Server – How to execute Active Directory Health checks

I created a new blog article translating old article:

https://www.alessandromazzanti.com/2012/09/server-effettuare-il-test-di-ad.html

It mainly refer to old 2003/2008 Server but it has some interesting information that could  be still useful for someone.

<====================>

Microsoft Active Directory Topology Diagrammer (ADTD)

Active Directory Topology Diagrammer tool read Active Directory structure utilizing LDAP. Visio diagram created may include domains, sites, OU, DFS-R, administrative groups and so on.
  • You must install  “ADTD.Net Setup.msi” here . 
  • Install and Execute “ADTD.exe”. That permit you gathering all domain/Forest information.
  • Here it is relative screenshot:

2008 Server AD e DNS Best Practice Analyzer

  • This tool is already included in Windows 2008 Server R2.
  • Server Manager > Roles > Active Directory Domain Services > Scroll down to find ‘Best Practices Analyzer’ and click ‘Scan This Role’ 
  • DNS Server BPA is located in Server Manager > Roles > DNS Server > Scroll down to find ‘Best Practices Analyzer’ and click ‘Scan This Role’.
  • Using CLI commands (be aware that pipe | permit you save commands output to text file)
    REMARK 1/2
    : be aware that on previously 2008 server versions Windows Server 2003 Administration Tools Pack (Adminpak) is necessary (Download link
    )
    REMARK 2/2
    : you might execute this script Active Directory Health Check script from thesysadmins

    Find System Boot Time and Uptime:

    systeminfo | find “System Boot Time:”

    systeminfo | find “System Up Time:”

    Analyze the state of domain controllers in a forest:

    dcdiag /a

    Provide an overview of any replication failures, and if last replication attempts were successful:

    repadmin /replsummary
    repadmin / showrepl

    Returns the FSMO roles holders:

    netdom query fsmo

  1. Check opened firewall ports

  • Windows Firewall: Inbound ports - UDP/TCP 53, 88, 389, 464; UDP 123, 137; TCP 139, 445, 3268
    Fig. Domain Controller Inbound ports

File Replication Service Diagnostics Tool (FRSDiag.exe)



FRSDIAG tool (download link) provides a graphical interface helping you to find and resolve problems related to File Replication Service (FRS)