Computer Performance, Windows Server 2003

Guy recommends :
Free Permissions
Analyzer Tool

Solarwinds Free Download of Permissions Analyzer

View the effective permissions for a folder or shared drive. Free download try it now!

Windows Server 2003 - DCDiag Tutorial

Windows Server 2003 - DCDiag Tutorial

DCDiag is one of those command line utilities that you should turn to when you have a Windows Server 2003 problem.  As a source of Active Directory clues, DCDiag comes second only to the Event Logs.  You may have guessed that the DC in DCDiag means domain controller.

Even if your Active Directory appears to be running smoothly, it is still worth running DCDiag, if only to learn about the components of a healthy operating system.  For example DCDiag shows the existence of the knowledge consistency checker (kccevent).

Tutorial Topics for DCDiag


Examples of Running DCDiag

  1. Preparing to install or migrate to Exchange 2003.
  2. Checking FSMO roles.
  3. Troubleshooting Group Policy.
  4. Investigating Active Directory not replicating frssysvol error.
  5. Running down Kerberos authentication problems.
  6. Resetting the Directory Service Administrator's password.
  7. Fixing a servers Service Principle Name (SPN) error.

Installing Microsoft's DCDiag

With DCDiag it's not so much installing, as getting a copy from the Window Server 2003 Support tools.  I could not help noticing that after I installed Windows Server 2003 SP1, there was a new DCDiag with twice the file size.  It reported to be version 5.2.3790.1830.  Intrigued, I checked the old version and found it was 5.2.3790.0 (no 1830).  Further research revealed that indeed, the new version has more tests; as DNS is always a worry whenever there is an Active Directory problem, I was pleased to see Microsoft added extra DNS health checks in the latest version of DCDiag.  (See bottom of this page for a free copy of DCDiag.)

DCDiag switches

/v  I have to admit that at first I had no idea that DCDiag had switches.  Whilst I should have known that Microsoft would provide switches, I had no idea that there were so many.  I will let you into another secret, I have never before know the /v (verbose) to be of any use.  My point is that many utilities have this switch and normally I avoid it, but in the case of DCDiag the /v is a little gem, which I use at every opportunity.

/q  From the sublime /v you could go to the ridiculous /q which only report errors.

/s As always, '/s specifies the server, or in this case, the Domain Controller.

/fix Fixes Service Principal Names (SPN)  problems.

/f:logfile.txt Slightly confusing given that there is also a /fix switch.  It works like the re-direct pipe (> filename.txt).  Personally, I copy and paste from the command prompt, but if you are more organized, then use /f:filename to output to a file.

/test: Confession time.  I gave up with the /test, I just could not get it to filter the dns tests as advertised.  I consoled my self that you can always get the information by running the full test and just reading the parts that are of interest.  However, I got the /test switch working perfectly with NetDiag, therefore, is it me or have Microsoft made a documentation error?

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11 v11.5

SolarWinds' Network Performance Monitor will help you discover what's happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

Perhaps the NPM's best feature is the way it suggests solutions to network problems.  Its second best feature is the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.

Download your free trial of SolarWinds Network Performance Monitor.

DCDiag Example using my favourite /v


ldap_search_s(ld, "DC=cp,DC=com", 2, "(cn=a*)", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 24 entries:
>> Dn: CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com
2> objectClass: top; container;
1> cn: a86fe12a-0f62-4e2a-b271-d27f601f8182;
1> distinguishedName: CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com;
1> name: a86fe12a-0f62-4e2a-b271-d27f601f8182;
1> canonicalName:;
>> Dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com
2> objectClass: top; container;
1> cn: ab402345-d3c3-455d-9ff7-40268a1099b6;
1> distinguishedName: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com;
1> name: ab402345-d3c3-455d-9ff7-40268a1099b6;
1> canonicalName:;
>> Dn: CN=ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9,CN=Packages,CN=Class Store,CN=Machine,CN={4627307D-103B-4A81-99D0-B5B06B8AD999},CN=Policies,CN=System,DC=cp,DC=com
2> objectClass: top; packageRegistration;
1> cn: ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9;
1> distinguishedName: CN=ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9,CN=Packages,CN=Class Store,CN=Machine,CN={4627307D-103B-4A81-99D0-B5B06B8AD999},CN=Policies,CN=System,DC=cp,DC=com;
1> name: ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9;
1> canonicalName:{4627307D-103B-4A81-99D0-B5B06B8AD999}/Machine/Class Store/Packages/ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9;
>> Dn: CN=abab2104-5729-4bed-ac94-a65c89516e84,CN=AppCategories,CN=Default Domain Policy,CN=System,DC=cp,DC=com
3> objectClass: top; leaf; categoryRegistration;
1> cn: abab2104-5729-4bed-ac94-a65c89516e84;
1> distinguishedName: CN=abab2104-5729-4bed-ac94-a65c89516e84,CN=AppCategories,CN=Default Domain Policy,CN=System,DC=cp,DC=com;
1> name: abab2104-5729-4bed-ac94-a65c89516e84;
1> canonicalName: Domain Policy/AppCategories/abab2104-5729-4bed-ac94-a65c89516e84;
>> Dn: CN=Account Operators,CN=Builtin,DC=cp,DC=com
2> objectClass: top; group;
1> cn: Account Operators;
1> description: Members can administer domain user and group accounts;
1> distinguishedName: CN=Account Operators,CN=Builtin,DC=cp,DC=com;
1> name: Account Operators;
1> canonicalName: Operators;
>> Dn: CN=Administrator,CN=Users,DC=cp,DC=com
4> objectClass: top; person; organizationalPerson; user;
1> cn: Administrator;
1> description: Built-in account for administering the computer/domain;
1> distinguishedName: CN=Administrator,CN=Users,DC=cp,DC=com;
1> name: Administrator;
1> canonicalName:;
>> Dn: CN=Administrators,CN=Builtin,DC=cp,DC=com
2> objectClass: top; group;
1> cn: Administrators;
1> description: Administrators have complete and unrestricted access to the computer/domain;
1> distinguishedName: CN=Administrators,CN=Builtin,DC=cp,DC=com;
1> name: Administrators;
1> canonicalName:;

Tutorial Leaning Points

1) DCDiag has several useful switches.  Actually the switches are an example of horses for courses, for example, if you only want to report on errors, then enter /q.  However if you want chapter and verse then /v is your best bet.

2) Use the output as an opportunity to investigate services, for example 'The File Replication Service SYSVOL'.  any problem with the frssysvol could alert you to Group Policy problems.

Guy Recommends: SolarWinds Network Topology Mapper (NTM)SolarWinds Network Topology Mapper

NTM will produce a neat diagram of your network topology.  But that's just the start; Network Topology Mapper can create an inventory of the hardware and software of your machines and network devices.  Other neat features include dynamic update for when you add new devices to your network.  I also love the ability to export the diagrams to Microsoft Visio.

Finally, Guy bets that if you test drive the Network Topology Mapper then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!

Download your 14 day free trial of SolarWinds Network Topology Mapper

Free Download of DCDiag

If you like this page then please share it with your friends


See more Windows tools

ADSI Edit Tool   • Authoritative Restore   • Windiff Compare Folders

Eseutil Commands for Exchange 2010 Server  • ESEutil   • NTDSUtil


Custom Search

Site Home

Guy Recommends: SolarWinds' NPM - Review of Orion NPM
Network Performance Monitor

SolarWinds' performance monitor is designed for detecting network outages, making it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps; it also helps identifying whether the root cause is faulty equipment, or resource overload. Give NPM a try.

Download a free trial of Network Performance Monitor

Author: Guy Thomas Copyright © 1999-2015 Computer Performance LTD All rights reserved.

Please report a broken link, or an error to: