A. Win2K includes several new services and components that administrators need to work with, but Microsoft's white papers and other technical documents lack strong coverage of these new elements. The OS's support tools (which you can find under \i386\support on the Win2K Server CD-ROM) and the Win2K resource kits provide a somewhat anemic set of utilities, which includes the following:
- Dcdiag.exe—a command-line utility that tests Win2K domain controller (DC) health.
- Dsastat.exe—a command-line utility that compares two directory trees or GCs and detects differences. You can use this tool to ensure that DCs and GCs are synchronized.
- Replmon.exe—a GUI-based utility that tests low-level Active Directory (AD) replication status. You can use this tool to view replication topology and to force directory synchronization.
- Repadmin.exe—a command-line utility that you can use to view AD replication topology, to force replication, and to modify replication topology manually.
- Nltest.exe—a command-line utility that tests the status of trust-relationship links for Win2K and NT networks. You can use this tool to repair such links.
- Dnscmd.exe—a command-line utility that monitors and manages Win2K DNS servers.
Although these tools collectively provide the ability to monitor most basic Win2K network functionality, they aren't intuitive or user-friendly. A better tool is NetIQ's ADcheck, which provides Win2K diagnostics tools in five essential categories:
- Test Domain Controllers—checks DC availability, validates DNS records (e.g., service resource records—SRV RRs), and binds to DC to verify AD status
- List Domain Controllers—lists all DCs along with each DC's name, availability, Active Directory Service Interfaces (ADSI) scripting location, and site location
- List Operations Masters—lists FSMO role holders, compares them with an internal best practices list, and recommends changes when necessary
- Test Replication—performs domain replication topology checks and displays diagnostic information about replication partners
- Show Domain Controller Status—provides DC status summaries, including replication errors and partners, AD site analysis, and charts that show recommended DC placement changes
You can download ADcheck. (Figure 1 shows the tool's interface.) The tool can generate detailed reports that show current problems and potential trouble spots. No Win2K network administrator should be without this free tool.
You can also purchase more sophisticated and full-featured Win2K or AD network-monitoring tools. Take a look at NetPro's DirectoryAnalyzer, NetIQ's AppManager or Operations Manager, Heroix's RoboMon, and Opalis Software's Opalis EventMonitor or OpalisRobot. For more monitoring advice, see "Monitoring Your AD-Enabled Network," Windows 2000 Magazine, September 2000.
Figure 1: ADcheck's UI