Procedimiento para comprobar la salud de nuestro servicio DNS del AD.
Verificará todos los servers que son servidores DNS de nuestro dominio.
Un primer test lo podríamos hacer con el comando DCDIAC con el que tendríamos una primera visión previa y rápida, en el caso de tener problemas críticos los veríamos rápidamente, no es un test muy completo.
Una buena opción podría ser dcdiag /test:registerindns /dnsdomain:midominio.local /v
Una buena opción podría ser dcdiag /test:registerindns /dnsdomain:midominio.local /v
Para profundizar en la salud de nuestro AD y en este caso nuestros DNS deberíamos probar el siguiente comando:
DCDIAG /test:DNS /DNSALL /e /v
Con este test que nos salga bastante más información que con test anterior. Para poder centrarnos en los datos lo mejor es que la salida vaya a un txt y luego revisarlo “DCDIAG /test:DNS /DNSALL /e /v > resultadoTest”.
Entre otras cosas obtendremos la configuración TCP/IP de nuestros servidores, la MacAddress, que servicios críticos del AD que tiene arrancados, donde reenvían sus consultas DNS, contra quien sincronizan, etc …
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine DCSRV, is a DC.
* Connecting to directory service on server DCSRV.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 16 DC(s). Testing 16 of them.
Done gathering initial info.
Ejemplo del resultado de la ejecución de este comando:
Cuando está OK:
Doing initial required tests
Testing server: OU\Servidor
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... Servidor passed test Connectivity
Cuando NO está OK:
Testing server: OU\Servidor2
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
The clock difference between the home server ServidorPrincipal and target server
Servidor2 is greater than one minute. This may cause Kerberos
authentication failures. Please check that the time service is working
properly. You may need to resynchonize the time between these servers.
......................... Servidor2 passed test Connectivity
Continuamos con el Test….
Doing primary tests
Testing server: OU\Servidor1
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseRefere
Es normal que nos salga “Test omitted by user request”
Ahora viene cuando nos muestra la información más detallada:
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DOMINIO
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : DOMINIO.local
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: SERVIDOR1.DOMINIO.local
Domain: DOMINIO.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] HP Network Teaming Virtual Miniport Driver:
MAC address is 00:08:02:xx:xx:xx
IP address is static
IP address: 172.X.X.X
DNS servers:
172.X.X.X (<name unavailable>) [Valid]
172.X.X.X (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
172.X.X.X (<name unavailable>) [Valid]
212.36.X.X (<name unavailable>) [Valid]
80.58.X.X (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone dominio.local.
Test record _dcdiag_test_record added successfully in zone DOMINIO.local.
Test record _dcdiag_test_record deleted successfully in zone DOMINIIO.local.
TEST: Records registration (RReg)
Network Adapter [00000007] HP Network Teaming Virtual Miniport Driver:
Matching A record found at DNS server 172.X.X.X:
SERVIDOR.DOMINIO.local
Matching CNAME record found at DNS server 172.x.x.x:
42aba921-dc7f-421d-97e9-942e1b91b2b1._msdcs.DOMINIO.local
Matching DC SRV record found at DNS server 172.x.x.x:
_ldap._tcp.dc._msdcs.DOMINIO.local
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Al final nos hace un cuadro de todos los test pasados y su resultado.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________
Domain: Dominio.local
Server1 PASS PASS PASS PASS PASS PASS PASS
Server2 PASS PASS PASS PASS PASS PASS PASS
Server3 PASS WARN PASS PASS PASS PASS FAIL
Server4 PASS PASS PASS PASS PASS PASS PASS
Server5 PASS PASS PASS PASS PASS PASS PASS
Server6 PASS PASS PASS PASS PASS PASS PASS
Server7 PASS PASS PASS PASS PASS PASS PASS
Server8 PASS PASS PASS PASS PASS PASS PASS
Server9 PASS PASS PASS PASS PASS PASS PASS
Server10 PASS PASS PASS PASS PASS PASS PASS
Server11 PASS WARN PASS PASS PASS PASS PASS
Server12 PASS PASS PASS PASS PASS PASS PASS
Server13 PASS PASS PASS PASS PASS PASS PASS
Server14 PASS PASS PASS PASS PASS PASS PASS
Server15 PASS PASS PASS PASS PASS PASS PASS
Server16 PASS PASS PASS PASS PASS PASS PASS
Ref Microsoft: http://technet.microsoft.com/en-us/library/cc776854%28WS.10%29.aspx
Otros comandos útilies:
repadmin /replsum -> Sabremos si hay errores de remplicación entre DC
repadmin /failcache * -> Nos ayuda a ver errores de replicación entre DC
repadmin /showbackup -> Vemos si están igual de actualizada la DDBB de los DC
Para verificar que todo esté correcto:
https://technet.microsoft.com/en-us/library/cc770432.aspx
Gon Rev v3. Dic2015
No hay comentarios:
Publicar un comentario