Commands for an AD health check

Hi!

These are the commands that I use when I do an AD health check.

Dcdiag /a
Dcdiag /q
Repadmin /showrepl
repadmin /replsum /bysrc /bydest /sort:delta

If the tests showed above fails:
dcdiag /test:replications
dcdiag /test:netlogons
dcdiag /test:dns
dcdiag /test:MachineAccount
dcdiag /s:<DomainControllerName> /test:knowsofroleholders /v
dcdiag /s:<DomainControllerName> /test:fsmocheck

I hope it help you!

Marc

Anuncios

How to stop and start AD File Replication Service

Hi there!

If we want to do an schema upgrade the actions for to do there is:

Login with an schema admin to the fsmo schema role holder (you can know doing a “query fsmo roles” in a cmd)

Do a backup of System State

Go to cmd and run the command repadmin /replsum and check for some error.

Go to cmd and run the command repadmin /options serverhostname +DISABLE_OUTBOUND_REPL

Go to cmd and run the commandrepadmin /options serverhostname +DISABLE_INBOUND_REPL

Upgrade schema.

Review logs

Go to cmd and run the command repadmin /options serverhostname -DISABLE_INBOUND_REPL

Go to cmd and run the command repadmin /options serverhostname -DISABLE_OUTBOUND_REPL

Force to replicate from the DC schema holder to the others dc.

Regards!

Commands to review AD replication state

Hi!

To verify if the AD replication (RFS) is working fine on the DC you can try with these examples:

Execute the following command on a cmd: repadmin /showreps

Execute the following command on a cmd: repadmin /replsum /bysrc /bydest /sort:delta

All domain controllers should show 0 in column “Fails”, and “Deltas” longer (indicating the time since the last synchronization) must be less than or at most equal to the time of replication used in the Site -Link domain Controller (30 minutes).

Regards