Active Directory Health Check

-

Active Directory Health Check

11 Replies
Active Directory – Health Check
Note : The following commands and script are to be run from a domain controller with enterprise / domain admin privileges. You may run the individual commands one by one or run the script. The script will run all the commands listed and generate a report
1. Replsummary operation quickly and concisely summarizes the replication state and relative health of a forest.
repadmin /replsummary
2. Synchronizes a specified domain controller with all replication partners, and reports if the sync was successful or not
repadmin /syncall /e
repadmin /syncall /Aped
A ( All partitions ) P ( Push ) E( Enterprise ) D ( Distinguished Name )
3. Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology
repadmin /kcc *
4. Find the last time your DCs were backed up, by reading the DSASignature attribute from all servers
Repadmin /showbackup *
5. Output all replication summary information from all DCs
Repadmin /showrepl *
6. Displays inbound replication requests that the domain controller has to issue to become consistent with its source replication partners.
Repadmin / queue *
7. List all the Domain Controllers in Active Directory
DSQUERY Server -o rdn
8. Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.
Repadmin /replsummary
9. Displays calls that have not yet been answered, made by the specified server to other servers
repadmin /showoutcalls *
10. List the Topology information of all the bridgehead servers
repadmin /bridgeheads * /verbose
11. Inter Site Topology Generator Report
repadmin /istg * /verbose
12. Displays a list of failed replication events detected by the Knowledge Consistency Checker (KCC).
repadmin /failcache *
13. Lists all domains trusted by a specified domain
Repadmin /showtrust *
14. Displays the replication features for, a directory partition on a domain controller.
repadmin /bind *
15. Dcdiag analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting
dcdiag /c /e /v
16. AD Health Check Script
This script will run all the commands mentioned in this document and generate an output/log file
This script will work under the following conditions
·         DSQUERY.exe is present in C:\Windows\System32
·         Repadmin.exe is present in C:\Windows\System32
·         Dcdiag.exe is present in C:\Windows\System32
(In case of Windows Server 2003 Dcdiag and Repadmin are not installed by default, Administrator has to install Support tools for Windows Server 2003 for the script to work)
Windows Server 2003 Sp1 Support tools
Windows Server 2003 Sp2 Support tools
·         Read and Write permissions present on C: Drive, this is required as the report is written to    the root of the C drive. Administrator can change the script to flush the output to a different drive
·         The script should be run under the Enterprise admin / Domain Admin Login
·         ADHealth.bat — > AD Health Check Script Script (Mirror)
·         ADHealth.doc is a sample output/log that is generated by the script
============================================================================

Comments

Post a Comment

Popular posts from this blog

Troubleshooting Netlogon Error Codes

-
Image
Quick Reference: Troubleshooting Netlogon Error Codes ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ January 28, 2013   by  Mark Morowczynski [MSFT]   //   24 Comments 0 0 Hi this is Brandon Wilson and today I will be providing you with a quick reference for troubleshooting Netlogon error codes. I say “quick reference” very loosely here, because this is one of those sticky subjects that can easily expand into many more areas and become a very long discussion. So, I’m going to do my best to focus on just the codes and possible solutions for the error codes that are more common to see. Anyone who has dealt with some of these issues knows that some of these outlined areas can lead to huge revenue loss for a business, or at the very least an annoying authentication prompt J I welcome you to leave comments and questions, or suggestions for articles that you as the reader would be interested in seeing us do on AskPFE Platforms ( http://blogs.tech...
Read more

Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

-
Image
Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe) Table of Contents SPN Purpose SPN Format SetSPN Viewing or Checking SPN Registrations SPN Registration Errors Related to SPN Registration or Configuration Manually Registering SPNs Troubleshooting SPN Issues Resolving SPN Registration Issues SPN Lookup Errors Delegation External Articles SPN Purpose A service principal name (SPN) is the name by which a Kerberos client uniquely identifies an instance of a service for a given Kerberos target computer. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. ↑  Return to T...
Read more

Troubleshooting AD Active Directory Replication Error 8456 or 8457: "The source | destination server is currently rejecting replication requests"

-
Symptoms  This article describes the symptoms, cause, and resolution steps for situations where Active Directory operations fail with error 8456 or 8457: "The source | destination server is currently rejecting replication requests" The DCPROMO promotion of a new domain controller in an existing forest fails with the error "The source server is currently rejecting replication requests."  Dialog title text:    Active Directory Installation Wizard   Dialog message text:   The operation failed because:   Active Directory could not transfer the remaining data in directory partition   to domain controller .  "The source server is currently rejecting replication requests." DCDIAG reports the error "The source server is currently rejecting replication requests" or "The destination server is currently rejecting replication requests." Testing server: Default-First-Site-Name\     ...
Read more