• Skip to primary navigation
  • Skip to content
  • Skip to footer
Dovestones Software Logo

Dovestones Software

Active Directory Software and Services

  • Products
    • AD Toolset Bundle
    • AD Bulk Users
    • AD Bulk Contacts
    • AD Reporting
    • AD Bulk Export
    • AD Photos
    • AD Find and Replace
    • True Last Logon
    • Active Directory Self Service
    • AD Self Password Reset
    • AD Phonebook
    • AD Self Update
  • Solutions
    • Active Directory Self Service
    • Import users into Active Directory
    • Import Active Directory photos into SharePoint
    • Update users that already exist in Active Directory
    • Report on Active Directory Users
    • Allow users to reset their own passwords.
    • Allow employees to update their own details Active Directory
  • Testimonials
  • Downloads
  • Purchase
    • Pricing & Purchase Online
    • Resellers
    • Quote Request
    • Purchase Orders
  • Support
    • Frequently Asked Questions (FAQs)
    • Documentation
    • Support Request Form
    • Uninstall Products
    • Find my license key
    • Blog
    • Videos
  • About Us
    • Enquiry Form
    • End User License Agreement
    • Privacy Policy

Active Directory Health Check

Dec 8, 2014 Active Directory, Active Directory Health Check

From time to time its worth running a health check on your Active Directory to make sure everything is running smoothly. We occasionally get a support questions that after some investigation boil down to an issue with the domain. Below we’ve listed some common areas to check and commands you can run to make sure your domain is healthy.

– Event Viewer
– Domain Controller Diagnostics Tool (Dcdiag.exe)
– Network Diagnostics Tool (Netdiag.exe)
–
Replication
– DNS
– Defragmentation

Event logs

Checking the Event Viewer is the first place to visit, make sure you re-check the logs after you make any changes. Check the Event Viewer logs for the following areas DFS Replication, Directory Service and DNS servers. Abnormal errors related to Active Directory services will be shown here, some common errors event are:

· Replication lingering(event ids 1388,1988,2042)

· Replication DNS lookup problems (event ids 1925,2087,2088)

· Replication connectivity problems (event id 1925)

· Replication topology problem (event id 1311)

Domain controllers diagnostic (DCDiag)

We can use DCDIAG to analyse each domain controller in the forest and report back any problems (http://technet.microsoft.com/en-us/library/cc731968.aspx ).

Command: Dcdiag.exe /v >> c:\dcdiag.txt
Description: Runs all tests in Verbose mode. Use >> to write the results to a file for easy reading.

Command: dcdiag /test:dns
Description: Test to validate DNS health.

Command: dcdiag /e
Description: Run a test on every domain controller from your enterprise.

Command: dcdiag /q
Description: Reports only detected errors.

Command: dcdiag /s: name of the server.
Description: Run dcdiag against a specified domain controller.

Network Diagnostics Tool (Netdiag.exe)

NetDiag is a command-line tool that performs a nnumber of network connectivity related tests.

Command: Netdiag.exe /v >> c:\netdiag.txt
Description: Run the command on each DC to check for network related issues.

Replication

First lets check replication is working, replication status can be checked with repadmin command (http://technet.microsoft.com/en-us/library/cc770963.aspx). This command is used to detect Active Directory replication problems between domain controllers from the same forest/domain, there are several arguments we can use.

Command: repadmin /showrepl
Description: Run this command too view all replication, it will show successes and errors.

Command: repadmin /replsummary
Description: List domain controllers that have issues with Active Directory replication.

Command: repadmin /replicate
Description: Force Active Directory domain controller replication.

Command: repadmin /kcc
Description: Force Active Directory domain controller to check its inbound replication topology and generate missing connections.

DNS

Active Directory relies on a correctly configured DNS infrastructure. DNS issues can be checked using the DNSLint tool. DNSLint is a command line utility for troubleshooting common DNS problems ( http://support.microsoft.com/kb/321045 ). There are three arguments that allow us to verify the DNS is working correctly.

Command: dnslint /ad
Description: Check DNS records used by Active Directory replication. This command should be followed by the IP address of an Active Directory domain controller.

Command: dnslint /d
Description: This argument checks causes of lame delegation. The domain name that you test can be a name that is registered for use on the Internet or a name that is used in a private namespace. When you test domain names on a private network, or domain names registered on the Internet that are more than two levels deep, you must use the /s option must be used.

Command: dnslint /ql
Description: Check a used-defined set of DNS records. Use this switch to test the DNS records from a text file. The full path for the file is required in order to run this command.

Defragmentation

Defragmentation is an automated process for Windows 2008 Server onwards. If you do have 2003 DCs then Active directory database compaction has to be done manually. You can do this following the steps on the page below.

http://technet.microsoft.com/en-us/library/cc772931(v=ws.10).aspx

Hopefully the list above will help, it’s not meant to be a comprehensive list just a place to start.

Footer

Dovestones Software

Copyright 2005 – 2023 © Infoopia Inc.
All rights reserved.

Registered office:

Infoopia Inc.
PO Box 93383
Newmarket Ontario
L3X 1A3
Canada

Phone (voice mail):
Toll-Free 1.877.335.8909
Outside of US/Canada +1.647.478.8078

Our Newsletter

Subscribe to our newsletter to receive the latest updates. You can review our privacy policy here.