Friday 6 February 2015

Active Directory Health Check V01

Copy the below scripts and save it to bat, the log will provide you the details description of Active

Directory.

@Echo Off

REM Set the log file path

set logfile=C:\DChealth\ADHealth.txt

REM echo on and create adhealth log file in your desktop

echo. >> %logfile%
echo. >> %logfile%

echo ======================= >> %logfile%

echo Ping result              >> %logfile%

echo ======================= >> %logfile%

for /f %%a in ('dsquery server -o rdn') do ping -n 1 %%a >nul && (echo %%a ok) >> %logfile% || (echo %%a failed to respond) >> %logfile%

echo ======================= >> %logfile%

echo Repadmin -Replsummary   >> %logfile%

echo ======================= >> %logfile%

C:\Windows\System32\Repadmin.exe /replsummary * >> %logfile%



echo ================================ >> %logfile%

echo         FSMO ROle      >> %logfile%

echo =============================== >> %logfile%

netdom query fsmo >> %logfile%


echo ================================ >> %logfile%

echo Domain Controllers In the Domain >> %logfile%

echo ================================ >> %logfile%
 
C:\windows\system32\dsquery server -o rdn >> %logfile%


echo ======================== >> %logfile%

echo Repadmin - showbacup     >> %logfile%

echo ======================== >> %logfile%

c:\windows\system32\repadmin.exe /showbackup * >> %logfile%


echo ========================= >> %logfile%

echo Repadmin - showrepl       >> %logfile%

echo ========================= >> %logfile%

c:\windows\system32\repadmin.exe /showrepl * >> %logfile%


echo ========================= >> %logfile%

echo Repadmin -Queue           >> %logfile%

echo ========================= >> %logfile%

c:\windows\system32\repadmin.exe /queue * >> %logfile%


echo ========================== >> %logfile%

echo Repadmin -Bridgeheads      >> %logfile%

echo ========================== >> %logfile%

c:\windows\system32\repadmin.exe /bridgeheads * /Verbose >> %logfile%


echo =============== >> %logfile%

echo Repadmin -ISTG  >> %logfile%

echo =============== >> %logfile%

c:\windows\system32\repadmin.exe /istg * /Verbose >> %logfile%



echo ====================== >> %logfile%

echo Repadmin -showtrust    >> %logfile%

echo ====================== >> %logfile%

c:\Windows\system32\repadmin.exe /showtrust * >> %logfile%


echo ======================= >> %logfile%

echo Repadmin -Bind          >> %logfile%

echo ======================= >> %logfile%

c:\windows\system32\repadmin.exe /bind * >> %logfile%


echo ======================= >> %logfile%

echo DCDIAG                  >> %logfile%

echo ======================= >> %logfile%

c:\windows\system32\dcdiag /c /e /v >> %logfile%

Pasue





Posted by at No comments:

Wednesday 4 February 2015

DC Locator Process

  • The Windows computer sends an DNS query to ask for DNS resolution of _ldap._tcp.dc._msdcs.domain.com (Example: _ldap._tcp.dc._msdcs.contoso.com) SRV records
  • The DNS server responds with the list of registered DNS records (The records contain the list of Domain Controllers within the AD domain
  • The Windows computer reviews the list of SRV records and selects one according to the priority and weight assigned to the records. It will then query the DNS server to get the IP address of the selected Domain Controller
  • The DNS server checks the A record of the Domain Controller and responds with the IP address
  • The Windows computer contacts the selected Domain Controller and initiates the communication with it When the communication is initiated, the selected Domain Controller will check that the client computer belongs to its Active Directory site. This is done by comparing the IP address of the client computers with Active Directory configured sites and subnets. Here, there will be two possible scenarios:
  • The Windows computer and the selected Domain Controller belong to the same Active Directory site: In this situation, the following will happen:
  • The selected Domain Controller provides the client computer with the site name
  • The Windows computer caches the name of its AD site and the name of the used Domain Controller. The selected Domain Controller will be used as long as it is available. The Windows computer no longer needs to re-do the localization process each time it needs to communicate with a Domain Controller.
  • The Windows computer and the selected Domain Controller do not belong to the same Active Directory site: In this situation, the following will happen:
  • The selected Domain Controller provides the client computer with the site name and informs it that it is not the closest Domain Controller
  • The Windows computer sends a DNS query to ask for DNS resolution ofldap._tcp.Computer_Site_Name._sites.dc._msdcs.domain.com (Example: _ldap._tcp.denver._sites.dc._msdcs.contoso.com) SRV records
  • The DNS server responds with the list of registered DNS records (The records contain the list of Domain Controllers within the AD site)
  • The Windows computer reviews the list of SRV records and selects one according to the priority and weight assigned to the records. It will then query the DNS server to get the IP address of the selected Domain Controller
  • The DNS server checks the A record of the Domain Controller and responds with the IP address
  • The Windows computer contacts the selected Domain Controller and initiates the communication with it
Remark 1: If the Windows computer fails to communicate with a selected Domain Controller, it will try to contact another one according to the priority and weight assigned to the SRV records.
Remark 2: If a Windows computer already has its AD site cached and would like to localize a new Domain Controller (Example: The current Domain Controller in use is no longer available) then it will start directly with Step number 7 (We refer to the steps shown in the previous figure)
Remark 3: The Windows computer AD site is stored in the following registry entry: HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName


Posted by at No comments:

Functions Of NetLogon Service On Domain Controllers

This article explains the functions of NetLogon Service on 

domain controllers.


NetLogon Service is very important for Domain Controllers. This service is started and configured to start Automatic when you promote a server to Domain Controller. If this service is not running then there are a few things which fail. This article explains the functionality of NetLogon service on Domain Controllers as mentioned below:
·         This service is responsible for creating Secure Channel between Domain Controllers and client computers. Secure Channel is created to pass the authentication packets.
·         Service performs the registration of SRV records, CNAME and other DC records in the DNS Server to advertise the availability of Domain Controllers in the domain.
·         SRV Records registered by NetLogon Service are stored in C:\Windows\System32\Config\NetLogon.DNSFile.
·         Performs registration of SRV Records every 24 hours depending on the version of Operating System in use.

·         Registers the SRV Records for a site where there is no Domain Controller. This is called Site Coverege.
Posted by at No comments:

Windows Server 2008 Password Reset









Posted by at No comments:

Tuesday 3 February 2015

Server 2008 event IDs that correspond to Windows Server 2003

The event ID numbering scheme changed for Windows 7, Server 2008, and Windows Vista. You might need to figure out the corresponding IDs so that you can use them with your monitoring software.
To find the Server 2008 event ID that corresponds to a given Server 2003 event ID, use the following simple rule:

Server 2003 event ID + 4096 = Windows Server 2008 Event ID.

Exceptions to this rule are the Windows logon events:
·         The successful logon events (event IDs 528 and 540) have been merged into a single event, 4624 (this is 528 + 4096).
·         The failure logon events (event IDs 529 through 537 and 539) have been merged into a single event, 4625 (this is 529 + 4096).
Posted by at No comments:
Subscribe to: Posts (Atom)