Thursday, May 15, 2014

AD Health Checks for Domain Controllers

I recently had a request from a customer to provide some reports on how well their AD replication was working.  I found these come in helpful during routine maintenance or for specific requests on health checks.

Hope these help.

Dcdiag.exe /v >> c:\temp\pre_dcdiag.txt
This is a must!  It will always tell you if there is trouble with your DCs and/or services associated with it.

Netdiag.exe /v >> c:\temp\pre_Netdiag.txtThis will let you know if there are issues with the networking components on the DC.

Netsh dhcp show server >> c:\temp\pre_dhcp.txtYou may not want to do this but I've ran into issues with a DHCP server somehow not being authorized after a patch.  This allows me verify the server count and names.

Repadmin /showreps >> c:\temp\pre_rep_partners.txtThis shows all replication and if it was successful or not.  Be aware that Global Catalogs will have more info than a normal domain controller.

repadmin /replsum /errorsonly >> c:\temp\pre_repadmin_err.txtThis command takes a while to run but will let you know which server are having issues replicating.

Update 04/08/15:  Below is the text you can put into a script file that will dump everything you need into one text file for you to use for troubleshooting.  The commands above are great if that's all you need but now I use this script to grab it all at once.

@Echo Off
ECHO Running AD Health Checks - Notepad will open after completion
ECHO This Command Prompt will close after you close Notepad
set logfile=%userprofile%\Desktop\ADHealth.txt
echo You can share this log using http://pastie.org/pastes/new > %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Finds system boot time
echo System Boot Time ------------------------------------------------------------- >> %logfile%
systeminfo | find "System Boot Time:" >> %logfile%
systeminfo | find "System Up Time:" >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Displays all current TCP/IP network configuration values
echo IPCONFIG ------------------------------------------------------------- >> %logfile%
ipconfig /all >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Analyse the state of domain controllers in a forest and reports any problems to assist in troubleshooting
echo DCDIAG ------------------------------------------------------------- >> %logfile%
dcdiag /a >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM The replsummary operation quickly summarizes the replication state and relative health
echo Replsummary ------------------------------------------------------------- >> %logfile%
repadmin /replsummary >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Displays the replication partners for each directory partition on the specified domain controller
echo Showrepl ------------------------------------------------------------- >> %logfile%
repadmin /showrepl >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Query FSMO roles
echo NETDOM Query FSMO ------------------------------------------------------------- >> %logfile%
netdom query fsmo >> %logfile%
REM Query Global Catalogs
echo List Global Catalogs ------------------------------------------------------------- >> %logfile%
for /f "tokens=2" %%a in ('systeminfo ^| findstr Domain:') do set domain=%%a
nslookup -querytype=srv _gc._tcp.%domain% >> %logfile%
notepad %logfile%

No comments: