DCDiag -- Basic Domain Diagnostics
NetDiag -- Domain Controller Network Diagnostics
REPLMon -- Replication Monitor
NETDom -- Domain and Trust Diagnostics
AD Replication Health Check
If you have reported replication problems with a Domain Controller what diagnostic tools are in your toolkit to help diagnose the problem? Stage one would be to identify any simple connectivity problems on the machine, the netsh command is a great way to run a quick test.
Netsh diag show test
As Domain Controller’s communicate using GUID’s rather than machine name’s it is important to ensure that DNS records are in place for the Domain Controllers in the environment and that the DC’s in question is able to resolve them.
Dnslint /s localhost /ad
If connectivity and name resolution is in good shape the next step would be to look at active directory for any errors that may have occurred. The DCDiag utility is a great way to health check a machine.
DCDiag or to get futher detail dcdiag /verbose
Be careful when reading the DCDiag information to look for the date of the error when considering any messages, often problems may have occurred because of a connectivity problem which has since been solved. From DCDiag you may then need to investigate the eventlogs, FRS replication using Sonar, Replication using replmon or repadmin.
Another important utility that is available allows you to check the consistency between two domain controllers. This can quickly provide a high level of confidence that replication problems have been resolved or identify where there are large discrepancies between Domain Controllers. Remember that when comparing machines between sites there will naturally be a discrepancy until the next scheduled cross site replication which may be every 3hrs for example.
Dsastat –s:DC1;DC2
You can use Replmon or repadmin to force replication across site links and the use Dsastat again to confirm that the two Domain Controllers have converged.
Another Health Check Project
Domain Controller Health Check
Preparatory Work
Update Server Documentation
Gather Inventory of domain controllers from the ADU&C | Domain Controllers node
Locate current documentation from client on AD structure
Locate current documentation from client of site/ core topology
Document name of every AD domain and Sub-domain
Document name and IP address of every Server
Document all trust relationships
Install Support Tools
Server
Log on to the server with Server Administrator privileges
Insert the windows 2000/2003 disk into the CD drive
Navigate to CD:\\tools\Support Tools
Run Setup.exe
Wait as the Support Tools are installed on the server
Preparatory Work Completed
Verify Health of the Domain
Create Log Directories for all Diagnostic Files
Create a Logs Directory at the root of C:\ on the server as C:\Logs
Verify DNS function with NSLOOKUP
Drop to a Command Prompt
"At the Command Prompt, key in 'Nslookup'
Resolve each replication partner
Resolve every AD domain and Sub-domain
Remediate any failed resolutions
Verify replication function and topology with REPLMON
Navigate to Start | Programs | Administrative Tools | Support Tools | Replmon
Select the server (
Select Action | Server | Generate Status Report
"When Prompted, specify the file name as c:\Logs\
"in the Report Options, select all of the reporting options"
Click OK
Verify DC health with DCDIAG /verbose on each domain controller
Drop to a Command Prompt
Key in 'DCDIAG /s:
Wait as the Diagnostic completes
Remediate any errors displayed
Run DCDIAG /s:
Repeat the diagnostic
Verify network connectivity health with NETDIAG /verbose
Drop to a Command Prompt
NETDIAG /v > C:\Logs\
Wait as the diagnostic completes
Remediate any errors displayed
Run Netdiag /fix
Run the NETDIAG diagnostic again
Verify all trusts with NETDOM
Drop to a Command Prompt
"At the Command Prompt, key in 'NetDom query /verify'
Verify that all trusts are working and responding to the stored passwords
Remediate all errors before continuing
Repeat for each additional Controller
What new functionality is added to this feature in Windows Server 2003 Service Pack 1?There are two significant improvements to DCDiag in Windows Server 2003 Service Pack 1:
DCDIAG /TEST:DNS to validate DNS health.
DCDIAG /CheckSecurityError to detect security configurations that can cause Active Directory replication to fail.
Another Project Yet to be tested.
download tail for windows ( tail.exe)
create a file in c:\healthcheck.txt
time /t >c:\healthcheck.txt
date /t >>c:\healthcheck.txt
"c:\program files\supports\dcdiag" /s:servername /v >>c:\healthcheck.txt
"c:\program files\support tools\netdiag" /v >>c:\healthcheck.txt
gpresult /z >>c:\healthcheck.txt
ipconfig/all >>c:\healthcheck.txt
repadmin /showreps >>c:\healthcheck.txt
repadmin /syncall /e >>c:\healthcheck.txt
repadmin /syncall /e /P >>c:\healthcheck.txt
wmic qfe >>c:\healthcheck.txt
"c:\program files\support tools\netdom" queryfsmo
"c:\program files\support tools\netdom" query /verify
"c:\program files\support toolos\dnslink" /ad ip address /s ipaddress
start c:\healthcheck.txt
##where the /ad parameter is used to specify an Active Directory domain controller that can be used to find the GUIDs for all the domain controllers in the
#Active Directory forest. By default, all domain controllers in a forest should have this information. The /s option is required when you use the /ad
#function. The /s option is used to tell DNSLint the IP address of a DNS server that is authoritative for the _msdcs.forest root zone.
#When you run this command, DNSLint first contacts the Active Directory domain controller specified after the /ad switch (169.254.32.1). This command causes
#DNSLint to query the Active Directory on this domain controller for all the GUIDs in the Active Directory forest. Specifically, it queries the following
#location in the Active Directory
#CN=NTDS Settings, CN=Sites,CN=Configuration,DC=reskit,DC=com
#where DC=reskit,DC=com is the root of the Active Directory forest.
## if netdiag found errors, use the following command to fix the errors "Netdiag /fix". Once fix, run the netdiag /v command again to verify
# Run DCDIAG /s:
Thanks for sharing such wonderful source.
ReplyDeleteWeb Hosting companies in India | Domain Name Registration India | Shared hosting India | Website Security Certificate