DC-Promotion

How to check successful Active Directory installation

How to check successful Active Directory installation

Below are the steps to verify Active Directory installation: –

Run the dcdiag

  • Thoroughly test the domain controller for all directory service issues, you can run the dcdiag /v command. The output of this command provides detailed information about the conditions on the domain controller.

SYSVOL/Netlogon Status

  • Verify SYSVOL Folder using net share command

 Start->Run->CMD

type the command ” net share ” SysVol folder will be displayed if the Active Directory is installed.

 %systemroot%\SYSVOL\sysvol\<Domain Name>\SCRIPTS

Also check dcdiag /test:netlogons

Database and Log files status

  • Verify Database and Log files (NTDS.DIT,edb.*,Res*.log)

Active Directory database: The Active Directory database is your Ntds.dit file. Verify its existence in the %Systemroot%\Ntds folder

Check AD object status

  • Verify active directory objects like computers, users and ForeignSecurityPrincipals are created in ADUC.

Verify DC OU

  • Verify whether Default domain controllers OU is created and holds the DC’s account in ADUC.

You can use this procedure to verify that a domain computer account is registered properly and that the Service Principal Names (SPNs) are advertised. This account is required for the domain controller to function as a domain controller in the domain.

dcdiag /test:MachineAccount

It the test is successful, you should see the following message:

<ComputerName> passed test MachineAccount.

To receive more detailed information, including the SPNs that are found for the domain controller, use the /v option.

Check Default-First-Site-Name status

  • verify whether ‘Default-First-Site-Name’ is created Active directory sites and services. Also verify subnet object and NTDS settings object. verify whether the DC also GC Server by checking NTDS setting in Active directory sites and services.

DNS suffix staus

  • Very the DNS suffix for DC in My computer and also check whether it registers proper role using net accounts command. To verify DNS registration and TCP/IP connectivity: –

At the command prompt, type the following command, and then press ENTER:

dcdiag /test:dns

Verify Active Directory replication

  • Replication Status
dcdiag /test:replications

FSMO roles status

  • Verify the availability of the operations masters
dcdiag /s:<DomainControllerName> /test:knowsofroleholders /v

where <DomainControllerName> is the name of an existing domain controller in the domain in which you want to add the new domain controller. The verbose option provides a detailed list of the operations masters that were tested. Near the bottom of the screen, a message confirms that the test succeeded. If you use the verbose option, look carefully at the bottom part of the displayed output. The test confirmation message appears immediately after the list of operations masters.

Type the following command to ensure that the operations masters are functioning properly and available on the network, and then press ENTER:

dcdiag /s:<DomainControllerName> /test:fsmocheck

where <DomainControllerName> is the name of a domain controller in the domain in which you want to add the new domain controller. The verbose option provides a detailed list of the operations master that were tested as well as other important servers, such as global catalog servers and time servers. Near the bottom of your screen, a message confirms that the test succeeded.

If these tests fail, do not attempt any additional steps until you fix the problem that prevents the location of operations master, and you can verify that they are functioning properly.

DNS record Status

  • Use the DNS Manager Microsoft Management Console (MMC) snap-in to verify that the appropriate zones and resource records are created for each DNS zone.

Active Directory creates its SRV RRs in the following folders:

  • _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
  • _Msdcs/Dc/_Tcp

In these locations, an SRV RR is displayed for the following services:

  • _kerberos
  • _ldap

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button