[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Active DIrectory Health Check

Posted on 2011-10-18
11
Medium Priority
?
796 Views
Last Modified: 2012-05-12
Hi,

I would like do health check for my active directory, as i feel like it is not responding to some application some times which is linked to it,

Kindly suggest me the steps and free tools with which we can do it,


Thanks regards,


Tan.
0
Comment
Question by:tanveer_hussain
  • 5
  • 5
11 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1500 total points
ID: 36990975
In Windows Server 2003 you can use for that (on a DC or workstation with Administrative Tools installed) in command-line

dcdiag /c /v
to verify Forest/Domain condition

netdiag /v /l
also to Domain condition

and you can also use (from Windows Server 2003 CD, support tools)
repadmin /showrepl /all /verbose

or
repadmin /replsummary

and review the outputs, if there are no errors

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36991000
oh, and one more thing I forgout about :)
One more tool for that is also "Event Viever" :) Check logs regularly to see if somethin wrong is going to happen

Krzysztof
0
 

Author Comment

by:tanveer_hussain
ID: 36991005
thanks for your quick reply,

As there is some issue with Exchange migration (we migrated exchange 2003-2010) vendor is telling my active directory is not responding so i want to conform is there any issue with my Active directory,

Regards,

Tan.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 1500 total points
ID: 36991036
OK, so use dcdiag and netdiag for sure to check if there is no DNS errors (Exchange relies on it)

dcdiag /c /v

netdiag /test:dns

and, please ensure that Schema was extended for Exchange 2010 in your forest.
http://www.bhargavs.com/index.php/2009/11/20/verify-exchange-server-schema-version/

Krzysztof
0
 

Author Comment

by:tanveer_hussain
ID: 36991069
I tested with dcdig /c /v in the results there was no issues, except below thing:

      Starting test: VerifyEnterpriseReferences
         The following problems were found while verifying various important DN
         references.  Note, that  these problems can be reported because of
         latency in replication.  So follow up to resolve the following
         problems, only if the same problem is reported on all DCs for a given
         domain or if  the problem persists after replication has had
         reasonable time to replicate changes.
            [1] Problem: Missing Expected Value
             Base Object:
            CN=RESRV,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=Dcsrv001,DC=com
             Base Object Description: "SYSVOL FRS Member Object"
             Value Object Attribute Name: frsComputerReference
             Value Object Description: "DC Account Object"
             Recommended Action: Check if this server is deleted, and if so
            clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge
            Base Article:  Q312862

            [2] Problem: Missing Expected Value
             Base Object:
            CN=RESRV,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=Dcsrv001,DC=com
             Base Object Description: "SYSVOL FRS Member Object"
             Value Object Attribute Name: serverReference
             Value Object Description: "DSA Object"
             Recommended Action: Check if this server is deleted, and if so
            clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge
            Base Article  Q312862

            [3] Problem: Missing Expected Value
             Base Object:
            CN=RESSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication
 Service,CN=System,DC=Dcsrv001,DC=com
             Base Object Description: "SYSVOL FRS Member Object"
             Value Object Attribute Name: frsComputerReference
             Value Object Description: "DC Account Object"
             Recommended Action: Check if this server is deleted, and if so
            clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge
            Base Article:  Q312862

            [4] Problem: Missing Expected Value
             Base Object:
            CN=RESSRV,CN=Domain System Volume (SYSVOL share),CN=File Replication
 Service,CN=System,DC=dtps,DC=ae
             Base Object Description: "SYSVOL FRS Member Object"
             Value Object Attribute Name: serverReference
             Value Object Description: "DSA Object"
             Recommended Action: Check if this server is deleted, and if so
            clean up this DCs SYSVOL FRS Member Object.  Also see Knowledge
            Base Article  Q312862

         ......................... Dcsrv001failed test VerifyEnterpriseReferences

2) netdiag /test:dns {all test worked find without any errors}

Regards,

Tan.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36991089
Is RESRV Domain Controller still in your network? If so, check if it's not crashed. If not, you need to do metadata cleanup for it. For that, you may wish to follow an article on my blog for that at
http://kpytko.wordpress.com/2011/08/29/metadata-cleanup-for-broken-domain-controller/

and check once again, if the problem disappeared

Krzysztof
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36997669
Open up ADSIedit, right click CN=Schema,CN=Configuration,DC=Dcsrv001 and under security check to see if we have Enterprise Domain Controllers with Manage replication topology, replicate directory changes, replicating directory changes to all, and replication synchronization.
Do the same thing for CN=Configuration,DC=Dcsrv001

We also need to make sure the adminstrator has the same permissions on
CN=Configuration,DC=Dcsrv001

If this RESRV, is not in the environment anymore and did not hostexchange, delete the account and all instances of this server.The error above is looking for a few attributes that are not there.
Ran medatacleanup to remove the instance of the server from AD.
http://sandeshdubey.wordpress.com/2011/10/12/metadata-cleanup-of-a-domain-controller/
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Recovering missing FRS objects and FRS attributes in Active Directory
http://support.microsoft.com/kb/312862/?sd=RMVP&fr=1
0
 

Author Comment

by:tanveer_hussain
ID: 36998862
I will not responding for 2 days as we have weekend here....

Regards,

Tan.
0
 

Author Comment

by:tanveer_hussain
ID: 37022838
thanks for your help...

0
 

Author Closing Comment

by:tanveer_hussain
ID: 37022842
Thanks!!
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 37023180
You're welcome :)

Krzysztof
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question