The /TEST:DNS switch to validate DNS health of domain controllers.
The /TEST:CheckSecurityError to detect security configurations that can cause Active Directory replication to fail.
When you type DCDiag /?, the relevant section of the displayed help is:
CheckSecurityError - Locates security errors (or those possibly security related)
and performs the initial diagnosis of the problem.
Optional Arguments:
/ReplSource: to target a specific source,
regardless of it's error status. Need not be a current partner.
DNS - This test checks the health of DNS settings
for the whole enterprise. Sub tests can be run individually
using the switches below. By default, all tests except
external name resolution are run)
/DnsBasic (basic tests, can't be skipped)
/DnsForwarders (forwarders and root hints tests)
/DnsDelegation (delegations tests)
/DnsDynamicUpdate (dynamic update tests)
/DnsRecordRegistration (records registration tests)
/DnsResolveExtName (external name resolution test)
/DnsAll (includes all tests above)
/DnsInternetName: (for test /DnsResolveExtName)
(default is www.microsoft.com)
NOTE: If you run
DCDiag.exe from your workstation,
you need the
/s: or
/n: switch:
/s: Use as Home Server.
/n: Use as the Naming Context to test
