Active Directory – Health Check

Note : The following commands and script are to be run from a domain controller with enterprise / domain admin privileges. You may run the individual commands one by one or run the script. The script will run all the commands listed and generate a report

1. Replsummary operation quickly and concisely summarizes the replication state and relative health of a forest.

repadmin /replsummary

2. Synchronizes a specified domain controller with all replication partners, and reports if the sync was successful or not

repadmin /syncall /e

repadmin /syncall /Aped

A ( All partitions ) P ( Push ) E( Enterprise ) D ( Distinguished Name )

3. Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound replication topology

repadmin /kcc *

4. Find the last time your DCs were backed up, by reading the DSASignature attribute from all servers

Repadmin /showbackup *

5. Output all replication summary information from all DCs

Repadmin /showrepl *

6. Displays inbound replication requests that the domain controller has to issue to become consistent with its source replication partners.

Repadmin / queue *

7. List all the Domain Controllers in Active Directory

DSQUERY Server -o rdn

8. Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.

Repadmin /replsummary

9. Displays calls that have not yet been answered, made by the specified server to other servers

repadmin /showoutcalls *

10. List the Topology information of all the bridgehead servers

repadmin /bridgeheads * /verbose

11. Inter Site Topology Generator Report

repadmin /istg * /verbose

12. Displays a list of failed replication events detected by the Knowledge Consistency Checker (KCC).

repadmin /failcache *

13. Lists all domains trusted by a specified domain

Repadmin /showtrust *

14. Displays the replication features for, a directory partition on a domain controller.

repadmin /bind *

15. Dcdiag analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting

dcdiag /c /e /v

16. AD Health Check Script

This script will run all the commands mentioned in this document and generate an output/log file

This script will work under the following conditions

·         DSQUERY.exe is present in C:\Windows\System32

·         Repadmin.exe is present in C:\Windows\System32

·         Dcdiag.exe is present in C:\Windows\System32

(In case of Windows Server 2003 Dcdiag and Repadmin are not installed by default, Administrator has to install Support tools for Windows Server 2003 for the script to work)


