Click for GCCHK download link and official documentation.

The is a quick and dirty command line tool to locate active directory consistency issues. It will pick up missing GUIDs, objects in the GCs that may be lingering.

Usage

    gcchk -gc globalcatalog \[switches\]

Any option that you specify that has spaces or special characters such as &,|,<,>, etc need to be placed within quotes. All options/switches can be specified with either a / or a -. Type gcchk /? for usage.

globalcatalog is the domain controller that you want to look at to compare objects.

Switch/option Purpose Example
-t <timeout> Timeout value for queries. Default is 120 seconds -t 300
-b "<base dn>" Specify a specific subtree to check versus checking all non-writeable NCs of the GC. -b cn=users,dc=child,dc=domain,dc=com
-ps <count> How large the page size should be for the queries. Default page size is 1000 -ps 100

Notes:

Please note that this is pretty inefficient way to check but if you have no other way, it is far better than manually comparing objects. If everything is fine you will simply see a bunch of periods (.) on the screen as it will print a period every 100 or so objects to let you know it is still working. If you get messages, look closely at them before getting concerned something is wrong.

   


Examples

Here is a sample run showing a couple of deleted objects and one truly lingering object:

F:\DEV\cpp\GCChk>gcchk -gc 2k3dc10

GCChk V01.03.00cpp Joe Richards (joe@joeware.net) August 2004

Collecting NCs from partitions container...
Locating DCs for other NCs...
NC: DC=joe,DC=com -- 2k3dc01.joe.com
Skipping local NC DC=child1,DC=joe,DC=com


Checking DC=joe,DC=com

ERROR: GC DN not found ():
CN=SystemMailbox\{BA83FCFF-ECAC-4FE1-8FB1-5095F5A3DAE2\},CN=Microsoft Exchange System Objects,DC=joe,DC=com -- \{8810B662-4198-471A-A88E-C1A3D14A0FE7\} -- (20040824195056.0Z | 20040
824200351.0Z)
Found this:
CN=SystemMailbox\{BA83FCFF-ECAC-4FE1-8FB1-5095F5A3DAE2\}\0ADEL:8810b662-4198-471a-a88e-c1a3d14a0fe7,CN=Deleted Objects,DC=joe,DC=com -- 20040906192400.0Z


ERROR: GC DN not found ():
CN=SystemMailbox\{B81271C8-8AC7-4B63-ACE1-BF95D1A0468B\},CN=Microsoft Exchange System Objects,DC=joe,DC=com -- \{48208EF5-011C-433B-A7C0-6478F5AB9D7D\} -- (20040824195057.0Z | 20040
824200351.0Z)
Found this:
CN=SystemMailbox\{B81271C8-8AC7-4B63-ACE1-BF95D1A0468B\}\0ADEL:48208ef5-011c-433b-a7c0-6478f5ab9d7d,CN=Deleted Objects,DC=joe,DC=com -- 20040906193007.0Z

.....
ERROR: GC DN not found ():
CN=testcmp2,OU=AdModTests2,OU=TestOU,DC=joe,DC=com -- \{AB8DB49F-C849-4BAF-A002-2D6479202BAD\} -- (20040704211202.0Z | 20040711201421.0Z)
Object either moved from NC or Lingering...


Objects Checked : 562
Object Issues : 3
Objects Not Found: 1

The command completed successfully.

 


The lingering object is

ERROR: GC DN not found ():
CN=testcmp2,OU=AdModTests2,OU=TestOU,DC=joe,DC=com -- \{AB8DB49F-C849-4BAF-A002-2D6479202BAD\} -- (20040704211202.0Z | 20040711201421.0Z)
Object either moved from NC or Lingering...
 

It was an object I deleted in a special way such that a tombstone wasn't created so the removal never made it to the GC.