Basic steps to troubleshoot AD

What are the basic steps to troubleshoot Active Directory (AD)?

1. DCDIAG

To deploy an additional domain controller:

dcdiag /test:dcpromo /DnsDomain:domain_name.com /ReplicaDC
To deploy a child domain:
dcdiag /test:dcpromo /DnsDomain:child_domain_name.forest.com /ChildDomain
Test the FSMO
dcdiag /s:<DomainControllerName> /test:fsmocheck
Check DNS
dcdiag /test:dns
Check for missing and duplicate SPNs as well as other errors
dcdiag /test:checksecurityerror
Check the rid pool
dcdiag /s:server /v /test:ridmanager

2. NSLOOKUP

Test SRV records
cmd > nslookup
set q=srv
_ldap._tcp.dc._msdcs.yourdomain.com
_ldap._tcp.gc._msdcs.yourdomain.com
_ldap._tcp.pdc._msdcs.yourdomain.com

Command to Troubleshoot DNS Issues

3. Repadmin

Disable replication

repadmin /options <dc-fqdn> +DISABLE_OUTBOUND_REPL
Enable replication
repadmin /options <dc-fqdn> -DISABLE_OUTBOUND_REPL

4. W32TM

Time sync issue in DC
w32tm /config /manualpeerlist:<DC1.contoso.com> /syncfromflags:manual /update

5. NLTEST

How to find the site for a Server
nltest /server:%computername% /dsgetsitenltest /dsgetdc:contoso.com
Reset the netlogon secure channel
nltest /sc_reset:<domainname>

NLTEST to test the trust relationship between a workstation and domain

6. PortQuery

PortQry.exe -n 10.236.214.136 -e 53 -p both

7. How to check the delegation

Dsrevoke /Report OU=test,DC=gs,DC=Com gs\bshwjt
ACLDiag.exe "OU=Employee,DC=Contoso,DC=Com" /chkdeleg

For details see the below links.
http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions.aspx

http://msmvps.com/blogs/acefekay/archive/2012/02/07/active-directory-server-2008-r2-you-do-not-have-permission-to-modify-the-group.aspx

8. RUNAS

runas /user:<domain\username> cmd

Comments

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 . To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...

How to create a Hirens Boot CD 15.2 USB Disk

Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems. I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.

Internet Connection Sharing has been disabled by the Network Administrator. (Solved)

Problem: Logged in to computer with domain account has administrator privileges, and wanted to share my computer’s wifi to my mobile phone. When open the network sharing dialog, the dialog says: Internet Connection Sharing has been disabled by the Network Administrator.

Networking Tips Tricks

Search This Blog