In this post we are going to take a look at domain controller health administration and some checks that we can do to monitor it.
This can get overlooked as other fires can take over and focus attention away from it.
As administrators it is a good idea to keep an eye out on the health of your Active Directory environment since it’s the foundation layer. Don’t neglect it!
This guide will help you to keep up with the health of your Active Directory environment in a simple way.
Items To Check On
Checking Error Logs
Know where your roles are – know the lay of the land
Replication – Repadmin
Orphaned objects – Old servers/computers in Directory – Causes more error logs – Peruse DNS records and remove any servers that have been decommissioned
Domain Controllers
DNS Services & Servers
Sites & Services – Subnets Defined (not single site / or all pointed to one)
Time Services – out of sync 5 mins have issues
Best Practice Analyzer
Signs That Active Directory Needs Attention
User logon issues. Some can login, some cannot, location issues
AD objects not available in domain controllers (e.g users, groups, computers, OU’s, etc)
Long delays during user login
Continuous errors on DC logs Sysvol / DFRS
Certain computers getting policies and others are not – Look for inconsistencies
Windows Server Built-in Tools
Using Repadmin
Using DCDiag
Using Best Practice Analyzer
Windows Server
Active Directory
Automating The Process
Setting review periods. (Monthly/Quarterly)
Check health before and after all major AD mods (changes/adds/removes)
Using NLTEST
This command line provides diagnostic features to troubleshoot domain system configurations.
This command can be used to:
- Get a list of domain controllers
- Force a remote shutdown
- Query the status of a trust
- Test trust relationships and the state of domain controller replication
Getting Domain Information
To get domain information use the following command:
nltest /dsgetdc:<enter domain here>
So for example if the domain is imawsome.com
The command then would be: nltest /dsgetdc:imawesome.com
The expected output would look like this:
So we get a lot of information about the domain from a high overview. This can be really helpful
Recent Comments