Join Mike Pfeiffer for an in-depth discussion in this video Verify Active Directory health, part of Exchange Server 2010: Designing and Implementing.
- Exchange 2010 is so tightly integrated with Active Directory that even the slightest AD issue will cause all kinds of Exchange problems. So it's important that one of the first things you do is check the health of Active Directory. I'm logged into this Windows 7 box right now. I'm logged in with the administrator account. So this is the domain administrator. He's got domain admin rights. He's got enterprise admin rights. And I've got the administration tools. These are installed. I added these to this box. So, I could do this from this machine, or domain controller or whatever. But really what I want to do is go into the command prompt here, and use some of these command line utilities that get installed along with the administration tools.
And the first one is Dcdiag. This will actually check the health of your domain controllers. I'm gonna use the slash e option here to do a scan on the domain controllers throughout the entire forest. So this will scan everything. So, in a larger environment, this might take some time. You can do a slash a if you just want to do the local site. Following that, since I'm not on a domain controller right now, I'll do a slash s, and tell it that I want this tool to run against DC1 initially. And when I hit enter, you're gonna see it run a series of checks here.
So it's gonna do all kinds of things. So this one's still running. And finally it's gone through and it looked like everything pretty much passed. But I scroll back up to the top here. My connectivity tests look good. When I scroll down all of this output, most everything has passed. So it passed here. Passed here. I can keep scrolling down. And if I have a lot of domain controllers, you know, this could take time, not only to let it run, but to also go through all of this output. But this all looks good. But a better way than kinda just scrolling through this list and kinda checking this, is to output all of this data to an external file.
So, let me clear this out and run it one more time. Gonna up arrow back to my previous command. I'll just use the old redirection operator to send it out to a file called dcdiag.txt. So this way, I'll run the checks, output the information to this text file, then I can just do a search in that file using either Notepad or any other text editor of my choice. So, that's done. And now, let's see dcdiag.txt. So the same information as before, but now I can do like a control f and I can look for errors, or I can look for the word fail, probably.
It would be another likely word that I'd be looking for. So, basically, that's just a way for me to go through and do that and a quicker method than trying to sit there in the command prompt and view all of this information. So that all looks good. The next thing that I want to do is I want to check my replication health. So I'm gonna clear this. Repadmin is another utility that's installed along with the adminstration tools. And what you want to do is run Repadmin slash replsummary. And then use an asterisk here as a wildcard.
Could take awhile again with a large environment. But here what we're looking for is any failures. So, no failures. So that's good. And if theres any errors, those would be reported under these columns here as well for each site, or each server. So this output is completely clean. I don't have any replication issues. But if I did, here would be important for me to stop, go through my Active Directory environment, or get with my AD people and make sure this is all clean and servers are all talking. So the last thing that we want to do is run another tool. Let me clear this screen. The last tool is DNSLint.
And if you look at some of the documentation, you might just try to run this. You'll get an error that it's not found. Unlike Dcdiag and Repadmin, this tool was not installed along with the administration tools. And so what you want to do is, you want to go out to the Internet. I've got a favorite right now for this KB article that's out there on the Microsoft support site. It's coming up now. But a description of the DNSLint utility, it's KB article 321045.
But the good thing here is it's got a download link for the DNSLint.exe package. So you download this .exe, you extract the utility to a folder. And I put this out on my C drive, right here. And it's just a command line utility. So once I've downloaded and extracted it, I can now run that command from here, DNSLint. And the syntax for this one would be slash ad to specify a domain controller IP address. I'll use DC1 in my environment. The IP address for that.
Then I'll do a slash s. And again I need to give it an IP address of a DNS server. So I'm just gonna use the same server in both cases here. So this utility outputs a very useful HTML-based report. I'm getting an error here because I didn't switch into the DNSLint folder. Up arrow again. So here's our HTML report. And this is color-coded to show you warnings and errors. So right now this looks good. So it ran and checked the DNS on DC1 and DC2.
Checked the DNS records for those. Right now, everything looks like it's passed. Everything looks good. If you scroll down to the bottom here, you'll see that there's these legends. So, of course, red is for errors. Yellow is for warnings. So in the output of this report, those will be reflected here. And, as we spoke about earlier, you definitely want to make sure that this comes back clean. There's no errors in DNS. There's no replication issues, and that your DC's services all report successful back from Dcdiag. That will get you all set up for the next step of preparing Active Directory for Exchange.