2007~2011/Tools2009. 6. 1. 00:01
DCDiag Tools 를 사용하여 Domain Controller 서비스를 점검하는 방법에 대해서 아래와 같이 정리하였습니다. 다운로드에 앞서 멤버 머신의 운영체제를 확인하셔야 합니다. Windows 2000 Server, Windows Server 2003 에서 제공되는 바이너리가 다르기 때문입니다. 

DCDiag Tools 를 통해 점검하는 서비스 항목은 아래와 같습니다.

Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: RPCLOCATOR
         * Checking Service: w32time
         * Checking Service: TrkWks
         * Checking Service: TrkSvr
         * Checking Service: NETLOGON
         * Checking Service: Dnscache
         * Checking Service: NtFrs


명령어를 수행하는 방법은 아래와 같습니다.

C:\LAIGO> dcdiag /s:LAIGODC /u:laigodc\laigo /p:P@$$w0rd /v


[실행결과]
Domain Controller Diagnosis

Performing initial setup:
   * Connecting to directory service on server LAIGODC.
   * Collecting site info.
   * Identifying all servers.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\LAIGODC
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... LAIGODC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\LAIGODC
      Starting test: Replications
         * Replications Check
         ......................... LAIGODC passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=DSROOT,DC=com
         * Security Permissions Check for
           CN=Configuration,DC=DSROOT,DC=com
         * Security Permissions Check for
           DC=DSROOT,DC=com
         ......................... LAIGODC passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         ......................... LAIGODC passed test NetLogons
      Starting test: Advertising
         Fatal Error:DsGetDcName (LAIGODC) call failed, error 5
         The Locator could not find the server.
         ......................... LAIGODC failed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=LAIGODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DSROOT,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=LAIGODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DSROOT,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=LAIGODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DSROOT,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=LAIGODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DSROOT,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=LAIGODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DSROOT,DC=com
         ......................... LAIGODC passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3103 to 1073741823
         * LAIGODC.DSROOT.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2603 to 3102
         * rIDNextRID: 2585
         * rIDPreviousAllocationPool is 2103 to 2602
         * Warning :There is less than 4% available RIDs in the current pool
         ......................... LAIGODC passed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/LAIGODC.DSROOT.com/DSROOT.com
         * SPN found :LDAP/LAIGODC.DSROOT.com
         * SPN found :LDAP/LAIGODC
         * SPN found :LDAP/LAIGODC.DSROOT.com/DSROOT
         * SPN found :LDAP/d4396fd0-07fb-4496-b64a-a06426f612b0._msdcs.DSROOT.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d4396fd0-07fb-4496-b64a-a06426f612b0/DSROOT.com
         * SPN found :HOST/LAIGODC.DSROOT.com/DSROOT.com
         * SPN found :HOST/LAIGODC.DSROOT.com
         * SPN found :HOST/LAIGODC
         * SPN found :HOST/LAIGODC.DSROOT.com/DSROOT
         * SPN found :GC/LAIGODC.DSROOT.com/DSROOT.com
         ......................... LAIGODC passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: RPCLOCATOR
         * Checking Service: w32time
         * Checking Service: TrkWks
         * Checking Service: TrkSvr
         * Checking Service: NETLOGON
         * Checking Service: Dnscache
            Could not open IISADMIN Service on [LAIGODC]:failed with 1060: 지정된 서비스가 설치된 서비스로는 없습니다.
         * Checking Service: NtFrs
            Could not open SMTPSVC Service on [LAIGODC]:failed with 1060: 지정된 서비스가 설치된 서비스로는 없습니다.
         ......................... LAIGODC failed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         LAIGODC is in domain DC=DSROOT,DC=com
         Checking for CN=LAIGODC,OU=Domain Controllers,DC=DSROOT,DC=com in domain DC=DSROOT,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=LAIGODC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DSROOT,DC=com in domain CN=Configuration,DC=DSROOT,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... LAIGODC passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service Event log test
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         ......................... LAIGODC passed test frssysvol
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... LAIGODC passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... LAIGODC passed test systemlog
   
   Running enterprise tests on : DSROOT.com
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided. 
         ......................... DSROOT.com passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\LAIGODC.DSROOT.com
         Locator Flags: 0xe00001fd
         PDC Name: \\LAIGODC.DSROOT.com
         Locator Flags: 0xe00001fd
         Time Server Name: \\LAIGODC.DSROOT.com
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\LAIGODC.DSROOT.com
         Locator Flags: 0xe00001fd
         KDC Name: \\LAIGODC.DSROOT.com
         Locator Flags: 0xe00001fd
         ......................... DSROOT.com passed test FsmoCheck



[참고자료]
Windows Server 2003 Service Pack 2 32-bit Support Tools 

Windows 2000 Support Tools: DCDiag.exe Utility Update

Domain Controller Diagnostics Tool (dcdiag.exe)


작성자 : Lai Go / 작성일자 : 2009.05.22
Posted by Lai Go