, from the
Windows Server 2003 SP1 Support Tools
, has two major improvements:
/TEST:DNS switch to validate DNS health of domain controllers.
/TEST:CheckSecurityError to detect security configurations that can cause Active Directory replication to fail.
When you type
DCDiag /?, the relevant section of the displayed help is: CheckSecurityError - Locates security errors (or those possibly security related) and performs the initial diagnosis of the problem. Optional Arguments: /ReplSource: to target a specific source, regardless of it's error status. Need not be a current partner. DNS - This test checks the health of DNS settings for the whole enterprise. Sub tests can be run individually using the switches below. By default, all tests except external name resolution are run) /DnsBasic (basic tests, can't be skipped) /DnsForwarders (forwarders and root hints tests) /DnsDelegation (delegations tests) /DnsDynamicUpdate (dynamic update tests) /DnsRecordRegistration (records registration tests) /DnsResolveExtName (external name resolution test) /DnsAll (includes all tests above) /DnsInternetName: (for test /DnsResolveExtName) (default is www.microsoft.com) NOTE:
If you run
from your workstation, you need the
/s: Use as Home Server. /n: Use as the Naming Context to test Sample Usage: DCDiag /s:JSI001 /test:dns
DCDiag /n:JSIINC.COM /test:dns