The script forces replication in the domain of the object the script is executed for. You can use the script in a business rule, custom command or scheduled task.
Security-sensitive changes, such as user password change or account lock-outs, are replicated immediately by default. There is no need to force replication of such events. For details, see Understanding Urgent Replication.
Caution: The script can cause high replication traffic between your AD domain controllers.
IMPORTANT: The script uses credentials of the account specified in the Run As section of the Run a program or PowerShell script action. Make sure that the user has sufficient permissions to connect to DCs used by Adaxes via PowerShell remoting and force AD replication.
Synchronize with all domain controllers
In the script, set the $allPartitions variable to $True to force replication of all Active Directory partitions. When set to $False, only the default partition will be replicated.
# Get the DC that Adaxes uses for the domain
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")
# Get credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
# Invoke command
$result = Invoke-Command -ComputerName $domainControllerFQDN -Credential $credential -ErrorAction Stop -ScriptBlock {
$allPartitions = $True # TODO: modify me
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
foreach ($dc in $domain.DomainControllers)
{
$partitions = @()
if ($allPartitions)
{
$partitions += $dc.Partitions
}
else
{
$partitions += ([ADSI]"").distinguishedName
}
foreach ($partition in $partitions)
{
"$($dc.Name) - Syncing replicas from all servers for partition '$partition'"
$dc.SyncReplicaFromAllServers($partition, 'CrossSite')
}
}
}
if (-not [System.String]::IsNullOrEmpty($result))
{
$result | %% {$Context.LogMessage($_, "Information")}
}
Synchronize with specific domain controllers only
Parameters:
- $allPartitions - when set to $True, the script forces replication of all Active Directory partitions. When set to $False, only the default partition will be replicated.
- $domainControllers - specifies the domain controllers for which the synchronization will be performed.
# Get the DC that Adaxes uses for the domain
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")
# Get credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
# Invoke command
$result = Invoke-Command -ComputerName $domainControllerFQDN -ArgumentList $domainControllerFQDN -Credential $credential -ErrorAction Stop -ScriptBlock {
param($domainControllerFQDN)
$allPartitions = $True # TODO: modify me
$domainControllers = @("mydc1.domain.com", "mydc2.domain.com") # TODO: modify me
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
foreach ($dc in $domain.DomainControllers)
{
if ($domainControllerFQDN -eq $dc.Name -or $domainControllers -notcontains $dc.Name)
{
continue
}
$partitions = @()
if ($allPartitions)
{
$partitions += $dc.Partitions
}
else
{
$partitions += ([ADSI]"").distinguishedName
}
foreach ($partition in $partitions)
{
"$($dc.Name) - Syncing replicas from all servers for partition '$partition'"
$dc.SyncReplicaFromServer($partition, $domainControllerFQDN)
}
}
}
if (-not [System.String]::IsNullOrEmpty($result))
{
$result | %% {$Context.LogMessage($_, "Information")}
}