Active Directory Health Check Script

Active Directory Health Check Script (Batch)

How do you know the health status of your Active Directory?

Till the time of user complaints about any issues related to Active Directory System Administrator’s don’t care about the health of any services, In IT Infrastructure Active Directory is the backbone.

Hence we always should know about the health status of Active Directory.

How do i know the health status of Active Directory?

Microsoft has provided many tools to get the status of Active Directory.

i.e. Best Practices Analyzer, many command-line tools and some GUI tools.

Here we will use command-line tool to gather the information of active directory, using this information we can easily come to know about the active directory health status.

If we run these commands manually will be consuming more time to get the results, also we have remembered set of commands to run on each domain controller, hence we will put together all required commands into single Batch script and we can execute the script on each domain controller to get the results.

In the batch script we have to set the LogFile path. Default in this script will save the log file into Server Desktop. If you need you can change it to share folder to collect all servers reports into same place. Like mentioned below.

set logfile=\\server\share\ADHealth\ADHealth.txt

What all command-line tool we are going to use in this script.

System Boot Time - systeminfo | find "System Boot Time:"

Displays boot time, It’s not most important or directly tied with Active Directory but still worth to know last start-up time.

TCP/IP network configuration - IPCONFIG /all

Displays all current TCP/IP network configuration. This is usually helpful to highlight any DNS server entries misconfiguration.

 Domain Controller Diagnostics - dcdiag /a

Hopefully most system administrator may know about this command, if no than please go through below link to get more information about this command. LINK HERE.

Repadmin /replsummary

This command will show you an overview about the replication failure and for which DC. More Info

Repadmin /showrepl

This command will show you a last replication attempt result More Info

NETDOM Query FSMO

This command will show you a Current FSMO Role holder

Nslookup -querytype=srv _gc._tcp.%domain%

This command will show all Global Catalog server details.

Batch Script

You can copy and Paste into Notepad and save as ADHealthReport.bat than you can run on domain controllers.

Note: If you are running this script on prior to Windows Server 2008, You may have to install the ADMIN Pak: Windows Server 2003 Service Pack 2 Administration Tools Pack (adminpak) .

@Echo Off
ECHO Report will be saved on your desktop as ADHealth.txt
ECHO AD Health Checks Running on. Notepad will open at end of script completion
ECHO This CMD Windows will close after you close notepad of Report
ECHO www.sanjar.com
set logfile=%userprofile%\Desktop\ADHealth.txt
echo. >> %logfile%
echo. >> %logfile%
REM Finds system boot time
echo System Boot Time ————————————————————- >> %logfile%
systeminfo | find “System Boot Time:” >> %logfile%
systeminfo | find “System Up Time:” >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Displays all current TCP/IP network configuration values
echo IPCONFIG ————————————————————- >> %logfile%
ipconfig /all >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Analyse the state of domain controllers in a forest and reports any problems to assist in troubleshooting
echo DCDIAG ————————————————————- >> %logfile%
dcdiag /a >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM The replsummary operation quickly summarizes the replication state and relative health
echo Replsummary ————————————————————- >> %logfile%
repadmin /replsummary >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Displays the replication partners for each directory partition on the specified domain controller
echo Showrepl ————————————————————- >> %logfile%
repadmin /showrepl >> %logfile%
echo. >> %logfile%
echo. >> %logfile%
REM Query FSMO roles
echo NETDOM Query FSMO ————————————————————- >> %logfile%
netdom query fsmo >> %logfile%
REM Query Global Catalogs
echo List Global Catalogs ————————————————————- >> %logfile%
for /f “tokens=2” %%a in (‘systeminfo ^| findstr Domain:’) do set domain=%%a
nslookup -querytype=srv _gc._tcp.%domain% >> %logfile%
notepad %logfile%