Menu
Verifying Active Directory with Dcdiag
The best way to verify the operation of Active Directory is to run the console utility Dcdiag (Domain Controller Diagnosis). Dcdiag executes several tests to verify that AD is working correctly.
To run Dcdiag, log on to the domain controller using an domain administrator account and open an administrative console. Type the following command:
dcdiag /c
The output will look similar to the following:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = MyServer
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MyServer
Starting test: Connectivity
......................... MyServer passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MyServer
Starting test: Advertising
......................... MyServer passed test Advertising
Starting test: CheckSecurityError
[MyServer] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:.
......................... MyServer passed test CheckSecurityError
Starting test: CutoffServers
......................... MyServer passed test CutoffServers
Starting test: FrsEvent
......................... MyServer passed test FrsEvent
Starting test: DFSREvent
......................... MyServer passed test DFSREvent
Starting test: SysVolCheck
......................... MyServer passed test SysVolCheck
Starting test: FrsSysVol
......................... MyServer passed test FrsSysVol
Starting test: KccEvent
A warning event occurred. EventID: 0x8000087A
Time Generated: 01/27/2013 17:34:01
Event String: A Generation ID change has been detected.
......................... MyServer passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... MyServer passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... MyServer passed test MachineAccount
Starting test: NCSecDesc
......................... MyServer passed test NCSecDesc
Starting test: NetLogons
......................... MyServer passed test NetLogons
Starting test: ObjectsReplicated
......................... MyServer passed test ObjectsReplicated
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... MyServer passed test OutboundSecureChannels
Starting test: Replications
......................... MyServer passed test Replications
Starting test: RidManager
......................... MyServer passed test RidManager
Starting test: Services
......................... MyServer passed test Services
Starting test: SystemLog
......................... MyServer passed test SystemLog
Starting test: Topology
......................... MyServer passed test Topology
Starting test: VerifyEnterpriseReferences
......................... MyServer passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
......................... MyServer passed test VerifyReferences
Starting test: VerifyReplicas
......................... MyServer passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... MyServer passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : MyDomain
Starting test: CheckSDRefDom
......................... MyDomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... MyDomain passed test CrossRefValidation
Running enterprise tests on : MyDomain.com
Starting test: DNS
Test results for domain controllers:
DC: MyServer.MyDomain.com
Domain: MyDomain.com
Summary of test results for DNS servers used by the above domain
controllers:
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: MyDomain.com
MyServer PASS PASS FAIL PASS PASS PASS n/a
......................... MyDomain.com failed test DNS
Starting test: LocatorCheck
......................... MyDomain.com passed test LocatorCheck
Starting test: FsmoCheck
......................... MyDomain.com passed test FsmoCheck
Starting test: Intersite
......................... MyDomain.com passed test Intersite
If Dcdiag reports a failed test you will need to troubleshoot your domain controller to find the cause. See Troubleshooting AD.
For examples of failed Dcdiag tests and their causes see Dcdiag Examples (Microsoft Docs).
Not all failed tests indicate errors. For example if you are running AD on an isolated network for offline testing, Dcdiag will fail the DNS test because there are no DNS forwarders that can reach the Internet.
Another common failed DNS test is the lack of a reverse PTR record. PTR records are optional; many sites to not configure them. Errors like these are normal and can be ignored.
U-Move protects your Active Directory domain controller by offering strong backup and recovery protection, along with advanced upgrade capability.
| U-Move for Active Directory |
