JSI Tip 9768. DCDIAG.EXE improvements in Windows Server 2003 SP1.

DCDIAG.EXE, from the Windows Server 2003 SP1 Support Tools, has two major improvements:

The /TEST:DNS switch to validate DNS health of domain controllers.

The /TEST:CheckSecurityError to detect security configurations that can cause Active Directory replication to fail.

When you type DCDiag /?, the relevant section of the displayed help is:

       CheckSecurityError  - Locates security errors (or those possibly security related)
                and performs the initial diagnosis of the problem.
                Optional Arguments:
                /ReplSource: to target a specific source,
                regardless of it's error status.  Need not be a current partner.

       DNS  - This test checks the health of DNS settings
                for the whole enterprise. Sub tests can be run individually
                using the switches below. By default, all tests except
                external name resolution are run)
                /DnsBasic (basic tests, can't be skipped)
                /DnsForwarders (forwarders and root hints tests)
                /DnsDelegation (delegations tests)
                /DnsDynamicUpdate (dynamic update tests)
                /DnsRecordRegistration (records registration tests)
                /DnsResolveExtName (external name resolution test)
                /DnsAll (includes all tests above)
                /DnsInternetName:  (for test /DnsResolveExtName)
                         (default is www.microsoft.com)
NOTE: If you run DCDiag.exe from your workstation, you need the /s: or /n: switch:
   /s: Use  as Home Server.
   /n: Use  as the Naming Context to test

Sample Usage:

DCDiag /s:JSI001 /test:dns

DCDiag /n:JSIINC.COM /test:dns

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.