsoft should fix.

 

More Information:

All vector replication information is stored in the Configuration container of the forest root domain in the replUpToDateVector attribute.  (i.e. CN=replUpToDateVector,CN=Configuration, DC=domain,DC=com).

 

The information stored in the replUpToDateVector can be viewed by using the ADFind utility from www.joeware.net (http://www.joeware.net/freetools/tools/adfind/index.htm) using the following syntax:

 

adfind -config -s base

 

Example Output:

AdFind V01.36.00cpp Joe Richards (joe@joeware.net) February 2007

 

Using server: server.domain.com:389

Directory: Windows Server 2003

Base DN: CN=Configuration,DC=Domain,DC=com

 

dn:CN=Configuration,DC=Domain,DC=com

>objectClass: top

>objectClass: configuration

>cn: Configuration

>distinguishedName: CN=Configuration,DC=Domain,DC=com

>instanceType: 13

>whenCreated: 20031014190810.0Z

>whenChanged: 20070524034750.0Z

>subRefs: CN=Schema,CN=Configuration,DC=Domain,DC=com

>uSNCreated: 6810

>dSASignature: 0100 0000 2800 0000 0000 0000 0000 0000 0000 0000 0000 0000 8DD8

D106 6CF3 714D 9717 7D8C B1F8 F8A7

>uSNChanged: 4506204

>showInAdvancedViewOnly: TRUE

>name: Configuration

>objectGUID: {15CBF26C-3B9B-4951-B457-AA414D686F77}

>replUpToDateVector: 0200 0000 0000 0000 3E00 0000 0000 0000 906E CA01 207D 9C4F

 BA7B 823A 72FC 459E FBBA 2100 0000 0000 8D7C 19F9 0200 0000 26D7 7110 AC73 CF4B

 8FFE C335 EFF7 6961 30CA 1B00 0000 0000 DF7C 66FC 0200 0000 E027 AA11 4E79 F34F

 BBD0 C381 0AC2 4857 939A 0000 0000 0000 B4A0 E2F5 0200 0000 C573 0012 6FEC CA42

 8650 E2AC 243D 6468 E669 0300 0000 0000 B97C 66FC 0200 0000 D734 0713 F286 D24A

 A671 07E2 053C 88AC 0703 2900 0000 0000 B97C 66FC 0200 0000 B6B4 9B1D 4A05 0C44

 AEDF 7A3F 2883 7E7F 9577 9001 0000 0000

<….truncated….>

 

 

To locate the GUIDs in the replUpToDateVector output you can simply convert the first 3 groups of numbers in the GUID to little endian format and group them by four characters each

 

Example:

GUID: 01ca6e90-7d20-4f9c-ba7b-823a72fc459e

Little Endian: 096E CA01 207D 9C4F

 

Then search the replUpToDateVector for the first 4 numbers (096E), then comparing the following numbers to verify the complete GUID was found.

 

Example:

replUpToDateVector: 0200 0000 0000 0000 3E00 0000 0000 0000 906E CA01 207D 9C4F

 BA7B 823A 72FC 459E FBBA 2100 0000 0000 8D7C 19F9 0200 0000 26D7 7110 AC73 CF4B

 8FFE C335 EFF7 6961 30CA 1B00 0000 0000 DF7C 66FC 0200 0000 E027 AA11 4E79 F34F

 

Repeat for each GUID as needed.

 

You can find the GUID assigned to every active DC in a domain by using the Repadmin utility.

repadmin /showreps DC=Domain,DC=com server.domain.com

 

Example Output:

Sitename\Server1

DC Options: IS_GC

Site Options: (none)

DC object GUID: 9ac89505-3df6-47a9-9590-961d5a1f43eb

DC invocationID: 8cc0dee8-f2ea-40c1-8447-41ecd1e7597b

 

==== INBOUND NEIGHBORS ======================================

 

DC=Domain,DC=com

    SiteName2\Server2 via RPC

        DC object GUID: 3c54effb-8627-40f9-b0f5-92d8a3fb8199

        Last attempt @ 2007-05-24 15:17:29 was successful.

    SiteName3\Server3 via RPC

        DC object GUID: 12d8f491-44f9-4702-9689-d2f57074b369

        Last attempt @ 2007-05-24 15:17:29 was successful.

    SiteName4\Server4 via RPC

        DC object GUID: 9efb5525-bad6-4b2a-a3a6-370e0bdceb53

        Last attempt @ 2007-05-24 15:17:29 was successful.

 

 

You may find the GUID assigned to every DC in every domain in the forest by issuing the following query to AD:

"CN=Configuration,DC=domain,DC=com"

Search Scope: SubTree

(objectCategory=ntdsDsa)

Attribute List: objectguid

 

Other values of interest beyond the scope of this article:

retiredReplDSASignatures; invocationID

 

 

 

 

Article ID: 31, Created On: 9/16/2011, Modified: 9/16/2011