Active Directory Troubleshooting Part 1
http://www.windowsnetworking.com/articles_tutorials/Active-Directory-Troubleshooting-Part1.html

Network Ports Used by Active Directory Replication
RPC replication uses dynamic port mapping as per the default setting. When you need to connect to an RPC endpoint during Active Directory replication, RPC uses TCP port 135. RPC on the client contacts the RPC endpoint mapper on the server at a well-known port and RPC randomly allocates high TCP ports from port 1024 to 65536. Because of this configuration, a client will never need to know what port to use for Active Directory replication; it will just take place seamlessly. There are also other ports assigned for Active Directory replication. There are as follows:


Protocol
Port

LDAP
udp 389
tcp 389

LDAP (SSL)
udp 636
tcp 636

Kerberos
udp 88
tcp 88

DNS
udp 53
tcp 53

SMB over IP
udp 445
tcp 445

Global Catalog Server
tcp 3269
tcp 3268



Examining the Event Logs:
Errors, if they occur, will show up in the Event Viewer logs. At the end of this article, I have placed a link to the Microsoft Website so that you can learn how to use the Event Viewer. The Event Viewer can be very helpful when trying to locate and resolve a replication problem. Many errors are reported to the Event Viewer for your review.

Whenever an error in the replication configuration occurs, the computer writes events to the Directory Service and File Replication Service (FRS) event logs. By using the Event Viewer administrative tool, you can quickly and easily view the details associated with any problems in replication. For example, if one domain controller is not able to communicate with another to transfer changes, a log entry is created.

You may receive events such as:

Event ID 1311 in the directory service log
Event ID 1265 with error "DNS Lookup Failure" or "RPC server is unavailable" in the directory service log. Or, received "DNS Lookup Failure" or "Target account name is incorrect" from the repadmin command
Event ID 1265 "Access denied," in directory service log. Or, received "Access denied" from the repadmin command
Note:
The link at the end of the article covers the explanation of these specific errors and more.


Verifying the Replication Topology
The Active Directory Sites and Services tool allows you to verify that a replication topology is logically consistent. You can quickly and easily perform this task by right-clicking the NTDS Settings within a Server object and choosing All Tasks => Check Replication Topology. If any errors are present, a dialog box alerts you to the problem.

You can verify the Active Directory topology using the Active Directory Sites and Services tool.

Besides for ensuring that replication always continues, you can also learn how to monitor it as well. There are several ways in which you can monitor the behavior of Active Directory replication and troubleshoot the process if problems occur. In our next article we will look at the replication monitor and part III of this article will cover the system monitor.


AD Troubleshooting Tools

http://www.windowsnetworking.com/articles_tutorials/Working-Domain-Controller-Diagnostic-Utility-Part1.html
Working With the Domain Controller Diagnostic Utility (Part 2)
Working With the Domain Controller Diagnostic Utility (Part 3)
Working With the Domain Controller Diagnostic Utility (Part 4)
Working With the Domain Controller Diagnostic Utility (Part 5)