Replica DCs on Azure – Domain Controller Health Check

9:56 am in Azure, Cloud, Command-line, hybrid cloud, IaaS, PowerShell, Replica DC, W2K12R2 by Wim Matthyssen

This blog post is part of the step-by-step to deploy replica domain controllers (DCs) on Microsoft Azure which can be found here: http://scug.be/wim/2015/09/28/deploying-replica-dcs-in-windows-azure/

After we successfully installed and promoted both IaaS virtual machines (VMs) as DCs it’s time to do an overall health check of your hybrid active directory (AD) environment. Below I will show you some tools you can use to perform these checks. Probably it’s not a complete list but it gets you started.

Check Windows Update for the latest updates (GUI)

It’s always advisable when you install new roles on a server to check for new Windows updates after the completion of the installation. To check and install new updates, follow the steps below:

1) To open the Windows Update page, logon to one of the DCs, open Run and type:

image

2) Click Check for updates and if updates are available, install all preferred updates

Check the Event Viewer (GUI)

Another important tool to advise when you completed the promotion is to check the system, security, application, and other logs in the Event Viewer. To check these Event Viewer logs, follow the steps below:

1) To open Event Viewer, logon to one of the DCs, open Run and type:

image

2) Check the logs for possible warnings or errors

image

Run Dcdiag (command-line)

With the Domain Controller Diagnosis (DCDIAG) utility we can analyze the state of all DCs and domain services in the forest and we can create a report to troubleshoot possible problems. To run Dcdiag, follow the steps below:

1) Logon to one of the DCs as a user with Domain Admin privileges, open PowerShell as an Administrator and run following commands:

image

2) Open the file C:\Dcdiagresult.txt to view the result and to find possible issues

image

Run Repadmin (command-line)

With Repadmin you can diagnose (and in some cases repair) your AD replication status and health. To run Repadmin, follow the steps below:

1) Logon to one of the DCs as a user with Domain Admin privileges, open PowerShell as an Administrator and run following commands:

image

2) Open the file C:\Repadminresult.txt to view the result and to find possible replication issues

image

Run the Best Practice Analyzer (BPA) tools (GUI)

With the BPA tools we can conduct a scan against the DCs to ensure they are configured based on Microsoft and industry best practices. With BPA we can find incorrect configuration settings and security violations, but also investigate poor performance. To run BPA, follow the steps below:

1) Logon to one of the DCs and open Server Manager from the taskbar

2) Select a server role on the left and scroll down to the BPA section. Click TASKS and select Start BPA Scan

image

3) Select all servers you want to scan and click Start Scan

image

4) When the scan is completed, you can review all the results and fix possible issues if preferred

image

I hope this short DC health checklist helps you in the future and if you have any questions just let me know. Till next time!

Wim Matthyssen (@wmatthyssen)