Windows Server 2003 - DCDiag TutorialDCDiag is one of those command line utilities that you should turn to when you
have a Windows Server 2003 problem. As a source of Active Directory clues, DCDiag comes second only to the Event Logs. You may have guessed that the DC in DCDiag means domain controller. Even if your Active Directory
appears to be running smoothly, it is still worth
running DCDiag, if only to learn about the components of a healthy operating system. For example DCDiag shows the existence of the knowledge consistency checker (kccevent). Tutorial Topics for DCDiag
‡
- Preparing to install or migrate to Exchange 2003.
- Checking FSMO roles.
- Troubleshooting Group Policy.
- Investigating Active Directory not replicating frssysvol error.
- Running down Kerberos authentication problems.
- Resetting the Directory Service Administrator's password.
- Fixing a servers Service Principle Name (SPN) error.
With DCDiag it's not so much installing, as getting a copy from the Window Server 2003 Support tools. I could not help noticing that after I installed Windows Server 2003 SP1, there was a new
DCDiag with twice the file size. It reported to be version 5.2.3790.1830. Intrigued, I checked the old version and found it was 5.2.3790.0 (no 1830). Further research revealed that indeed, the
new version has more tests; as DNS is always a worry whenever there is an Active Directory problem, I was pleased to see Microsoft added extra DNS health checks in the latest version of DCDiag. (See bottom of this page
for a free copy of DCDiag.)
/v
I have to admit that at first I had no idea that DCDiag had switches. Whilst I should have known that Microsoft would provide switches, I had no idea that there were so many. I will let you into
another secret, I have never before know the /v (verbose) to be of any use. My point is that many utilities have this switch and normally I avoid it, but in the case of DCDiag the /v is a little gem,
which I use at every opportunity.
/q From the sublime /v you could go to the ridiculous /q which only report errors. /s As always, '/s specifies the server, or in this case, the Domain Controller. /fix
Fixes Service Principal Names (SPN) problems. /f:logfile.txt Slightly confusing given that there is also a /fix switch. It works like the re-direct pipe (> filename.txt). Personally, I copy and paste from the command prompt, but if you
are more organized, then use /f:filename to output to a file. /test: Confession time. I gave up with the /test, I just could not get it to filter the dns tests as advertised. I
consoled my self that you can always get the information by running the full test and just reading the parts that are of interest. However, I got the /test switch working perfectly with NetDiag,
therefore, is it
me or have Microsoft made a documentation error?
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a
comprehensive console of utilities for troubleshooting computer problems. Guy says
it helps me monitor what's occurring on the network, and the tools
teaches me more about how the system literally operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
***Searching... ldap_search_s(ld, "DC=cp,DC=com", 2, "(cn=a*)", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 24 entries: >> Dn:
CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com 2> objectClass: top; container; 1> cn: a86fe12a-0f62-4e2a-b271-d27f601f8182; 1> distinguishedName:
CN=a86fe12a-0f62-4e2a-b271-d27f601f8182,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com; 1> name: a86fe12a-0f62-4e2a-b271-d27f601f8182; 1> canonicalName: cp.com/System/DomainUpdates/Operations/a86fe12a-0f62-4e2a-b271-d27f601f8182;
>> Dn: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com 2> objectClass: top; container; 1> cn: ab402345-d3c3-455d-9ff7-40268a1099b6; 1>
distinguishedName: CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=cp,DC=com; 1> name: ab402345-d3c3-455d-9ff7-40268a1099b6; 1> canonicalName: cp.com/System/DomainUpdates/Operations/ab402345-d3c3-455d-9ff7-40268a1099b6;
>> Dn: CN=ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9,CN=Packages,CN=Class Store,CN=Machine,CN={4627307D-103B-4A81-99D0-B5B06B8AD999},CN=Policies,CN=System,DC=cp,DC=com 2> objectClass: top; packageRegistration;
1> cn: ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9; 1> distinguishedName: CN=ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9,CN=Packages,CN=Class Store,CN=Machine,CN={4627307D-103B-4A81-99D0-B5B06B8AD999},CN=Policies,CN=System,DC=cp,DC=com;
1> name: ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9; 1> canonicalName: cp.com/System/Policies/{4627307D-103B-4A81-99D0-B5B06B8AD999}/Machine/Class Store/Packages/ab9b6f9e-7ef4-4e9a-902d-ae9a3881bce9; >>
Dn: CN=abab2104-5729-4bed-ac94-a65c89516e84,CN=AppCategories,CN=Default Domain Policy,CN=System,DC=cp,DC=com 3> objectClass: top; leaf; categoryRegistration; 1> cn: abab2104-5729-4bed-ac94-a65c89516e84;
1> distinguishedName: CN=abab2104-5729-4bed-ac94-a65c89516e84,CN=AppCategories,CN=Default Domain Policy,CN=System,DC=cp,DC=com; 1> name: abab2104-5729-4bed-ac94-a65c89516e84; 1> canonicalName:
cp.com/System/Default Domain Policy/AppCategories/abab2104-5729-4bed-ac94-a65c89516e84; >> Dn: CN=Account Operators,CN=Builtin,DC=cp,DC=com 2> objectClass: top; group; 1> cn: Account Operators;
1> description: Members can administer domain user and group accounts; 1> distinguishedName: CN=Account Operators,CN=Builtin,DC=cp,DC=com; 1> name: Account Operators; 1> canonicalName:
cp.com/Builtin/Account Operators; >> Dn: CN=Administrator,CN=Users,DC=cp,DC=com 4> objectClass: top; person; organizationalPerson; user; 1> cn: Administrator; 1> description: Built-in account
for administering the computer/domain; 1> distinguishedName: CN=Administrator,CN=Users,DC=cp,DC=com; 1> name: Administrator; 1> canonicalName: cp.com/Users/Administrator; >> Dn: CN=Administrators,CN=Builtin,DC=cp,DC=com
2> objectClass: top; group; 1> cn: Administrators; 1> description: Administrators have complete and unrestricted access to the computer/domain; 1> distinguishedName: CN=Administrators,CN=Builtin,DC=cp,DC=com;
1> name: Administrators; 1> canonicalName: cp.com/Builtin/Administrators;
Tutorial Leaning Points1) DCDiag has several useful switches. Actually the switches are an example of horses for courses, for example, if you only want to report on errors, then
enter /q. However if you want chapter and verse then /v is your best bet. 2)
Use the output as an opportunity to investigate services, for example 'The File Replication Service SYSVOL'. any problem with the frssysvol could alert you to Group Policy problems.
Kiwi Syslog Server - Free Utility to
Analyze Your Network Messages
Syslog messages are full of information for troubleshooting network problems.
When something goes wrong then
surely there will be an error message in the syslog datagram - if only we can find
that record and interpret the event. What will help to capture and analyze such
network messages is the Kiwi Syslog Server.
Free Download of Kiwi Syslog Server
Guy
recommends: The SolarWinds ipMonitor
I am attracted to
ipMonitor
because it inhabits that zone of part work, part play; Guy just could not put
the dashboard away. This excellent performance monitor will get you
started in the quest to remove bottlenecks on your network. SolarWinds
provides this fully-functioning product free for 21 days. So download and
install ipMonitor, then start scrutinizing your computers CPU, memory and disk
performance.
Installing ipMonitor is a breeze, but learn from gung-ho Guy's mistake, and
install SNMP on each computer that you wish to monitor. What sealed my
unreserved recommendation of SolarWinds is their support team, you will get
expert help even when you are evaluating the ipMonitor.
Download SolarWinds ipMonitor (21 days eval)
See Also●
Authoritative Restore
● Windiff ●
ESEutil ●
NTDSUtil
●
Performance Monitor Tool
|