Force Active Directory Replication

Use Case

You’ve made updates in your local Active Directory or Azure Active Directory and wish to force the updates immediately, rather than wait for the sync interval.

Force Immediate Replication of Active Directory and Azure Active Directory

Directions

Typically, you will not log into a domain controller directly to run an Azure AD sync, or Active Directory replication.

You also likely do not have ADSyncTools cmdlets or Domain Controller related cmdlts installed and available on your local machine.

Remotely execute the replication command using PowerShell Invoke-Command to circumvent this.

The following commands can be run standalone, or as part of a script.

True power lies in including these lines within a user/group creation PowerShell script, which likely will not be running off a domain controller

Azure AD

Invoke-Command -ComputerName "HostnameOfDomainControllerRunningAzureADConnect" -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta}

If you don’t want to see the result of the command, you can pipe the output to null. Simply add | out-null to the end of the command. Eg:

Invoke-Command -ComputerName "HostnameOfDomainControllerRunningAzureADConnect" -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} | out-null

Local AD

Invoke-Command -ComputerName "HostnameOfDomainController" -ScriptBlock {repadmin /syncall "HostnameOfDomainController" /APed}

**NOTE*** The /APed portion of the command is case sensitive, unlike most other PowerShell commands.

If you don’t want to see the result of the command, as the repadmin command returns a lot of text, you can pipe the output to null. Simply add | out-null to the end of the command. Eg:

Invoke-Command -ComputerName "HostnameOfDomainController" -ScriptBlock {repadmin /syncall "HostnameOfDomainController" /APed} | out-null

Additional Notes

Default Replication Intervals

Azure AD

Azure AD default sync interval is every 30 minutes, unless otherwise configured.

You can confirm your SyncCycleInterval, by running the following PowerShell command on the Domain Controller running Azure AD Connect in your environment:

Get-ADSyncScheduler

Local AD

Local Active Directory replication time varies significantly by default.

Instant updates (Critical), 15 second updates (Non-Critical within local Site DC’s), and once-per-hour (Between remote site DC’s) updates can all occur by default.

Intra-site replication is configured within Active Directory Sites and Services, within the properties of NTDS Site settings:

Leave a comment

Your email address will not be published. Required fields are marked *