Active Directory – Health Check
Note : The following commands and script are to be run from a domain controller with enterprise / domain admin privileges. You may run the individual commands one by one or run the script. The script will run all the commands listed and generate a report
1. Replsummary operation quickly and concisely summarizes the replication state and relative health of a forest.
2. Synchronizes a specified domain controller with all replication partners, and reports if the sync was successful or not
repadmin /syncall /e
repadmin /syncall /Aped
A ( All partitions ) P ( Push ) E( Enterprise ) D ( Distinguished Name )
3. Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology
repadmin /kcc *
4. Find the last time your DCs were backed up, by reading the DSASignature attribute from all servers
Repadmin /showbackup *
5. Output all replication summary information from all DCs
Repadmin /showrepl *
6. Displays inbound replication requests that the domain controller has to issue to become consistent with its source replication partners.
Repadmin / queue *
7. List all the Domain Controllers in Active Directory
DSQUERY Server -o rdn
8. Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.
9. Displays calls that have not yet been answered, made by the specified server to other servers
repadmin /showoutcalls *
10. List the Topology information of all the bridgehead servers
repadmin /bridgeheads * /verbose
11. Inter Site Topology Generator Report
repadmin /istg * /verbose
12. Displays a list of failed replication events detected by the Knowledge Consistency Checker (KCC).
repadmin /failcache *
13. Lists all domains trusted by a specified domain
Repadmin /showtrust *
14. Displays the replication features for, a directory partition on a domain controller.
repadmin /bind *
15. Dcdiag analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting
dcdiag /c /e /v
16. AD Health Check Script
This script will run all the commands mentioned in this document and generate an output/log file
This script will work under the following conditions
· DSQUERY.exe is present in C:\Windows\System32
· Repadmin.exe is present in C:\Windows\System32
· Dcdiag.exe is present in C:\Windows\System32
(In case of Windows Server 2003 Dcdiag and Repadmin are not installed by default, Administrator has to install Support tools for Windows Server 2003 for the script to work)