Basic steps to troubleshoot AD

By -
What are the basic steps to troubleshoot Active Directory (AD)?

1. DCDIAG

To deploy an additional domain controller: 
dcdiag /test:dcpromo /DnsDomain:domain_name.com /ReplicaDC
To deploy a child domain:
dcdiag /test:dcpromo /DnsDomain:child_domain_name.forest.com /ChildDomain
Test the FSMO
dcdiag /s:<DomainControllerName> /test:fsmocheck
Check DNS
dcdiag /test:dns
Check for missing and duplicate SPNs as well as other errors
dcdiag /test:checksecurityerror
Check the rid pool
dcdiag /s:server /v /test:ridmanager

2. NSLOOKUP

Test SRV records
cmd > nslookup
set q=srv
_ldap._tcp.dc._msdcs.yourdomain.com
_ldap._tcp.gc._msdcs.yourdomain.com
_ldap._tcp.pdc._msdcs.yourdomain.com

3. Repadmin

Disable replication
repadmin /options <dc-fqdn> +DISABLE_OUTBOUND_REPL
Enable replication
repadmin /options <dc-fqdn> -DISABLE_OUTBOUND_REPL

4. W32TM

Time sync issue in DC
w32tm /config /manualpeerlist:<DC1.contoso.com> /syncfromflags:manual /update

5. NLTEST

How to find the site for a Server
nltest /server:%computername% /dsgetsitenltest /dsgetdc:contoso.com 
Reset the netlogon secure channel
nltest /sc_reset:<domainname>

NLTEST to test the trust relationship between a workstation and domain

6. PortQuery

PortQry.exe -n 10.236.214.136 -e 53 -p both

7. How to check the delegation

Dsrevoke /Report OU=test,DC=gs,DC=Com gs\bshwjt
ACLDiag.exe "OU=Employee,DC=Contoso,DC=Com" /chkdeleg 

 For details see the below links.
http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions.aspx


http://msmvps.com/blogs/acefekay/archive/2012/02/07/active-directory-server-2008-r2-you-do-not-have-permission-to-modify-the-group.aspx 

8. RUNAS

runas /user:<domain\username> cmd

Comments

Post a Comment

Popular posts from this blog

Linux File and Directory Permissions

By -
Image
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Read more

How to Disable SSL for Webmin

By -
Webmin is a Web application that enables administrators to manage Linux servers. Webmin runs on a Web server at port 10000. Miniserv is the name of the Web server application that handles the Webmin Web application. By default, Miniserv uses SSL. However, you can disable SSL for Webmin Miniserv by editing the configuration file for the Web application. With SSL disabled, you can access the Webmin application over a standard HTTP connection. Step 1 Open a terminal window on the Linux server. You can also SSH into the server if you do not have physical access to the machine. Step 2 Type the following command at the command prompt and press the “Enter” key: nano /etc/webmin/miniserv.conf This command opens the Miniserv configuration file in the Nano text editor.
Read more

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By -
Image
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
Read more