Active Directory Health Check

Weekly or bi-weekly Active Directory Health Checks are an important part of a Microsoft SysAdmin’s responsibility. Busy or inexperienced SysAdmin’s often overlook some of the important Health Check steps or don’t do them at all. Taking the time to routinely review and assess your Microsoft Active Directory is the difference between a proactive SysAdmin and a reactive SysAdmin.

First of all, monitoring the Windows Event Viewer is a must. Take the time to check through all of the Event Log queues including the Application, Security and System log. On Domain Controllers the DFS Replication, Directory Service and DNS Server logs should also be reviewed. Leverage the sort and error fields to filter out the information you don’t need to see.

Next, run command line diagnostics and pipe the results to a text document for in-depth review. This allows you to analyze the results in detail and compare results after you’ve fixed any issues you identify. Its also much easier to read the logs in a NotePad++ window and search for events then trying to dig through command line output.

The following reports can be ran from the Windows command prompt:

DC Diag

This report will identify issues with domain controllers and any services associated with them:

C:\>dcdiag.exe /v >> c:\pre_dcdiag.txt