Searching AD for manually created replication links (Originally composed July 2011)

---

During recent AD troubleshooting by colleagues whilst I was on holiday,
several manual replication links were created. I came up with the below
method to determine manual links in the forest.



Click Start, Run, ldp.exe (get support tools for your OS if not present,
should be on any DC).

Click Connection, Connect, then enter the name of any DC, performance
will be better if its in your site.

Click Connection, Bind, then use currently logged in user even if you
the account doesn't have Domain\Enterprise Admin - only Domain User
rights are required.

Click Browse, then Search.

Enter the Base DN as a the DN of any of your forest domains i.e.
dc=domain01,dc=local or dc=London,dc=rootdomain,dc=local

Enter the filter as objectclass=ntdsconnection

Set the scope to Subtree

Enter the attributes as ms-ds-replicatesncreason

Click Run

Examine the output for any one liners i.e.



The below is NOT manually created as it DOES have a
mS-DS-ReplicatesNCReason value;

Dn: CN=9a9e3868-bc17-456a-891c-cc2dda1829ba,CN=NTDS
Settings,CN=GWDINFR04,CN=Servers,CN=Singapore-DR,CN=Sites,CN=Configurati
on,DC=manfinancial,DC=net

mS-DS-ReplicatesNCReason (7):
B:8:00000060:CN=Configuration,DC=manfinancial,DC=net;
B:8:00000060:DC=intldn,DC=manfinancial,DC=net;
B:8:00000060:DC=tteurope,DC=manfinancial,DC=net;
B:8:00000060:DC=can,DC=manfinancial,DC=net;
B:8:00000060:DC=manchg01,DC=manfinancial,DC=net;
B:8:00000060:DC=manny01,DC=manfinancial,DC=net;
B:8:00000060:DC=ForestDnsZones,DC=manfinancial,DC=net;

whenChanged: 06/05/2011 21:31:35 GMT Daylight Time;

whenCreated: 06/05/2011 21:22:08 GMT Daylight Time;



The below IS manually created as it DOES NOT have a
mS-DS-ReplicatesNCReason value;

Dn: CN=NYWPCORE01,CN=NTDS
Settings,CN=LWPCORE03,CN=Servers,CN=London-IX-Servers,CN=Sites,CN=Config
uration,DC=manfinancial,DC=net

whenChanged: 07/05/2011 16:42:53 GMT Daylight Time;

whenCreated: 07/05/2011 16:38:04 GMT Daylight Time;



If you with to further examine, or delete, the manually created links
in, for example, dssite.msc aka "Active Directory Sites and Services",
you will need to work out which DC object contains the replication link.
This can be worked out by looking at the third, fourth and fifth "CN="
statements i.e. in the below entry, you'd need to browse to the Site
London-IX-Servers (fifth "CN=" value), then expand Servers (fourth "CN="
value), then expand the server LWPCORE03 (third "CN=" value) - you'll
need to expand the NTDS Settings container to see the replication
object. If you are thinking of deleting it, I'd first RDP on to both
servers involved and ensure that a "repadmin