I found this health tool that can help us to troubleshoot AD easily 🙂
These is the checks that do:
- Configuration of sites and subnets in Active Directory
- Replication of Active Directory, the file system, and SYSVOL shared folders
- Name resolution by the Domain Name System (DNS)
- Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
- Health of the domain controllers
- Configuration of the Network Time Protocol (NTP) for all domain controllers
I put the link to download the Microsoft Active Directory Topology Diagrammer.
With the Active Directory Topology Diagrammer tool, you can read your Active Directory structure through LDAP. The Active Directory Topology Diagrammer tool automates Microft Office Visio to draw a diagram of the Active Directory Domain topology, your Active Directory Site topology, your OU structure, your DFS-R topology or your current Exchange 20XX Server Organization. With the Active Directory Topology Diagrammer tool, you can also draw partial Information from your Active Directory, like only one Domain or one site. The objects are linked together, and arranged in a reasonable layout that you can later interactively work withthe objects in Microsoft Office Visio.
If we want to do an schema upgrade the actions for to do there is:
Login with an schema admin to the fsmo schema role holder (you can know doing a “query fsmo roles” in a cmd)
Do a backup of System State
Go to cmd and run the command repadmin /replsum and check for some error.
Go to cmd and run the command repadmin /options serverhostname +DISABLE_OUTBOUND_REPL
Go to cmd and run the commandrepadmin /options serverhostname +DISABLE_INBOUND_REPL
Go to cmd and run the command repadmin /options serverhostname -DISABLE_INBOUND_REPL
Go to cmd and run the command repadmin /options serverhostname -DISABLE_OUTBOUND_REPL
Force to replicate from the DC schema holder to the others dc.
To verify if the AD replication (RFS) is working fine on the DC you can try with these examples:
Execute the following command on a cmd: repadmin /showreps
Execute the following command on a cmd: repadmin /replsum /bysrc /bydest /sort:delta
All domain controllers should show 0 in column “Fails”, and “Deltas” longer (indicating the time since the last synchronization) must be less than or at most equal to the time of replication used in the Site -Link domain Controller (30 minutes).