Script repository

Force Active Directory replication

Updated on: Jan 18, 2026, Views: 12322

Miscellaneous

The scripts force replication in the domain of the object the script is executed for. To execute the script, create a business rule, custom command or scheduled task configured for the required object type.

The scripts can cause high replication traffic between your AD domain controllers.

The scripts use the credentials of the account specified in the Run As section of the Run a program or PowerShell script action. Make sure that the user has sufficient permissions to connect to DCs used by Adaxes via PowerShell remoting and force AD replication.

Synchronize with all domain controllers

In the script block, set the $allPartitions variable to $true to force replication of all Active Directory partitions. When set to $false, only the default partition will be replicated.

# Get the DC that Adaxes uses for the domain.
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

# Get credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)

# Invoke command
$result = Invoke-Command -ComputerName $domainControllerFQDN -Credential $credential -ErrorAction Stop -ScriptBlock {
    $allPartitions = $True # TODO: modify me
    
    $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    
    foreach ($dc in $domain.DomainControllers)
    {
        $partitions = @()
        if ($allPartitions) 
        {
            $partitions += $dc.Partitions
        }
        else
        {
            $partitions += ([ADSI]"").distinguishedName
        }
        
        foreach ($partition in $partitions)
        {
            "$($dc.Name) - Syncing replicas from all servers for partition '$partition'"
            $dc.SyncReplicaFromAllServers($partition, 'CrossSite')
        }
    }
}

if (-not [System.String]::IsNullOrEmpty($result))
{
    $result | %% {$Context.LogMessage($_, "Information")}
}

Synchronize with specific domain controllers only

Parameters

  • $allPartitions - when set to $true, the script forces replication of all Active Directory partitions. When set to $false, only the default partition will be replicated.
  • $domainControllers - the domain controllers to force replication for.
# Get the DC that Adaxes uses for the domain.
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

# Get credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)

# Invoke command
$result = Invoke-Command -ComputerName $domainControllerFQDN -ArgumentList $domainControllerFQDN -Credential $credential -ErrorAction Stop -ScriptBlock {
    param($domainControllerFQDN)
    $allPartitions = $True # TODO: modify me
    $domainControllers = @("mydc1.domain.com", "mydc2.domain.com") # TODO: modify me
    
    $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    foreach ($dc in $domain.DomainControllers)
    {
        if ($domainControllerFQDN -eq $dc.Name -or $domainControllers -notcontains $dc.Name)
        {
            continue
        }
        
        $partitions = @()
        if ($allPartitions) 
        {
            $partitions += $dc.Partitions
        }
        else
        {
            $partitions += ([ADSI]"").distinguishedName
        }
        
        foreach ($partition in $partitions)
        {
            "$($dc.Name) - Syncing replicas from all servers for partition '$partition'"
            $dc.SyncReplicaFromServer($partition, $domainControllerFQDN)
        }
    }
}

if (-not [System.String]::IsNullOrEmpty($result))
{
    $result | %% {$Context.LogMessage($_, "Information")}
}

Comments 2

You must be signed in to comment.

  • Easton Straus

    Easton Straus

    Hello,

    I have added the first script to sync with all domain controllers and I left all partions to true. But when I run it, I get the following errors in the execution log. is the script still correct:

    Cannot bind argument to parameter 'String' because it is null. Stack trace: at , : line 7
    Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "userName" is not valid. Change the value of the "userName" argument and run the operation again." Stack trace: at , : line 8
    Cannot process argument transformation on parameter 'Credential'. A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: Enter your credentials. Stack trace: at , : line 11

    • Support

      Support

      Hello Easton,

      The script uses the credentials specified in the Run as section of the Run a program or PowerShell script action. According to the errors, you did not specify the credentials. Mae sure to do that as described in the instructions to the scripts in the beginning of the article.

Got questions?

Support Questions & Answers

We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.