Domain Controller repair Tools

You can try Ntdutil and Dcdiag tools.which is available in windows itself or download from microsoft site.

Ntdsutil.exe

Ntdsutil.exe to perform database maintenance of Active Directory, manage and control single master operations, create application directory partitions, and remove metadata


The Dcdiag command-line tool

This command-line tool analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting. As an end-user reporting program, Dcdiag encapsulates detailed knowledge of how to identify abnormal behavior in the system. Dcdiag displays command output at the command line.

Dcdiag consists of a framework for executing tests and a series of tests to verify different functional areas of the system. This framework selects which domain controllers are tested according to scope directives from the user, such as enterprise, site, or single server.

could you post some useful commands?

ok,thx. i will try them.

the reason why im asking is: we have client GPO`s which are not catching up. i thought maybe this would help with that issue

ok,great.

i have to verify the GPo status since some of them are not working properly.

do you have any commands for this?

If you are running on Windows Server 2003, you can use Gpotool.exe to determine if there is an inconsistency between Active Directory and SYSVOL versions.

You can also refer the URL below to check and resolve the issue:

http://technet.microsoft.com/en-us/library/cc786241(v=ws.10).aspx

inconsistencies in applying GPO's usually happen when sysvol replication is broken.
first check AD replication as suggested above, in addition also check the domain controller FRS / DFS eventviewer for errors.

Dcdiag would be the best to start with