Directory Server Diagnostics Test

Domain controllers are the backbone of a Windows network. If your domain controllers are not working then the Active Directory does not work either. If the Active Directory does not work, then users cannot log on, group policies cannot be enforced, and a whole slew of other features become unavailable. To enable administrators to quickly detect and troubleshoot issues with the domain controller before they affect the operations of the AD server, Windows ships with a specialized tool called the Domain Controller Diagnostic (DCDIAG) Utility. dcdiag is a command-line tool that encapsulates detailed knowledge of how to identify abnormal behavior in the system. The tool analyzes the state of one or all domain controllers in a forest and reports any problems to assist in troubleshooting. It consists of a framework for executing tests and a series of tests to verify different functional areas of the system - eg., replication errors, domain controller connectivity, permissions, proper roles, etc.

Using the Directory Server Diagnostics test, the eG Enterprise leverages the dcdiag utility's ability to report on a wide variety of health parameters related to the domain controller. This ensures that even the smallest of aberrations in the performance of the domain controller is captured and promptly brought to the attention of the administrators. The Directory Server Diagnostics test executes the DCDIAG command at configured intervals, and based on the output of the command, discovers the DCDIAG health checks that were performed, and the current status of each check - whether it reported a success or an error. In case the check resulted in an error/failure, you can use the detailed diagnosis of the test to understand the reason for the same, so that troubleshooting is easier!

Note:

For this test to run, the DCDIAG.exe should be available in the <WINDOWS_INSTALL_dir>\windows\system32 directory of the AD server to be monitored. The DCDIAG utility ships with the Windows Server 2012 Support Tools and is built into Windows 2012 R2 and Windows Server 2012. This utility may hence not be available in older versions of the Windows operating sytem. When monitoring the AD server on such Windows hosts, this test will run only if the DCDIAG.exe is copied from the <WINDOWS_INSTALL_dir>\windows\system32 directory on any Windows 2012 (or higher) host in the environment to the same directory on the target host.

Target of the test : An Active Directory or Domain Controller on Windows 2012 or above

Agent deploying the test : An internal agent

Outputs of the test : One set of results for every DCDIAG health check that was performed

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.

Host

The IP address of the machine where the Active Directory is installed.

Port

The port number through which the Active Directory communicates. The default port number is 389.

Domain, Username, Password, and Confirm password

In order to execute the DCDIAG command, the eG agent has to be configured with a domain administrator's privileges. Therefore, specify the domain name and login credentials of the domain administrator in the Domain, Username and Password text boxes. Confirm the password you provide by retyping it in the confirm password text box.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Status

Indicates the status of this DCDIAG health check.

 

If the health check returns a positive result, the value of this measure will be Pass. If not, the value of this measure will be Fail. The numeric values that correspond to these measure values have been discussed in the table below:

Measure Value Numeric Value
Pass 1
Fail 0

Note:

By default, the measure reports the Measure Values listed in the table above to indicate the status of a DCDIAG health check. However, in the graph of this measure, the same will be represented using the numeric equivalents only.

If the measure reports the value Fail, you can use the detailed diagnosis of this measure to know the reason for the failure and the domain controller where the failure occurred. This eases the pain involved in troubleshooting problem conditions.