Troubleshoot Domain Controllers with Dcdiag.exe

Courtesy of Leon Brooks via

Dcdiag is an often overlooked tool that can discover problems in a domain controller’s configuration.  If client computers can’t locate a domain controller or if domain controllers can’t replicate Active Directory, you can run tests with Dcdiag to look for a solution.

Dcdiag checks critical domain controller functionality with tests for connectivity, DNS, AD replication, and SYSVOL replication and tests that check the Flexible Single Master Operation Role holders on the network. Since DNS is such a critical service for Active Directory, Dcdiag includes six advanced DNS tests. Most tests run automatically by default. To skip an unnecessary test use /skip:<Test>. You can send Dcdiag test results to a text file with /f:<LogFile>. The verbose parameter (/v) gives more detailed test results and can be used in combination with the /f switch.

You run Dcdiag from an elevated command prompt window – that is, running with administrative rights. Right-click the command prompt in the start menu and choose “run as administrator”. Domain controllers and servers running the AD LDS Role as well as computers that have RSAT (Remote Server Administration Tools) have Dcdiag. You can run it locally or against remote computers with the /s:<DomainController> parameter, such as Dcdiag / To run Dcdiag against all domain controller servers in an Active Directory site use /a or use /e for all servers in the enterprise.

To run Dcdiag on Windows 7 download the RSAT tools from Microsoft at:

Related Course:

Configuring, Managing, and Maintaining Server 2008 R2 (M6419)

In this article

Join the Conversation