Commands that are used when doing AD system health inspections. For example, to count the number of users in user, as long as the data is not a whole category, and how many computer and other commands are counted, I wrote a few here. I came down and met in the back
1.FSMO role :
Command: netdom query fsmo
2. Domains in the forest (a) :
Command: same
3. Forest and domain functional level commands: systeminfo
View version of Windowsserver2008r2
4. Number of sites
Command: dsquery site
5. Number of sites deployed with domain controllers
Command: dsquery server
6. The operating system that the domain controller runs ( 16 ): systeminfo
7.AD database objects statistics -users ( 30 days without login) (This is not right, I did not get out)
(get-aduser -filter *).count counts all
Plus dsquery user -inactive 4
8. Count the total number of computers: (get-adcomputer -filter *).count
9. The total number of statistical groups: (get-adgroup -filter *).count
10. The command to count the number of ou: (get-adOrganizationalunit -filter *).count
11. Command to count GPO: (get-gpo -all).count
12. Command for statistics dnsnode : get-dnsserverstatistics -zonename "hzz.com"
13. The AD database objects statistics -DnsZones: This can be in the dns view in
14. Normal state DCs : all logins are successful
15. The service that is configured to start automatically: just the following
16. 1. Normal registration of DNS SRV records: below
Nslookup
Set type=srv
_ldap._tcp.dc._msdcs. crbcoa.com
17. Normal sharing of SYSVOL: dcdiag
18. The configuration of Sites and Subnet is normal
The following "Active Directory Sites and Services" window appears, expand "Site"-expand your site, the default is "Default-First-Site-Name"-expand "Servers"-expand your installed domain controllers-view domain controllers Whether there are sub-objects under, such as NTDS Settings
2. Verify whether the "Domain Controller" container exists in the AD user and computer
1) 打开“Start”—“Administrative Tools”—“Active Directory Users and Computers”
2) Expand the domain name, check whether there is a Domain Controller container, and whether there is an installed domain controller in the container, and whether the domain controller is in the correct site
3. Verify that the default container exists
19. The trust relationship between domains is normal: dcdiag
20. The FSMO ROLE of AD is online normally: dcdiag /s:<Domain Controller Name> /test:KnowsOfRoleHolders /v
21. Domain security status check (account policy, local policy, event log): gpresult /r
22. GPO is normally accessed and applied to the client: gpresult /r
23. Normal replication between DCs: 1.repadmin /syncall /force 2.dcdiag
24. The DNS server is running normally: dcdiag /test:dns
25. Application log key error record:
Domain security status check (account policy, local policy, event log):
Command to open event viewer: eventvwr
.
Mainly check the following two
Command to open windows service: services.msc
Command to open Group Policy Management: gpedit.msc
eventvwr.msc can also directly enter the "Event Viewer" in the "Event Viewer"
Count the users who haven't logged in for 30 days in the ad
(search-adaccount -usersonly -accountInactive -timespan 30).count
Count the prohibited commands in the ad domain:
(search-adaccount -accountdisabled).count
Command to view the site: dsquery site
Command to count the site: (dsquery site).count
Update time 2020/10/13