U-Tools: Unique Tools for Windows System Administrators
U-Move Help

Verifying Active Directory with Dcdiag

The best way to verify the operation of Active Directory is to run the console utility Dcdiag (Domain Controller Diagnosis). Dcdiag executes several tests to verify that AD is working correctly.

To run Dcdiag, log on to the domain controller using an domain administrator account and open an administrative console. Type the following command:

dcdiag /c

The output will look similar to the following:

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = MyServer
   * Identified AD Forest. 
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\MyServer
      Starting test: Connectivity
         ......................... MyServer passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\MyServer
      Starting test: Advertising
         ......................... MyServer passed test Advertising
      Starting test: CheckSecurityError
         [MyServer] No security related replication errors were found on this DC!
         To target the connection to a specific source DC use /ReplSource:.
         ......................... MyServer passed test CheckSecurityError
      Starting test: CutoffServers
         ......................... MyServer passed test CutoffServers
      Starting test: FrsEvent
         ......................... MyServer passed test FrsEvent
      Starting test: DFSREvent
         ......................... MyServer passed test DFSREvent
      Starting test: SysVolCheck
         ......................... MyServer passed test SysVolCheck
      Starting test: FrsSysVol
         ......................... MyServer passed test FrsSysVol
      Starting test: KccEvent
         A warning event occurred.  EventID: 0x8000087A
            Time Generated: 01/27/2013   17:34:01
            Event String: A Generation ID change has been detected. 
         ......................... MyServer passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... MyServer passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... MyServer passed test MachineAccount
      Starting test: NCSecDesc
         ......................... MyServer passed test NCSecDesc
      Starting test: NetLogons
         ......................... MyServer passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... MyServer passed test ObjectsReplicated
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test because /testdomain: was
         not entered
         ......................... MyServer passed test OutboundSecureChannels
      Starting test: Replications
         ......................... MyServer passed test Replications
      Starting test: RidManager
         ......................... MyServer passed test RidManager
      Starting test: Services
         ......................... MyServer passed test Services
      Starting test: SystemLog
         ......................... MyServer passed test SystemLog
      Starting test: Topology
         ......................... MyServer passed test Topology
      Starting test: VerifyEnterpriseReferences
         ......................... MyServer passed test VerifyEnterpriseReferences
      Starting test: VerifyReferences
         ......................... MyServer passed test VerifyReferences
      Starting test: VerifyReplicas
         ......................... MyServer passed test VerifyReplicas
   
      Starting test: DNS
         
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... MyServer passed test DNS
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   
   Running partition tests on : MyDomain
      Starting test: CheckSDRefDom
         ......................... MyDomain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... MyDomain passed test CrossRefValidation
   
   Running enterprise tests on : MyDomain.com
      Starting test: DNS
         Test results for domain controllers:
            
            DC: MyServer.MyDomain.com
            Domain: MyDomain.com
            
         Summary of test results for DNS servers used by the above domain
         controllers:
        
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: MyDomain.com
               MyServer                          PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... MyDomain.com failed test DNS
      Starting test: LocatorCheck
         ......................... MyDomain.com passed test LocatorCheck
      Starting test: FsmoCheck
         ......................... MyDomain.com passed test FsmoCheck
      Starting test: Intersite
         ......................... MyDomain.com passed test Intersite

If Dcdiag reports a failed test you will need to troubleshoot your domain controller to find the cause. See Troubleshooting AD.

For examples of failed Dcdiag tests and their causes see Dcdiag Examples on TechNet.

Not all failed tests indicate errors. For example if you are running AD on an isolated network for offline testing, Dcdiag will fail the DNS test because there are no DNS forwarders that can reach the Internet.

Another common failed DNS test is the lack of a reverse PTR record. PTR records are optional; many sites to not configure them. Errors like these are normal and can be ignored.

Windows Server 2003

Dcdiag can be found in the Windows Server 2003 Support Tools folder, located on the Windows Server 2003 installation DVD.


U-Move protects your Active Directory domain controller by offering strong backup and recovery protection, along with advanced upgrade capability.