Win2000 domain controller diagnostics

one. Function Introduction

Dcdiag.exe is a domain controller diagnostic tool. Before explaining this tool, you must first explain some concepts. Domain: Simply put, a network is composed of domains. It is a centralized management unit for data security. It has a unique name. The domain can define security boundaries in the Active Directory. The domain was originally created in Windows NT, and CW2KP is still inherited. 2. Forests (some data is simply called forests): Look at the name to know that this is a collection of many directories. Please refer to the relevant information for the exact meaning.

As is well known, windows2000 has a lot of enhancements to the network functions. This diagnostic tool can only be used in a network environment. Domain controllers that are not possible in a single-machine environment. Over. Dcdiag can analyze the state of the domain controller in the forest or "organization" and generate a report that aggregates all the problems obtained through the diagnostic test into itself. When the manager or technical support staff analyzes the problem and troubleshoots it, This is a reference for judgment. DcDiag itself can report problems to end users, and in the program, detailed functions and knowledge about how to identify system abnormalities have been encapsulated.

If DcDiag is understood as a framework, then the framework is composed of a series of tests and checks (for the system). Of course, since it is a test, these tests must be performed in a certain order. The program performs the diagnostic test of the domain controller according to the user's choice. From the scope, the test can be for the organizational unit, the site or a single server, or it can be completely tested for all projects. From the execution method, the test can specify either an item or some unnecessary items. Generally, the following items should be available:

· Connectivity
· Copy
· Topological integrity
· Check NC Head Security Descriptor
· Check login rights
· Get Domain controller location
· Security boundary
· Check task or role.
· Trust relationship verification.

In the previously introduced NetDiag connectivity test tool, there is also a project on trust relationship verification. (Refer to my previous article "Introduction to Connectivity Test Tools")

II. Using Syntax:

dcdiag /s:DomainController [/n:NamingContext] [/u:DomainUsername /p:{* |  Password |  ""}] [{/a |  /e}] [{/q |  /v}] [/i] [/f:LogFile] [/ferr:ErrLog] [/c [/skip:Test]] [/test:Test] [{/h |  /? }]

Parameter Meaning and Description:

/s:DomainController
The primary server used by the domain controller. This is a required parameter and cannot be omitted.

/n:NamingContext
specifies the system to be associated with the test. The domain can specify NetBIOS, DNS or another system.

/u:DomainUsername /p:{* |  Password |  ""}
The prompt symbol when using the trust certificate attached to "domain/username" is actually the display symbol of the password. For example, when we type the password, it usually does not display the password itself, but ** ***symbol. Also used. . . . As a display symbol.

/a
Test all the servers on the site.

/e
Test all servers throughout the plan and ignore the option /a

/q
Print an error message report during the idle time.

/v
Print detailed information report.

/i
Ignore redundant error messages.

/f:LogFile
Change all information reports to the registration file named by LogFile, that is, no longer output the information report to the system default registration file.

/ferr:ErrLog
Changes the fatal error message to a separate registration file named by ErrLog. Similar to the previous one.

/c
Run all test items, including non-default tests. Of course, if you have determined that some projects do not need to be tested, you can use the /skip switch to specify which tests can be skipped. The so-called non-default test refers to the following items:
Topology
Whether the other server shuts down the server
Secure channel output range.