one. Function Introduction
Dcdiag.exe is a domain controller diagnostic tool. Before explaining this tool, you must first explain some concepts. Domain: Simply put, a network is composed of domains. It is a centralized management unit for data security. It has a unique name. The domain can define security boundaries in the Active Directory. The domain was originally created in Windows NT, and CW2KP is still inherited. 2. Forests (some data is simply called forests): Look at the name to know that this is a collection of many directories. Please refer to the relevant information for the exact meaning.
As is well known, windows2000 has a lot of enhancements to the network functions. This diagnostic tool can only be used in a network environment. Domain controllers that are not possible in a single-machine environment. Over. Dcdiag can analyze the state of the domain controller in the forest or "organization" and generate a report that aggregates all the problems obtained through the diagnostic test into itself. When the manager or technical support staff analyzes the problem and troubleshoots it, This is a reference for judgment. DcDiag itself can report problems to end users, and in the program, detailed functions and knowledge about how to identify system abnormalities have been encapsulated.
If DcDiag is understood as a framework, then the framework is composed of a series of tests and checks (for the system). Of course, since it is a test, these tests must be performed in a certain order. The program performs the diagnostic test of the domain controller according to the user's choice. From the scope, the test can be for the organizational unit, the site or a single server, or it can be completely tested for all projects. From the execution method, the test can specify either an item or some unnecessary items. Generally, the following items should be available:
· Connectivity
· Copy
· Topological integrity
· Check NC Head Security Descriptor
· Check login rights
· Get Domain controller location
· Security boundary
· Check task or role.
· Trust relationship verification.
In the previously introduced NetDiag connectivity test tool, there is also a project on trust relationship verification. (Refer to my previous article "Introduction to Connectivity Test Tools")
II. Using Syntax:
dcdiag /s:DomainController [/n:NamingContext] [/u:DomainUsername /p:{* |
Password |
""}] [{/a |
/e}] [{/q |
/v}] [/i] [/f:LogFile] [/ferr:ErrLog] [/c [/skip:Test]] [/test:Test] [{/h |
/? }]
Parameter Meaning and Description:
/s:DomainController
The primary server used by the domain controller. This is a required parameter and cannot be omitted.
/n:NamingContext
specifies the system to be associated with the test. The domain can specify NetBIOS, DNS or another system.
/u:DomainUsername /p:{* |
Password |
""}
The prompt symbol when using the trust certificate attached to "domain/username" is actually the display symbol of the password. For example, when we type the password, it usually does not display the password itself, but ** ***symbol. Also used. . . . As a display symbol.
/a
Test all the servers on the site.
/e
Test all servers throughout the plan and ignore the option /a
/q
Print an error message report during the idle time.
/v
Print detailed information report.
/i
Ignore redundant error messages.
/f:LogFile
Change all information reports to the registration file named by LogFile, that is, no longer output the information report to the system default registration file.
/ferr:ErrLog
Changes the fatal error message to a separate registration file named by ErrLog. Similar to the previous one.
/c
Run all test items, including non-default tests. Of course, if you have determined that some projects do not need to be tested, you can use the /skip switch to specify which tests can be skipped. The so-called non-default test refers to the following items:
Topology
Whether the other server shuts down the server
Secure channel output range.
Users who have used Windows XP know that there is a very intimate and practical function in Windows
In the Active Directory domain of Windows 2000 and Windows 2003, we can only apply a password policy
The default installation of Windows Server 2008 is to use the system default Administrator system su
(continued) Online revocation service is a new component introduced in Windows Server 2008. Is a Mic
Problems and solutions for Win2000 terminal
Explanation of several problems of Win2000 diagnostic tool
Customize Windows 2008 to make it suitable for everyday use
Remote How to Enable Win 2003 Desktop
Win2008 IIS7 does not display verification code solution!
Windows 2000 boot memory 40M secret technology open
Complete non-destructive conversion of NTFS to FAT with PM 8.0
Win2000 system security countermeasures
Windows Server 2008 Server System Data Security
Let's talk about ADSL sharing under Win 2003 and Win XP platform.
Win7 market share breaks the sum of 5Vista in the first 4 months
Ideapad Flex 14/15 Win8 system ALS smart sensitization function shutdown method
Win7 set password: how to set the computer power-on password
Win8 system slimming Omni-directional Win8 system optimization skills
Windows XP system users how to protect shared folders
Solve the "data invalid" error in the driver installation under Win8/8.1
Win7 tool application diversification
Win10 does not provide messaging applications when it is released
WPS Document Encrypted Graphic Steps Teaching
How to use U disk /mobile hard disk to install EFI boot mode win8.1 system