DC DIAGNOSTIC COMMAND:
********* DCDIAG /S:DC1 >C:\DIAG.TXT (>c:\diag.txt = printing dcdiag info into c:\diag.txt file)
COMPAR- TWO DC's DIFF..
********* DSASTAT /S:DC1,DC2 /b:"CN=DOMAIN CONTROLLER,DC=domainname,DC=COM"
To verify communication with other domain controllers
********* netdiag /test:dsge
To ensure that the operations masters are functioning properly
********* dcdiag /s:servername /test:fsmocheck
To determine whether a site has at least one global catalog server
********* nltest /dsgetdc:domainmae /gc /site:sitename
To Verify Status of Global Catalog Server
******* dcdiag /v /s:servername | find "%"
To Verify whather a site has Bridgeheads Server
***** Repadmin /Bridgeheads /Verbose
To monitor the replication progress on a new global catalog server
********* dcdiag /v /s:servername
To Detecting Null Server-Reference Attributes
********* ntfrsutl ds > c:\ntfrsutl.txt
To Rollback Defualt Security temple before appling new Security template
*********
secedit /generaterollback /cfg c:windows\security\templates\securedc.inf /rbk ooops.inf /log ooops.log
*****To Redirect Computer folder to new Organization Unit****
rediremp ou=lockdown,dc=domainname,dc=com ****
****Replication DC to DC****
Repadmin /Syncall
Repadmin /Syncall /A /e /P
*****GPO Troubleshooting*****
dcgpofix /target:domain
dcgpofix /target:DC
dcgpofix /target:Both
*****Apply Security template on local PC or Server
Secedit /Configure /db c:\dc3.sdb /cfg c:windows\security\Template\secureserver.inf /log sercureserver.log
****To Creat Application partition on DNS Server by using DNSCMD****
dnscmd Server1 /createdirectorypartition app1.companyname.com
dnscmd Server1 /enlistdirectorypartition app1.companyname.com
dnscmd Server1 /unenlistdirectorypartition app1.companyname.com
dnscmd server1 /deletedirectorypartition app1.companyname.com
*****Troubleshooting Replication ******
repadmin /kcc
repadmin /showreps
repadmin /bridgeheads
DSASTAT /S:DC1,DC2 /b:"CN=DOMAIN CONTROLLER,DC=domainname,DC=COM"
DSASTAT -S:domaincontroller1;domaincontroller2
dsastat -s:rosebud;milquestoast
dcdiag /test:topology
dcdiag /test:replication
********* Time Services Managements ****
w32tm /config /manualpeerlist:"ntp.colby.edu, tick.gatech.edu" /update (US-EST Time)
net time /querysntp
w32tm /monitor
*****FSMO******
----Find which server holding what roles---
Netdom Query FSMO
dsquery server -hasfsmo rid
dsquery server -hasfsmo pdc
dsquery server -hasfsmo infr
dsquery server -hasfsmo name
dsquery server -hasfsmo schema
****To FSMO Details****
Dcdiag /test:knowsofroleholders /v
****To Transfer FSMO Roles from one DC to another DC*****
Ntdsutil:
Ntdsutil:roles
fsmo Maintenance: Connections
Server Connections: Connect to Domain_Controller
Server Connections:Quit
-> fsmo Maintenance:Transfer PDC or RID OR Domain naming master or Schema master
**To Seize Roles**
-> fsmo Maintenance:Seize Schema master or Rid master or PDC master or Domain naming master
***Cleaning Metadata***
ntdsutil:
ntdsutil:metadata Cleanup
Metadata Cleanup:Connection
Connection:Connect to Server Servername (Domain Naming Master)
Quit
Select Operation Target
List Domain
Locate the domain you want to remove the metadata (Pick Number)
select domain number (Number= 0 or 1)
List Sites
Select Site Number (Number= 0 or 1)
List Servers in Site
Select Server number (Number = 0 or 1)
Quit
remove Selected Server
Quit
Quit
******How to change DSRM Password********
ntdsutil:set DSRM password
Reset DSRM Administrator Password:reset password on server servername
Reset DSRM Administrator Password:reset password on serve null (Local)
quit
****How to Restore AD Databse****
ntdsutil:auth-restore
authoritative restore:Restore subtree ou=sales,dc=temple,dc=com (i.e Subtree Restore)
authoritative restore:Restore Databse (Entire AD Database from last backup)
authoritative restore:Restore Object (Object Only)
Repadmin /option <Servername> +disable_inboubd_rep (Disable replication)
Repadmin /Syncall /A /e /P (BIG GUN)
Repadmin /option <servername> -disable_inbound_rep (Enable replication)