The script forces replication in the domain of the object the script is executed for. You can use the script in a business rule, custom command or scheduled task.
Security-sensitive changes, such as user password change or account lock-outs, are replicated immediately by default. There is no need to force replication of such events. For details, see Understanding Urgent Replication.
Caution: The script can cause high replication traffic between your AD domain controllers.
IMPORTANT: The script uses credentials of the account specified in the Run As section of the Run a program or PowerShell script action. Make sure that the user has sufficient permissions to connect to DCs used by Adaxes via PowerShell remoting and force AD replication.
Synchronize with all domain controllers
In the script, set the $allPartitions variable to $True to force replication of all Active Directory partitions. When set to $False, only the default partition will be replicated.
PowerShell
# Get the DC that Adaxes uses for the domain
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")
# Get credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
# Invoke command
$result = Invoke-Command -ComputerName $domainControllerFQDN -Credential $credential -ErrorAction Stop -ScriptBlock {
$allPartitions = $True # TODO: modify me
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
foreach ($dc in $domain.DomainControllers)
{
$partitions = @()
if ($allPartitions)
{
$partitions += $dc.Partitions
}
else
{
$partitions += ([ADSI]"").distinguishedName
}
foreach ($partition in $partitions)
{
"$($dc.Name) - Syncing replicas from all servers for partition '$partition'"
$dc.SyncReplicaFromAllServers($partition, 'CrossSite')
}
}
}
if (-not [System.String]::IsNullOrEmpty($result))
{
$result | %% {$Context.LogMessage($_, "Information")}
}
Synchronize with specific domain controllers only
Parameters:
- $allPartitions - when set to $True, the script forces replication of all Active Directory partitions. When set to $False, only the default partition will be replicated.
- $domainControllers - specifies the domain controllers for which the synchronization will be performed.
PowerShell
# Get the DC that Adaxes uses for the domain
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")
# Get credentials
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
# Invoke command
$result = Invoke-Command -ComputerName $domainControllerFQDN -ArgumentList $domainControllerFQDN -Credential $credential -ErrorAction Stop -ScriptBlock {
param($domainControllerFQDN)
$allPartitions = $True # TODO: modify me
$domainControllers = @("mydc1.domain.com", "mydc2.domain.com") # TODO: modify me
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
foreach ($dc in $domain.DomainControllers)
{
if ($domainControllerFQDN -eq $dc.Name -or $domainControllers -notcontains $dc.Name)
{
continue
}
$partitions = @()
if ($allPartitions)
{
$partitions += $dc.Partitions
}
else
{
$partitions += ([ADSI]"").distinguishedName
}
foreach ($partition in $partitions)
{
"$($dc.Name) - Syncing replicas from all servers for partition '$partition'"
$dc.SyncReplicaFromServer($partition, $domainControllerFQDN)
}
}
}
if (-not [System.String]::IsNullOrEmpty($result))
{
$result | %% {$Context.LogMessage($_, "Information")}
}
I have added the first script to sync with all domain controllers and I left all partions to true. But when I run it, I get the following errors in the execution log. is the script still correct:
Cannot bind argument to parameter 'String' because it is null. Stack trace: at <ScriptBlock>, <No file>: line 7
Exception calling ".ctor" with "2" argument(s): "Cannot process argument because the value of argument "userName" is not valid. Change the value of the "userName" argument and run the operation again." Stack trace: at <ScriptBlock>, <No file>: line 8
Cannot process argument transformation on parameter 'Credential'. A command that prompts the user failed because the host program or the command type does not support user interaction. The host was attempting to request confirmation with the following message: Enter your credentials. Stack trace: at <ScriptBlock>, <No file>: line 11
The script uses the credentials specified in the Run as section of the Run a program or PowerShell script action. According to the errors, you did not specify the credentials. Mae sure to do that as described in the instructions to the scripts in the beginning of the article.