Announcement

Collapse
No announcement yet.

Command to Check AD is working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Command to Check AD is working

    Hi,

    A few easy questions;

    What to type in the command line to check to see if AD is working on a Y2k3 Srvr?
    How else could I check to see if AD is working properly?
    Where are the logon scripts held in the directory structure on same server?

    thanks and regards

    A

  • #2
    Re: Command to Check AD is working

    DCDIAG.exe (runs checks)

    netdiag /test:dns (ensures DNS is ok)

    Check the security event log to see if the DC is accepting logons

    if its in a multi dc environment go into sites and services, go into the site where the dc sits and expand the servername then expand ntds settings - check that replication objects have been created (and also try to replicate -> right click -> replicate now)

    if its the only DC, try and log onto it with a client!

    check the event logs for errors to indicate stuff isnt working.

    Comment


    • #3
      Re: Command to Check AD is working

      Hammo,

      Excellant reply!! - have a bunch of rep points

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Command to Check AD is working

        Originally posted by armitage
        Where are the logon scripts held in the directory structure on same server?
        C:\WINDOWS\SYSVOL\sysvol\domainname.local\scripts

        Everyone, you can now put your spoons away.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Command to Check AD is working

          Originally posted by biggles77 View Post
          C:\WINDOWS\SYSVOL\sysvol\domainname.local\scripts

          Everyone, you can now put your spoons away.
          Is that like the hammerhead in sharktale? or like "there is no spoon"? :-\

          Somewhat sesquipedalian myself but definitely not a window to william gates.

          thanks for tolerating my first post.

          Comment


          • #6
            Re: Command to Check AD is working

            Originally posted by hammo View Post
            DCDIAG.exe (runs checks)

            netdiag /test:dns (ensures DNS is ok)

            Check the security event log to see if the DC is accepting logons

            if its in a multi dc environment go into sites and services, go into the site where the dc sits and expand the servername then expand ntds settings - check that replication objects have been created (and also try to replicate -> right click -> replicate now)

            if its the only DC, try and log onto it with a client!

            check the event logs for errors to indicate stuff isnt working.
            If i had rep points you'd get them too.

            Nice one and cheers.

            Comment


            • #7
              Re: Command to Check AD is working

              Originally posted by armitage
              If i had rep points you'd get them too.

              Nice one and cheers.

              You can give reputation points by clicking the yin-yang, right site at the top of the post that helps you.
              It has no effect for your own points you get from others.


              \Rem

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment


              • #8
                Re: Command to Check AD is working

                Here are some more utilities I use to get a brief overview of DC's health:

                repadmin.exe for monitoring replication (part of W2K3 support tools)

                My probably most used switches are:
                repadmin /replsum (on W2K3)
                repadmin /showreps (on W2K)

                replmon.exe (support tools) - replication monitoring (GUI)

                nltest.exe for various DNS tests (part of support tools)

                nltest /DSGETDC:<domain name>
                nltest /DSGETSITE
                nltest /DSQUERYDNS


                dnslint.exe - Verifies domain name registration and DNS records (part of support tools)


                ntfrsutl.exe - for SYSVOL and general NTFRS troubleshooting

                ntfrsutl.exe sets
                ntfrsutl.exe ds


                klist.exe/kerbtray.exe - for troubleshooting Kerberos (W2K/W2K3 Resource Kit)


                Because dcdiag likes to talk, I usually run it like this the first time I fire it up:
                Code:
                dcdiag /v | findstr /i fail
                If I get any output from this, I run "dcdiag /v > dcdiag.txt" and search the file for "FAIL". Same trick with netdiag (though it is a bit less chatty).

                Enought for meanwhile
                Guy Teverovsky
                "Smith & Wesson - the original point and click interface"

                Comment

                Working...
                X