Solved

Health Check for Domain Controller

Posted on 2011-02-21
10
1,614 Views
Last Modified: 2012-05-11
Hi All,

I have an AD Domain Controller (single domain controller), of which I need to come up with a health checklist to make sure that the DC is running fine and basically healthy.

I'm lost as to what should be checked.

I'm thinking the basics would be like disk space. What else can I check to confirm that the DC is in a healthy state?

I also have DHCP running on this server. Its a File and Print server as well.

What can I check on a daily basis to ascertain that the DC is in a healthy state and how would I do this please?
0
Comment
Question by:ben1211
10 Comments
 

Author Comment

by:ben1211
ID: 34949182
Its a Windows 2003 Server
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34949204
Run DCDiag.exe and read the results :D IF all tests pass its healthy
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 333 total points
ID: 34949224
Run in command-line

dcdiag /v

and review output
That's the most important tool of checking domain and DNS health :)

for DHCP you can use to check

netsh dhcp server \\ServerName show all
and review output :)

Regards,
Krzysztof
0
 
LVL 12

Assisted Solution

by:Sommerblink
Sommerblink earned 167 total points
ID: 34949239
Well,

The first thing that you need to do is to watch over events in the event logs.

You should look at all the warning and errors and even some of the informational alerts. This will give you a good baseline for how your server should behave.

You should download Server 2003 Support Tools (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D).

My two most favorite commands in there are repadmin and dcdiag.

But,  I am getting ahead of myself.

To be honest, the greatest thing you need to do to keep AD perfectly healthy.... is to make sure that DNS is configured on every server and every client, correctly.... You should make absolutly positive that there is NO domain member or domain controller, who has a DNS entry listed in the TCP/IP v4 properties, who isn't a AD-DNS server. Period.

Even other AD-DNS servers should only reference another AD-DNS server (and/or themselves).

The only place that you will find your ISP's DNS servers are in the conditional forwarders, in the DNS service settings.

With that, you will have prevented about half the problems I run into, both with real life clients and on EE.
0
 

Author Comment

by:ben1211
ID: 34967114
Guys, do i need the windows server 2003 tools to run dcdiag? Where do I run this from?

What does netsh dhcp server \\ServerName show all do?

It won't disrupt the DC right?

Apart from these, whatelse can I check for a server health check?

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34967530
dcdiag should be run on a DC or on a workstation with Windows 2003 Support Tools installed.
netsh dhcp \\servername show all displays all information about DHCP server, issued IPs and free IPs. It works only in read-only mode, don't worry :)

Krzysztof
0
 

Author Comment

by:ben1211
ID: 35003727
Guys....would you have a health checklist to perform for servers? Other than DCDIAG and netsh dhcp, what else can be checked?

Assuming, I check on disk space, event logs, what else can be checked to make certain that the server is healthy?
0
 

Author Comment

by:ben1211
ID: 35004721
Guys, how do i get this DCDiag and netsh dhcp tools? Where can i find it on the server and how do I run it? From the command prompt window?
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 333 total points
ID: 35004764
dcdiag and netsh with dhcp context are available on a dc or you need to install Windows 2003 Support Tools to use them from other workstations :) And yes, they have to be run in command-line :)

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 35004770
sorry, forgot to mark that netsh dhcp context is only available on server :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: I have always been a big fan of Windows but my liking towards it is slowly being eroded by the variety of other Applications that I encounter, when I browse the Web. Most of the software available is free and maybe Open Source too. …
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now