Active Directory Health Check

Active Directory – Health Check

Note : The following commands and script are to be run from a domain controller with enterprise / domain admin privileges. You may run the individual commands one by one or run the script. The script will run all the commands listed and generate a report

1. Replsummary operation quickly and concisely summarizes the replication state and relative health of a forest.

repadmin /replsummary

2. Synchronizes a specified domain controller with all replication partners, and reports if the sync was successful or not

repadmin /syncall /e

repadmin /syncall /Aped

A ( All partitions ) P ( Push ) E( Enterprise ) D ( Distinguished Name )

3. Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology

repadmin /kcc *

4. Find the last time your DCs were backed up, by reading the DSASignature attribute from all servers

Repadmin /showbackup *

5. Output all replication summary information from all DCs

Repadmin /showrepl *

6. Displays inbound replication requests that the domain controller has to issue to become consistent with its source replication partners.

Repadmin / queue *

7. List all the Domain Controllers in Active Directory

DSQUERY Server -o rdn

8. Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.

Repadmin /replsummary

9. Displays calls that have not yet been answered, made by the specified server to other servers

repadmin /showoutcalls *

10. List the Topology information of all the bridgehead servers

repadmin /bridgeheads * /verbose

11. Inter Site Topology Generator Report

repadmin /istg * /verbose

12. Displays a list of failed replication events detected by the Knowledge Consistency Checker (KCC).

repadmin /failcache *

13. Lists all domains trusted by a specified domain

Repadmin /showtrust *

14. Displays the replication features for, a directory partition on a domain controller.

repadmin /bind *

15. Dcdiag analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting

dcdiag /c /e /v

16. AD Health Check Script

This script will run all the commands mentioned in this document and generate an output/log file

This script will work under the following conditions

·         DSQUERY.exe is present in C:\Windows\System32

·         Repadmin.exe is present in C:\Windows\System32

·         Dcdiag.exe is present in C:\Windows\System32

(In case of Windows Server 2003 Dcdiag and Repadmin are not installed by default, Administrator has to install Support tools for Windows Server 2003 for the script to work)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s