The following list of tools and scripts could be in use if you need to do an Active Directory (AD) Health Check, or if you simply would like to know more about your network infrastructure.
Of course, this is not a full list, but I think this is a most important and … Feel free to send me an email or put a comment if you know addition tool or script.
- Server documentation using SYDI-Server scripts
- MS Baseline Security Analyzer
- Performance Analysis the PAL tool (lets you script and start the counters)
|Active Directory Topology Diagrammer||Map out current AD topology, including domains, sites and OUs||Microsoft Downloads||Three Visio files||Requires Visio to be installed on the scanning computer.|
|Microsoft IT Environment Health Scanner||General health status of AD||Microsoft Downloads||HTML report||Running scan requires server subnets and internal firewall IP address|
|DNSLINT||Assess AD-integrated DNS||Windows Server Support Tools||HTML report||Dnslint /ad /s [ip address of DC]|
|DCDIAG||Diagnose domain controller health||Windows Server Support Tools||Text file||dcdiag /v /c /d /e /s:domain.net > c:\dcdiag.log|
|NETDIAG||Diagnose problems with network services||Windows Server Support Tools||Text file||netdiag.exe /v > c:\netdiag.log|
|REPADMIN||Examine site replication links||Windows Server Support Tools||Text file||repadmin.exe /showrepl [dc name] /verbose /all /intersite > c:\repl.txt (run separately for each DC)
Not a tool but from Microsoft is the Security Compliance Manager helps to document and harden DCs by applying GPOs: