The Object Replication option can be used to confirm that AD objects are being replicated correctly across the domain controllers in the domain. The option can be used to check all or specific objects are replicating across the selected domain controllers. The option will confirm that objects exist on the selected domain controllers and that the attributes of the object are also replicated.
This option uses a two step process to verify that replication is working. Firstly you need to select the context you want to check, this is defined by the Context option, the Default NC refers to the domain of the domain controller. Clicking on the Refresh button will display the list of domain controllers that hold a copy of the partition. You can select which domain controllers you want to test the replication against. The first checked server in the list is used as the source DC to compare the other selected DC against. You can change this server by using the Move to Top context menu to select an alternative source DC.
The next step you need to define the scope of the verification, this is specified by the Filter field, which is defined by an LDAP filter. By default the (objectclass=*) means that all the objects in the context will be checked. You can change the filter to limit the scope to a specific object type, like users or objects based on a specific search criteria.
By clicking on the Compare button, it will start the comparison.
As shown in the screenshot above, two objects have been identify that are different on the two selected domain controllers. This doesn't necessary mean that there is a problem with AD replication, as AD uses a multi-master loose consistency with convergence replication model, which means that any point in time some objects and their attributes may not be the same, however, over time they will converge so the objects and their attributes will be same. The AD topology and Sites and Services defines the replication schedule and how quickly the Domain Controllers will converge.
When using this option it is useful to understand the replication topology and the replication intervals between AD sites and what the replication configuration should be and then confirm, if it is or not working as expected. When selecting Domain Controllers that are in different AD sites, it can be helpful to perform an AD replication sync to ensure that any waiting changes are replicated or, it can be used to confirm that the replication schedule is working as expected.
When an item is found to be out of sync, it is added to the output pane, normally only the items that fail the comparison will be displayed in the results pane, however, if the Only Display Failure option is unchecked, then all objects will be displayed.
The context menu of the output pane has two additional options which lets you look at the differences between the object between on the selected domain controllers or the replication meta data, using the Attribute Replication and Object MetaData options.
Below are the results from the two menu options, which can be used to help identify which attributes are not in sync.