The following list  of tools and scripts could be in use if you need to do an Active Directory (AD) Health Check, or if you simply would like to know more about your network infrastructure.

Of course, this is not a full list, but I think this is a most important and … Feel free to send me an email or put a comment if you know addition tool or script.

Tool Purpose Installation Source Output Details
Active Directory Topology Diagrammer Map out current AD topology, including domains, sites and OUs Microsoft Downloads Three Visio files Requires Visio to be installed on the scanning computer.
Microsoft IT Environment Health Scanner General health status of AD Microsoft Downloads HTML report Running scan requires server subnets and internal firewall  IP address
DNSLINT Assess AD-integrated DNS Windows Server Support Tools HTML report Dnslint /ad /s [ip address of DC]
DCDIAG Diagnose domain controller health Windows Server Support Tools Text file dcdiag /v /c /d /e /s:domain.net > c:\dcdiag.log
NETDIAG Diagnose problems with network services Windows Server Support Tools Text file netdiag.exe /v > c:\netdiag.log
REPADMIN Examine site replication links Windows Server Support Tools Text file repadmin.exe /showrepl [dc name] /verbose /all /intersite > c:\repl.txt (run separately for each DC)

 

Not a tool but from Microsoft is the Security Compliance Manager helps to document and harden DCs by applying GPOs:

http://technet.microsoft.com/en-us/library/cc677002.aspx

#

No responses yet

Leave a Reply