Purpose of the Instructions


Enable/Disable AD LDS Replication:

  • If replication is not working, and the replica server or installer reports that the source server is rejecting replication, you can verify and manage the replication status using these commands.

Commands Explained


Disabling Replication:

shell


repadmin /options servername:port +DISABLE_OUTBOUND_REPL
repadmin /options servername:port +DISABLE_INBOUND_REPL
  • These commands disable outbound and inbound replication for the specified AD LDS instance.
  • +DISABLE_OUTBOUND_REPL: Stops the server from sending replication updates.
  • +DISABLE_INBOUND_REPL: Stops the server from receiving replication updates.

Enabling Replication:

shell


repadmin /options servername:port -DISABLE_OUTBOUND_REPL
repadmin /options servername:port -DISABLE_INBOUND_REPL
  • These commands enable outbound and inbound replication for the specified AD LDS instance.
  • -DISABLE_OUTBOUND_REPL: Allows the server to send replication updates again.
  • -DISABLE_INBOUND_REPL: Allows the server to receive replication updates again.

Key Points

  1. Event Viewer Verification:

    • Before using these commands, check the Event Viewer to verify if replication is enabled or disabled, as this might give insights into why replication is failing.

  2. Correct Command Syntax:

    • Ensure the servername:port is specified before the flags (+ or -) to disable or enable replication. If this syntax is not followed, the command will fail.

  3. Server and Port Specification:

    • Replace servername with the actual name of the server where the RADIUS plugin or the API service is installed.
    • Replace port with the appropriate port number, typically 5000 by default or another port if specified during installation.

  4. Domain Admin Privileges:

    • These commands need to be executed by a user with domain admin privileges to ensure proper permissions for managing replication settings.

Practical Use

  • Troubleshooting: If AD LDS replication is facing issues, disabling and re-enabling replication can help reset the replication state and resolve issues.
  • Maintenance: During certain maintenance activities, it might be necessary to temporarily disable replication to prevent inconsistencies or conflicts.

By using these commands, you can control the replication behavior of your AD LDS instances, which is critical for maintaining a healthy and functional directory service environment.