I suggest the following: Dcdiag.exe /e /v /c /i. The /e switch will check all DC's in your Forest. If you don't think it practical to do so, you can try the /a switch instead to do all DC's in a Site, or just run the command separately on each DC without /e or /a.
Repadmin.exe /replsummary /bysrc /bydest /sort:delta - This will test all the DC's in your Forest (I believe) for any replication failures, excessive latency, etc. gpotool.exe - This will verify that all the GPO's are in sync across all the DC's from a sysvol and DS perspective. Sonar.exe - This will verify the FRS health of your DC's. Especially useful for finding DC's that have excessive backlogs. Dnslint.exe - Basic checks for DNS SRV records in DNS Dsastat.exe - Compare DS databases between various DC's Ultrasound - Can be used to more proactively monitor FRS in the enterprise You can also run the Directory Service MPSReports, which will collect a lot of useful information. Depending upon the size of your Event Logs, you might be able to maintain multiple generations of the reports for a history. I'll be curious what the others suggest, too. :) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Svetlana Kouznetsova > Sent: Friday, June 04, 2004 09:52 > To: [EMAIL PROTECTED] > Subject: [ActiveDir] AD Health check > > > Hi, > In my quest to solve various problems in our forest while > promoting W2K3 DC, I've now come to the point when I want to > ascertain overall current situation in my AD and I need more > general advice on : > What kind of tests one should do for checking the health of > AD (W2K native mode). As far as I can see, there are no > certain compulsory things you need to run in your AD from > time to time - it all depends on time, skills and perhaps, > one's wish as well. > > But maybe people can share their experience - when you've > inherited a forest with few domains, what would you check in > the first place to make sure, things are running as they should? > > I can think of the basics, like > > Obvious event logs, dcdiag and netdiag > netdiag /debug /v - for basically, everything ? > dcdiag /test:fsmocheck - to test for all global role-holders > are known and responding dcdiag /test:frssysvol - to test frs > dcdiag /test:registerindns /dnsdomain:domain - to test, if DC > can register DC Locator DNS records nltest/dclist:domain_name > - to see if DC can see the rest of the forest nltest > /dsgetdc:domain_name /gc - to see if DC can see GC servers > in the forest nslookup -d - for testing DNS queries repadmin > /bind servername.domain - to test if DC can bind to others > for replication. > > Perhaps, some of them are overkill, but I'm looking for a bit > more, then just routine checkup. > > Can you comment, please? > > Thanks in advance > Lana. > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
