π ~1 min read
Table of contents
Symptom & Impact
Domain controllers fail to replicate and show RPC error 1722 in Directory Service and DFS Replication logs. New users, password updates, and group policy changes may not propagate between sites. If left unresolved, authentication and authorization behavior becomes inconsistent across the domain.
Quick Checks
Validate AD replication health, DNS name resolution, and RPC service status before deeper changes.
repadmin /replsummary
repadmin /showrepl * /csv
dcdiag /test:DNS /v
Get-Service RpcSs,Netlogon,KDCDeep Diagnosis
Confirm site links, firewall ports, and stale DNS records are not blocking replication sessions between partner controllers.
nltest /dsgetdc:contoso.local
Resolve-DnsName dc2.contoso.local
Get-WinEvent -LogName 'Directory Service' -MaxEvents 50 | Select TimeCreated,Id,Message
Test-NetConnection dc2.contoso.local -Port 135Primary Fix
Repair DNS registration, restart directory-related services, and force full replication sync after connectivity is verified.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
ipconfig /registerdns
Restart-Service Netlogon
Restart-Service KDC
repadmin /syncall /AdePVerification
Replication should complete without consecutive failures and KCC topology should converge normally.
repadmin /replsummary
repadmin /showrepl * /errorsonly
Get-ADReplicationPartnerMetadata -Target * -Scope Domain | Select Server,LastReplicationSuccessPrevention & Hardening
Use DNS scavenging policies, monitor replication latency, and alert on Event IDs tied to transport and topology failures.
Get-ADReplicationFailure -Target * -Scope Forest
Get-DnsServerScavenging
wevtutil qe 'Directory Service' /q:'*[System[(Level=2)]]' /f:text /c:20
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
