Lets learn something new

Cloud, Cybersecurity, DevOps, AI

Windows

Perform Domain Controller Health Check

ByArnav Sharma

Jul 8, 2024 #IT
Azure DTU

Last Updated on August 7, 2025 by Arnav Sharma

Maintaining the health of your Active Directory (AD) environment is crucial for ensuring seamless user authentication, authorization, and overall network services. This guide will walk you through various methods to check the health of your Domain Controllers (DCs) using native Microsoft tools and PowerShell scripts.

What is a Domain Controller Health Check?

A Domain Controller health check is a process that verifies the status and functionality of your AD environment. It ensures that the critical services and processes are running smoothly, replication is occurring as expected, and there are no major issues that could affect the overall health of your AD.

Using Dcdiag for Active Directory Health Checks

What is Dcdiag?

Dcdiag is a Microsoft Windows command-line tool that analyzes the state of domain controllers in a forest or enterprise. The dcdiag tool can be used to run a variety of tests to ensure that your AD environment is functioning correctly.

How to Install Dcdiag

Dcdiag is included with the AD DS role and the Remote Server Administration Tools (RSAT). If these are installed, you already have the dcdiag command at your disposal.

Running Dcdiag Commands

To check the health of your domain controllers, you can use the following dcdiag commands:

Basic Command:

dcdiag

This runs a set of default tests on the local domain controller.

Run Against a Remote Server:

dcdiag /s:DC1

Verbose Output:

dcdiag /s:DC1 /v

Save Output to a File:

dcdiag /s:DC1 /f:c:itdcdiag_test.txt

Run Against All Domain Controllers:

dcdiag /s:DC1 /a

Display Only Errors:

dcdiag /s:DC1 /q

Comprehensive Test:

dcdiag /s:DC1 /c /v /f:c:itdcdiag_test.txt

Dcdiag Test Examples

When you run the dcdiag command, it performs a series of tests. Here are some examples of what these tests might look like:

Initial Tests:

Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.

Primary Tests:

Testing server: Default-First-Site-NameDC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Starting test: Advertising
......................... DC1 passed test Advertising

These tests ensure that your domain controllers are reachable and properly advertising their roles.

Checking DNS with Dcdiag

The DNS diagnostics test is crucial for ensuring that the DNS server is functioning correctly. Use the following command to run a DNS test:

dcdiag /s:dc1 /test:dns

Repadmin for Replication Status

Replication is a critical component of AD health. Use the repadmin command to check the replication status:

Summary of Replication Status:

repadmin /replsummary

Detailed Replication Status:

repadmin /showrepl

Replication Errors Only:

repadmin /showrepl /errorsonly

Force Immediate Replication:

repadmin /syncall dc2

Monitoring Services with PowerShell

Use PowerShell to ensure that essential AD services are running. The following script checks the status of critical services:

$Services='DNS','DFS Replication','Intersite Messaging','Kerberos Key Distribution Center','NetLogon','Active Directory Domain Services'

ForEach ($Service in $Services) {Get-Service $Service | Select-Object Name, Status}

Automating Health Checks with PowerShell

To automate the health monitoring of your domain controllers, you can use a PowerShell script that checks various health indicators and generates a report:

# Sample PowerShell script to monitor DC health
$Services='DNS','DFS Replication','Intersite Messaging','Kerberos Key Distribution Center','NetLogon','Active Directory Domain Services'
ForEach ($Service in $Services) {Get-Service $Service | Select-Object Name, Status}

# Add more checks as needed and generate a report

Using Third-Party Tools

ManageEngine ADManager Plus

ManageEngine ADManager Plus offers automated account management, compliance reporting, and AD health monitoring.

SolarWinds Active Directory Monitoring

SolarWinds provides comprehensive AD monitoring services, including the Server and Application Monitor, which tracks the performance of applications and their dependencies.

Regularly checking the health of your domain controllers is essential for the efficient running of Active Directory domain services. By using tools like dcdiagrepadmin, and PowerShell scripts, you can ensure that your AD environment remains healthy and functional. Remember to also consider third-party tools for more comprehensive and automated health monitoring solutions.

Related Post

Updates Windows

Windows at Build 2025

Jun 8, 2025 Arnav Sharma
General Windows

Planning Domain Controller Placement – Best Practices

Jul 28, 2024 Arnav Sharma
Windows

Mastering the RunAs Command in Windows

Jul 18, 2024 Arnav Sharma

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You missed

Cybersecurity

Why “We Encrypt at Rest” Is No Longer Enough

March 13, 2026 Arnav Sharma
Cybersecurity

Hypervisors Infrastructure Attacks

March 5, 2026 Arnav Sharma
Cybersecurity

PCI DSS v4: What Actually Changed

February 25, 2026 Arnav Sharma
Artificial Intelligence Cybersecurity

Malware Evolution: Adaptive code mutating in real-time.

February 19, 2026 Arnav Sharma