For what

Normal checks

To check the Authentication/ Logon server

To check the time sync issues

To check the Directory usage

To check the Secure Channel

To see the Security Logs in a server

To get the Domain contoller of a domain

Local Security Policy settings

To perform System Log check - DCDiag

To check the disk space usage on a unix server

To check a user logged on status using Pstools

To check the replication latency

To check the lcfd status of a server

To check the McAfee status on a server

HP System Management Home page

To find an object which throws error in GPO

 Command
srvinfo
DCDIAG
NETDIAG /test:DNS
repadmin /showreps.

Echo %logonserver%
Windows+Run -> %logonserver%

w32tm /monitor

Diruse /M X:\ /S >C:\Temp\Diruse.txt

nltest /sc_query:<domain name>

expand oldsecdXXX.ev_ oldsecdXXX.evt

nltest /server:<dc name> /dsgetdc:<domain name>

secpol.msc

dcdiag /v /test:systemlog

df -k /<username>

psloggedon \\computername

repadmin /showvector DC=europa,dc=net /latency

http://servername:9495

http://servername:2300

http://servername:2381

find /I "Cannot find" %Systemroot%\Security\Logs\Winlogon.log

 Comments

Either of the way will work

where X:\ stands for the drive on which the Directory Usage needs to be run.

Domain name is the trusted domain name against which the check is done

similar tests can be run for each DCDiag checks separately

<username> is the userID against which the check will be run

The displayed account is the one which cannot be resolved to its SID and throws GPO propogation error
 Tool
Active Directory Domains and Trusts snap-in
Active Directory Sites and Services snap-in
Active Directory Users and Computers snap-in
ADSI Edit, MMC snap-in
Backup Wizard
Control Panel
Dcdiag.exe
DNS snap-in
Dsastat.exe
Event viewer
Ipconfig.exe
Ldp.exe
Linkd.exe
MMC
Netdiag.exe
Netdom.exe
Net use, start, stop, del, copy, time
Nltest.exe
Ntdsutil.exe
Ntfrsutl.exe
Performance Monitor
Pathping.exe
Ping.exe
Regedit.exe
Repadmin.exe
Replmon.exe
Secedit.exe
Services snap-in
Setspn.exe
Task Manager
Terminal Services
W32tm
Windows Explorer
 Location
Windows 2000 Administrative Tools Pack
Windows 2000 Administrative Tools Pack
Windows 2000 Administrative Tools Pack
Windows 2000 Support Tools
Windows 2000 operating system tool
Windows 2000
Windows 2000 Support Tools and Windows 2000 Server Resource Kit
Windows 2000 Administrative Tools Pack
Windows 2000 Support Tools
Windows 2000 Administrative Tools Pack
Windows 2000 operating system tool
Windows 2000 Support Tools
Windows 2000 Server Resource Kit
Windows 2000
Windows 2000 Server Resource Kit and Windows 2000 Support Tools
Windows 2000 Support Tools
Windows 2000 operating system tool
Windows 2000 Support Tools
Windows 2000 operating system tool
Windows 2000 Server Resource Kit
Windows 2000 operating system tool
Windows 2000 operating system tool
Windows 2000 operating system tool
Windows 2000 operating system tool
Windows 2000 Support Tools
Windows 2000 Support Tools
Windows 2000 operating system tool
Windows 2000 Administrative Tools Pack
Windows 2000 Support Tools
Windows 2000
Windows 2000
Windows 2000 operating system tool
Windows 2000
 Function
Administer domain trusts, add user principal name suffixes, and change the domain mode.
Administer the replication of directory data.
Administer and publish information in the directory.
View, modify, and set access control lists (ACLs) on objects in the directory.
Back up and restore data.
View and modify computer, application, and network settings.
Analyze the state of domain controllers in a forest or enterprise; assist in troubleshooting by reporting any problems.
Manage DNS.
Compare directory information on domain controllers and detect differences.
Monitor events recorded in event logs.
View and manage network configuration.
Perform Lightweight Directory Access Protocol (LDAP) operations against Active Directory.
Create, delete, update, and view the links that are stored in junction points.
Create, save, and open administrative tools (called MMC snap-ins) that manage hardware, software, and network components
Check end-to-end network connectivity and distributed services functions.
Allow batch management of trusts, joining computers to domains, and verifying trusts and secure channels.
Perform common tasks on network services, including stopping, starting, and connecting to network resources.
Verify that the locator and secure channel are functioning.
Manage Active Directory, manage single master operations, remove metadata.
View and manage FRS configuration.
View system performance data, performance logs and alerts, and trace log files.
Trace a route from a source to a destination on a network, show the number of hops, and show packet loss.
Verify network connectivity.
View and modify registry settings.
Verify replication consistency between replication partners, monitor replication status, display replication metadata, and force r
Display replication topology, monitor replication status, and force replication events and topology recalculation.
Manage Group Policy settings.
Start, stop, pause, or resume system services on remote and local computers, and configures startup and recovery options for
Manage security principal names (SPNs).
View processes and performance data.
Access and manage computers remotely.
Manage Windows Time Service.
Access files, Web pages, and network locations.
eplication events and topology recalculation.

each service.
 Monitoring Alert
A domain controller has received a significant number of
new replication partners.

Active Directory Essential Services has detected

Active Directory global catalog search failed.

Active Directory - lost objects warning.

Active Directory replication is occurring slowly.

Failed to ping or bind to the <operations master> role

holder.

High CPU alert.

Replication is not occurring all AD replication partners failed
to synchronize.

Time skew detected.

 Description
This is normal when a computer is in the process of becoming a global
catalog server or bridgehead server, or when new domains or domain
controllers are added to the environment.
Abnormal causes of this alert include replication or site link problems.

This is a high priority alert, because it indicates that the domain controller is
unusable for the reason specified in the error.

This is a high priority alert, because if a global catalog server cannot be

reached, users will not be able to log on, and Exchange's address book will
not function.

A large number of objects are in the LostAndFound container.

The monitoring system has determined that replication times are exceeding
set thresholds.

The destination server might not be functioning, or there might not be

network connectivity.

An application or service is consuming an inordinate amount of CPU.

Short term connectivity problems can be expected, but extended failures
indicate a problem. Investigate any problem that persists for more than a
few hours.
The system time on the servers indicated in the alert is not synchronized.
 Reference
See "Troubleshooting Active Directory Replication Problems" for replication troubleshooting procedures.

See "Managing Sites" for recommendations and procedures for establishing and verifying sites and site links.

If the alert indicates that a service is not running, restart the service.

If the alert indicates a SYSVOL problem, see "Troubleshooting FRS" or

"Managing SYSVOL" for further troubleshooting procedures or
recommendations.
If the alert indicates that the domain controller is not advertising, see
"Troubleshooting Active DirectoryRelated DNS Problems."
Verify that this is a global catalog server.

See "Verifying Server Health" to ensure the server is functioning

properly.
See "Troubleshooting Directory Data Problems."
If necessary, see "Managing Sites" for recommendations on setting
replication schedules or site topology configuration. You can also
change the threshold if you are satisfied with the current schedule.

See "Verifying Server Health" and "Verifying Network Path."

If necessary, see "Managing Operations Masters" to determine if it is
appropriate to seize the role.
If the outage is expected, see "Managing Operations Masters" to
transfer the role before the outage to avoid this error.
See "Troubleshooting High CPU Usage on a Domain Controller."
See "Troubleshooting Active Directory Replication Problems."

See "Troubleshooting Windows Time Service Problems."

Event Source Event ID
FRS 13508, 13509, 13512, 13522, 13567, 13568
Netlogon 5774, 5775, 5781, 5783, 5805
NTDS 1083, 1265, 1388, 1645
UserEnv 1085
W32Time 13, 14, 52-56, 60-64
 Reference
See "Troubleshooting FRS."
See "Troubleshooting Active DirectoryRelated DNS Problems."
"See Troubleshooting Active Directory Replication Problems."
"See Troubleshooting Active Directory Replication Problems."
"See Troubleshooting Windows Time Service Problems."