Active Directory Health Check

Active Directory – Health Check

Note : The following commands and script are to be run from a domain controller with enterprise / domain admin privileges. You may run the individual commands one by one or run the script. The script will run all the commands listed and generate a report

1. Replsummary operation quickly and concisely summarizes the replication state and relative health of a forest.

repadmin /replsummary

2. Synchronizes a specified domain controller with all replication partners, and reports if the sync was successful or not

repadmin /syncall /e

repadmin /syncall /Aped

A ( All partitions ) P ( Push ) E( Enterprise ) D ( Distinguished Name )

3. Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology

repadmin /kcc *

4. Find the last time your DCs were backed up, by reading the DSASignature attribute from all servers

Repadmin /showbackup *

5. Output all replication summary information from all DCs

Repadmin /showrepl *

6. Displays inbound replication requests that the domain controller has to issue to become consistent with its source replication partners.

Repadmin / queue *

7. List all the Domain Controllers in Active Directory

DSQUERY Server -o rdn

8. Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.

Repadmin /replsummary

9. Displays calls that have not yet been answered, made by the specified server to other servers

repadmin /showoutcalls *

10. List the Topology information of all the bridgehead servers

repadmin /bridgeheads * /verbose

11. Inter Site Topology Generator Report

repadmin /istg * /verbose

12. Displays a list of failed replication events detected by the Knowledge Consistency Checker (KCC).

repadmin /failcache *

13. Lists all domains trusted by a specified domain

Repadmin /showtrust *

14. Displays the replication features for, a directory partition on a domain controller.

repadmin /bind *

15. Dcdiag analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting

dcdiag /c /e /v

16. AD Health Check Script

This script will run all the commands mentioned in this document and generate an output/log file

This script will work under the following conditions

·         DSQUERY.exe is present in C:\Windows\System32

·         Repadmin.exe is present in C:\Windows\System32

·         Dcdiag.exe is present in C:\Windows\System32

(In case of Windows Server 2003 Dcdiag and Repadmin are not installed by default, Administrator has to install Support tools for Windows Server 2003 for the script to work)


5 thoughts on “Active Directory Health Check

  1. Simply want to say your article is as astonishing. The clarity in your post
    is just cool and i could assume you are an expert on this subject.

    Well with your permission allow me to grab your RSS feed to keep updated with forthcoming post.
    Thanks a million and please continue the gratifying work.


  2. I am now not sure where you are getting your info, but good topic.
    I needs to spend some time studying much more or understanding more.
    Thank you for great info I was on the lookout for this info for my mission.


  3. I’m really impressed with your writing skills and also
    with the layout on your weblog. Is this a paid theme or did you modify it yourself?
    Anyway keep up the nice quality writing, it is rare to
    see a nice blog like this one nowadays.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s