Have you ever felt that sometimes your girlfried is crumpy but still says everything is fine? You feel a tension in the air.
You: Something wrong?
Her: No (*gosh* she thinks. Why can’t he read my mind that senseless bastard)
You: Cool!
(but you isn’t 100 per cents comfortable with the answer. You feel that there is something in the air, but you can’t tell what it is)
Four days goes by. You have just got home from a football game (Tottenham vs Liverpool: 2-1). Happy as you can be, but you notice your girlfriend is on fire!!
Her (shouting): Why did you say no to visiting my parents two weeks ago? You and your brainless soccer.
You (thinking): it’s called “football” not “soccer”, but wisely you keep your mouth shut.
Her: You spend more time with your Tottenham compared to me and bla,bla,bla…
You (thinking): ahhh.. that’s what was in the air a week ago…
Everything in the OSI model below layer 7 is straight forward and well documented. It’s “layer 8” that is the most complex layer and hardest to understand.
In Active Directory this is not a case, unless you’re not dealing with a “Slow logon problem” (which can be a layer 8 problem).
If you feel there is something wrong in AD, you’ll get a straight forward answer by asking your domain what’s the problem. You just need the tools and syntax to do the questions for you.
Here are the tools and syntaxes I use most of the time to get the answers:
The MS Support Tools package. This is a “must have” package as long as you have a Domain Controller (<= 2003). Both for maintaining and troubleshooting.
1. Event log
– Look for Warnings and Errors (System, DS, DNS and FRS)
2. dcdiag /v /e /c /f:dcdiag.txt
– My favorite. This will diagnose all DC’s and write the result to a single log file (here: dcdiag.txt). Be aware that this will generate some network traffic if you have many DC’s in various sites.
3. netdiag /v
– diagnose network related issues
4. nltest /dclist:spurs.local
– list all domain controllers in the spurs.local domain and what site they are located (handsome to get a quick overview in a new domain)
5. netdom query fsmo
– list the FSMO holders in the domain/forest
6. netdom query dc
– list all domain controllers in spurs.local. It can’t list RODCs.
7. dsquery server -isgc
– list all the Global Catalogs
8. repadmin /showrepl and repadmin /replsum
– show the last replication cycle
9. repadmin /showbackup *
– show when the last backup was taken
10. dcdiag /test:dns /f:dnstest.txt /v
– to test DNS issues. Look at the end of the file for the summary.
11. dnslint /ad /s <ip-address of DNS server> /v
– Verifies registration and records and create a htm file for presentation.
Other useful tools I like:
Account lockout and management tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
Group Policy Management Consol (must have):
http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
Oldcmp (for cleanup):
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Wireshark (for network troubleshooting):
http://www.wireshark.org/
Policy Reporter (for parsing Userenv logs):
http://www.sysprosoft.com/policyreporter.shtml
How nice would it be to have a toolkit for females where you could easily debug them and get straight forward answers? Maybe someday in the future….
