Server – How to execute Active Directory Health checks

I created a new blog article translating old article:

It mainly refer to old 2003/2008 Server but it has some interesting information that could  be still useful for someone.


Microsoft Active Directory Topology Diagrammer (ADTD)

Active Directory Topology Diagrammer tool read Active Directory structure utilizing LDAP. Visio diagram created may include domains, sites, OU, DFS-R, administrative groups and so on.
  • You must install  “ADTD.Net Setup.msi” here . 
  • Install and Execute “ADTD.exe”. That permit you gathering all domain/Forest information.

2008 Server AD e DNS Best Practice Analyzer

  • This tool is already included in Windows 2008 Server R2.
  • Server Manager > Roles > Active Directory Domain Services > Scroll down to find ‘Best Practices Analyzer’ and click ‘Scan This Role’ 
  • DNS Server BPA is located in Server Manager > Roles > DNS Server > Scroll down to find ‘Best Practices Analyzer’ and click ‘Scan This Role’.
  • Using CLI commands (be aware that pipe | permit you save commands output to text file)
    REMARK 1/2
    : be aware that on previously 2008 server versions Windows Server 2003 Administration Tools Pack (Adminpak) is necessary (Download link
    REMARK 2/2
    : you might execute this script Active Directory Health Check script from thesysadmins

    Find System Boot Time and Uptime:

    systeminfo | find “System Boot Time:”

    systeminfo | find “System Up Time:”

    Analyze the state of domain controllers in a forest:

    dcdiag /a

    Provide an overview of any replication failures, and if last replication attempts were successful:

    repadmin /replsummary
    repadmin / showrepl

    Returns the FSMO roles holders:

    netdom query fsmo

  1. Check opened firewall ports

  • Windows Firewall: Inbound ports - UDP/TCP 53, 88, 389, 464; UDP 123, 137; TCP 139, 445, 3268

File Replication Service Diagnostics Tool (FRSDiag.exe)

FRSDIAG tool (download link) provides a graphical interface helping you to find and resolve problems related to File Replication Service (FRS)