How to check successful Active Directory installation
How to check successful Active Directory installation
Below are the steps to verify Active Directory installation: –
Run the dcdiag
- Thoroughly test the domain controller for all directory service issues, you can run the dcdiag /v command. The output of this command provides detailed information about the conditions on the domain controller.
SYSVOL/Netlogon Status
- Verify SYSVOL Folder using net share command
Start->Run->CMD
type the command ” net share ” SysVol folder will be displayed if the Active Directory is installed.
%systemroot%\SYSVOL\sysvol\<Domain Name>\SCRIPTS
Also check dcdiag /test:netlogons
Database and Log files status
- Verify Database and Log files (NTDS.DIT,edb.*,Res*.log)
Active Directory database: The Active Directory database is your Ntds.dit file. Verify its existence in the %Systemroot%\Ntds folder
Check AD object status
- Verify active directory objects like computers, users and ForeignSecurityPrincipals are created in ADUC.
Verify DC OU
- Verify whether Default domain controllers OU is created and holds the DC’s account in ADUC.
You can use this procedure to verify that a domain computer account is registered properly and that the Service Principal Names (SPNs) are advertised. This account is required for the domain controller to function as a domain controller in the domain.
dcdiag /test:MachineAccount
It the test is successful, you should see the following message:
<ComputerName> passed test MachineAccount.
To receive more detailed information, including the SPNs that are found for the domain controller, use the /v option.
Check Default-First-Site-Name status
- verify whether ‘Default-First-Site-Name’ is created Active directory sites and services. Also verify subnet object and NTDS settings object. verify whether the DC also GC Server by checking NTDS setting in Active directory sites and services.
DNS suffix staus
- Very the DNS suffix for DC in My computer and also check whether it registers proper role using net accounts command. To verify DNS registration and TCP/IP connectivity: –
At the command prompt, type the following command, and then press ENTER:
dcdiag /test:dns
Verify Active Directory replication
- Replication Status
dcdiag /test:replications
FSMO roles status
- Verify the availability of the operations masters
dcdiag /s:<DomainControllerName> /test:knowsofroleholders /v
where <DomainControllerName> is the name of an existing domain controller in the domain in which you want to add the new domain controller. The verbose option provides a detailed list of the operations masters that were tested. Near the bottom of the screen, a message confirms that the test succeeded. If you use the verbose option, look carefully at the bottom part of the displayed output. The test confirmation message appears immediately after the list of operations masters.
Type the following command to ensure that the operations masters are functioning properly and available on the network, and then press ENTER:
dcdiag /s:<DomainControllerName> /test:fsmocheck
where <DomainControllerName> is the name of a domain controller in the domain in which you want to add the new domain controller. The verbose option provides a detailed list of the operations master that were tested as well as other important servers, such as global catalog servers and time servers. Near the bottom of your screen, a message confirms that the test succeeded.
If these tests fail, do not attempt any additional steps until you fix the problem that prevents the location of operations master, and you can verify that they are functioning properly.
DNS record Status
- Use the DNS Manager Microsoft Management Console (MMC) snap-in to verify that the appropriate zones and resource records are created for each DNS zone.
Active Directory creates its SRV RRs in the following folders:
-
_Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
-
_Msdcs/Dc/_Tcp
In these locations, an SRV RR is displayed for the following services:
-
_kerberos
-
_ldap
So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
