Active Directory Health Checks for Domain Controllers
I've just written a small article on the common steps that I perform when doing health checks on domain controllers. AdminPrep is not up right now so I'll post the health check stuff here. I would love for you to come back here and let me know what else you do when you do health checks on domain controllers.
I get asked over and over about what I do when I'm performing a health check on a domain controller. Below you will see some of the commands that I use when I need to ensure my domain controllers are still healthy after some sort of change...like patching.
The Event Viewer is always a must. I look at all the logs before and after the update to the domain controller looking for abnormal events. With the pre-check I usually go back a month of logs to get more historical data. I then run through a couple command line utilities. One thing I always do is pipe my commands out to a text document. This just makes it easier for me to read and also search for failed events.
Dcdiag.exe /v >> c:\temp\pre_dcdiag.txt
This is a must and will always tell you if there is trouble with your DCs and/or services associated with it
Netdiag.exe /v >> c:\temp\pre_Netdiag.txt
This will let me know if there are issues with the networking components on the DC. This along with the post test also is a quick easy way to ensure the patch I just installed is really installed (just check the top of the log)
Netsh dhcp show server >> c:\temp\pre_dhcp.txt
Some may not do this but I've felt the pain of a DHCP server somehow not being authorized after a patch. This allows me verify the server count and names.
Repadmin /showreps >> c:\temp\pre_rep_partners.txt
This shows all my replication and if it was successful or not. Just be aware that Global Catalogs will have more info here than a normal domain controller.
repadmin /replsum /errorsonly >> c:\temp\pre_repadmin_err.txt
This is the one that always takes forever but will let you know who you are having issues replicating with.
After I run and check the pre_ scripts I update my server. When it is done I run post_ scripts which are the same thing but this allows me to verify them against the scripts earlier.
Hopefully this helps you when you troubleshoot your domain controllers but by no way is this an all encompassing list of things to do. These are the standard steps I take but I would love to hear what you all do as well.