Microsoft: Domain Controller health checks

Op kwam ik gisteravond een artikel van Brian McCann tegen waarin hij aangeeft welke stappen hij doorloopt bij een health check op Windows domain controllers. De health checks zijn vooral handing om uit te voeren na het patchen van een DC om zo zeker te zijn van een goed functionerende server.

Hier onder de stappen die Brian beschrijft;

The Event Viewer is always a must. I look at all the logs before and after the update to the domain controller looking for abnormal events. With the pre-check I usually go back a month of logs to get more historical data. I then run through a couple command line utilities. One thing I always do is pipe my commands out to a text document. This just makes it easier for me to read and also search for failed events.

Dcdiag.exe /v >> c:temppre_dcdiag.txt
This is a must and will always tell you if there is trouble with your DCs and/or services associated with it

Netdiag.exe /v >> c:temppre_Netdiag.txt
This will let me know if there are issues with the networking components on the DC. This along with the post test also is a quick easy way to ensure the patch I just installed is really installed (just check the top of the log)

Netsh dhcp show server >> c:temppre_dhcp.txt
Some may not do this but I’ve felt the pain of a DHCP server somehow not being authorized after a patch. This allows me verify the server count and names.

Repadmin /showreps >> c:temppre_rep_partners.txt
This shows all my replication and if it was successful or not. Just be aware that Global Catalogs will have more info here than a normal domain controller.

repadmin /replsum /errorsonly >> c:temppre_repadmin_err.txt
This is the one that always takes forever but will let you know who you are having issues replicating with.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.