Active Directory Health Check

Active Directory Health Check

Note: The following commands and script are to be run from a domain controller with
enterprise / domain admin privileges. You may run the individual commands one by one or
run the script. The script will run all the commands listed and generate a report

1. Replsummary operation quickly and concisely summarizes the replication state and relative
health of a forest.

repadmin /replsummary

2. Synchronizes a specified domain controller with all replication partners, and reports if the sync
was successful or not

repadmin /syncall /e

repadmin /syncall /Aped

A ( All partitions ) P ( Push ) E( Enterprise ) D ( Distinguished Name )

3. Forces the KCC on targeted domain controller(s) to immediately recalculate its inbound
replication topology
repadmin /kcc *

4. Find the last time your DCs were backed up, by reading the DSASignature attribute from all
servers

Repadmin /showbackup *

5. Output all replication summary information from all DCs

Repadmin /showrepl *
6. Displays inbound replication requests that the domain controller has to issue to become
consistent with its source replication partners.

Repadmin / queue *

7. List all the Domain Controllers in Active Directory

DSQUERY Server -o rdn

8. Identifies domain controllers that are failing inbound replication or outbound replication, and
summarizes the results in a report.

Repadmin /replsummary

9. Displays calls that have not yet been answered, made by the specified server to other servers

repadmin /showoutcalls *

10. List the Topology information of all the bridgehead servers

repadmin /bridgeheads * /verbose

11. Inter Site Topology Generator Report

repadmin /istg * /verbose

12. Displays a list of failed replication events detected by the Knowledge Consistency Checker
(KCC).

repadmin /failcache *

13. Lists all domains trusted by a specified domain

Repadmin /showtrust *
14. Displays the replication features for, a directory partition on a domain controller.

repadmin /bind *
15. Dcdiag analyzes the state of domain controllers in a forest or enterprise and reports any
problems to help in troubleshooting

dcdiag /c /e /v
16. AD Health Check Script

This script will run all the commands mentioned in this document and generate an output/log file

This script will work under the following conditions

DSQUERY.exe is present in C:\Windows\System32

Repadmin.exe is present in C:\Windows\System32

Dcdiag.exe is present in C:\Windows\System32

(In case of Windows Server 2003 Dcdiag and Repadmin are not installed by default,
Administrator has to install Support tools for Windows Server 2003 for the script to work)