Solved

Health Check for Domain Controller

Posted on 2011-02-21
10
1,613 Views
Last Modified: 2012-05-11
Hi All,

I have an AD Domain Controller (single domain controller), of which I need to come up with a health checklist to make sure that the DC is running fine and basically healthy.

I'm lost as to what should be checked.

I'm thinking the basics would be like disk space. What else can I check to confirm that the DC is in a healthy state?

I also have DHCP running on this server. Its a File and Print server as well.

What can I check on a daily basis to ascertain that the DC is in a healthy state and how would I do this please?
0
Comment
Question by:ben1211
10 Comments
 

Author Comment

by:ben1211
ID: 34949182
Its a Windows 2003 Server
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34949204
Run DCDiag.exe and read the results :D IF all tests pass its healthy
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 333 total points
ID: 34949224
Run in command-line

dcdiag /v

and review output
That's the most important tool of checking domain and DNS health :)

for DHCP you can use to check

netsh dhcp server \\ServerName show all
and review output :)

Regards,
Krzysztof
0
 
LVL 12

Assisted Solution

by:Sommerblink
Sommerblink earned 167 total points
ID: 34949239
Well,

The first thing that you need to do is to watch over events in the event logs.

You should look at all the warning and errors and even some of the informational alerts. This will give you a good baseline for how your server should behave.

You should download Server 2003 Support Tools (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D).

My two most favorite commands in there are repadmin and dcdiag.

But,  I am getting ahead of myself.

To be honest, the greatest thing you need to do to keep AD perfectly healthy.... is to make sure that DNS is configured on every server and every client, correctly.... You should make absolutly positive that there is NO domain member or domain controller, who has a DNS entry listed in the TCP/IP v4 properties, who isn't a AD-DNS server. Period.

Even other AD-DNS servers should only reference another AD-DNS server (and/or themselves).

The only place that you will find your ISP's DNS servers are in the conditional forwarders, in the DNS service settings.

With that, you will have prevented about half the problems I run into, both with real life clients and on EE.
0
 

Author Comment

by:ben1211
ID: 34967114
Guys, do i need the windows server 2003 tools to run dcdiag? Where do I run this from?

What does netsh dhcp server \\ServerName show all do?

It won't disrupt the DC right?

Apart from these, whatelse can I check for a server health check?

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34967530
dcdiag should be run on a DC or on a workstation with Windows 2003 Support Tools installed.
netsh dhcp \\servername show all displays all information about DHCP server, issued IPs and free IPs. It works only in read-only mode, don't worry :)

Krzysztof
0
 

Author Comment

by:ben1211
ID: 35003727
Guys....would you have a health checklist to perform for servers? Other than DCDIAG and netsh dhcp, what else can be checked?

Assuming, I check on disk space, event logs, what else can be checked to make certain that the server is healthy?
0
 

Author Comment

by:ben1211
ID: 35004721
Guys, how do i get this DCDiag and netsh dhcp tools? Where can i find it on the server and how do I run it? From the command prompt window?
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 333 total points
ID: 35004764
dcdiag and netsh with dhcp context are available on a dc or you need to install Windows 2003 Support Tools to use them from other workstations :) And yes, they have to be run in command-line :)

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 35004770
sorry, forgot to mark that netsh dhcp context is only available on server :)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now