How to check successful Active Directory installation

Below are the steps to verify Active Directory installation:-

1. Thoroughly test the domain controller for all directory service issues, you can run the dcdiag /v command. The output of this command provides detailed information about the conditions on the domain controller.

2. Verify SYSVOL Folder using net share command

 Start->Run->CMD

type the command ” net share ”

SysVol folder will be displayed if the Active Directory is installed.

 %systemroot%\SYSVOL\sysvol\<Domain Name>\SCRIPTS

Also check dcdiag /test:netlogons

3.  Verify Database and Log files (NTDS.DIT,edb.*,Res*.log)

Active Directory database: The Active Directory database is your Ntds.dit file. Verify its existence in the %Systemroot%\Ntds folder

4.  Verify active directory objects like computers, users and ForeignSecurityPrincipals are created in ADUC

5. verify whether Default domain controllers OU is created
and holds the DC’s account in ADUC

You can use this procedure to verify that a domain computer account is registered properly and that the Service Principal Names (SPNs) are advertised. This account is required for the domain controller to function as a domain controller in the domain.

dcdiag /test:MachineAccount

It the test is successful, you should see the following message:

<ComputerName> passed test MachineAccount.

To receive more detailed information, including the SPNs that are found for the domain controller, use the /v option.

6. verify whether ‘Default-First-Site-Name’ is created Active directory sites and services. Also verify subnet object and NTDS settings object. verify whether the DC also GC Server by checking NTDS setting in Active directory sites and services.


7. 
very the DNS suffix for DC in My computer and also check whether it registers proper role using net accounts command. To verify DNS registration and TCP/IP connectivity:-

At the command prompt, type the following command, and then press ENTER:

dcdiag /test:dns

8.  Verify Active Directory replication

dcdiag /test:replications

9. verify the availability of the operations masters

dcdiag /s:<DomainControllerName> /test:knowsofroleholders /v

where <DomainControllerName> is the name of an existing domain controller in the domain in which you want to add the new domain controller. The verbose option provides a detailed list of the operations masters that were tested. Near the bottom of the screen, a message confirms that the test succeeded. If you use the verbose option, look carefully at the bottom part of the displayed output. The test confirmation message appears immediately after the list of operations masters.

Type the following command to ensure that the operations masters are functioning properly and available on the network, and then press ENTER:

dcdiag /s:<DomainControllerName> /test:fsmocheck

where <DomainControllerName> is the name of a domain controller in the domain in which you want to add the new domain controller. The verbose option provides a detailed list of the operations masters that were tested as well as other important servers, such as global catalog servers and time servers. Near the bottom of your screen, a message confirms that the test succeeded.

If these tests fail, do not attempt any additional steps until you fix the problem that prevents the location of operations masters and you can verify that they are functioning properly.

10. Use the DNS Manager Microsoft Management Console (MMC) snap-in to verify that the appropriate zones and resource records are created for each DNS zone.

Active Directory creates its SRV RRs in the following folders:

  • _Msdcs/Dc/_Sites/Default-first-site-name/_Tcp
  • _Msdcs/Dc/_Tcp

In these locations, an SRV RR is displayed for the following services:

  • _kerberos
  • _ldap

 

If you have any questions feel free to contact me on admin@windowstechno.com also follow me on facebook @windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

Leave a Reply