Windows Tip Sheet
The New and Improved Dcdiag
The domain and DC troubleshooting tool gets some cool, new features with Win2003 SP1.
Dcdiag.exe is a command-line tool that most administrators know about. It’s
great for troubleshooting various domain and domain controller (DC) issues,
and in Service Pack 1 for Win2003, it has picked up some new capabilities.
Run Dcdiag /TEST:DNS to test the health of AD’s
DNS infrastructure. By default, this tests both basic DNS functionality, forwarders
or root hints, delegation, dynamic updates, record registration, external name
resolution, and Internet host resolution (it checks for www.microsoft.com by
default). This is a great one-command test to see how your entire DNS infrastructure
is working.
A second is Dcdiag /TEST:CheckSecurityError, which
looks for basic security problems.
As always, you can run Dcdiag right on a domain controller or from your client
workstation (although you’ll need to specify a server or naming context
so that Dcdiag knows what to test; use the /s: argument to specify a DC server
name).
More Resources:
Read the official
docs on Dcdiag.
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.