Domain Controller Diagnosis
Performing initial setup: 初始化安装:
* Verifying that the local machine test-w301, is a DC. 检验目标主机test-w301,是一台DC
* Connecting to directory service on server test-w301. 连接test-w301的目录服务
* Collecting site info. 收集站点信息
* Identifying all servers. 识别所有服务器
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them. 找到两台DC,并检测其中一台
Done gathering initial info. 完成初始化信息收集
Doing initial required tests执行初始化测试
Testing server: Default-First-Site-Name\TEST-W301 测试服务器:Default-First-Site-Name\TEST-W301
Starting test: Connectivity 开始测试:连通性
* Active Directory LDAP Services Check 活动目录LDAP服务检测
* Active Directory RPC Services Check 活动目录RPC服务检测
......................... TEST-W301 passed test Connectivity TEST-W301连通性检测通过
Doing primary tests 执行主要测试
Testing server: Default-First-Site-Name\TEST-W301测试服务器:Default-First-Site-Name\TEST-W301
Starting test: Replications开始测试:复制
* Replications Check复制检测
* Replication Latency Check潜在性复制检测
* Replication Site Latency Check
......................... TEST-W301 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC TEST-W301.
* Security Permissions Check for
DC=ForestDnsZones,DC=test,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=test,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=test,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=test,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=test,DC=com
(Domain,Version 2)
......................... TEST-W301 passed test NCSecDesc
Starting test: NetLogons开始测试:网络登录
* Network Logons Privileges Check网络登录检测
Verified share \\TEST-W301\netlogon
Verified share \\TEST-W301\sysvol
......................... TEST-W301 passed test NetLogons TEST-W301通过网络登录测试
Starting test: Advertising开始测试:宣告
The DC TEST-W301 is advertising itself as a DC and having a DS.域控制器宣告自己是一台域控制器同时拥有目录服
The DC TEST-W301 is advertising as an LDAP server域控制器宣告是一台LDAP服务器
The DC TEST-W301 is advertising as having a writeable directory域控制器宣告拥有可写的目录
The DC TEST-W301 is advertising as a Key Distribution Center域控制器宣告自己是一台密钥分发中心(KDC)
The DC TEST-W301 is advertising as a time server域控制器宣告自己是一台时间服务器
The DS TEST-W301 is advertising as a GC. 域控制器宣告自己是一台全局编录服务器
......................... TEST-W301 passed test Advertising TEST-W301通过宣告测试
Starting test: KnowsOfRoleHolders开始测试:角色分配
Role Schema Owner = CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
架构主机角色
Role Domain Owner = CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
域命名角色
Role PDC Owner = CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
PDC主机角色
Role Rid Owner = CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
Rid主机角色
Role Infrastructure Update Owner = CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com
结构主机角色
......................... TEST-W301 passed test KnowsOfRoleHolders TEST-W301通过角色分配测试
Starting test: RidManager开始测试:Rid管理
* Available RID Pool for the Domain is 2103 to 1073741823 域控制器可用的RID地址池从2103至1073741823
* test-w301.test.com is the RID Master test-w301.test.com为RID主机
* DsBind with RID Master was successful 与RID主机绑定成功
* rIDAllocationPool is 1103 to 1602 RID分配地址池从1103至1602
* rIDPreviousAllocationPool is 1103 to 1602 RID之前分配池从1103至1602
* rIDNextRID: 1107 RID下一个分配地址是1107
......................... TEST-W301 passed test RidManager TEST-W301通过RID管理测试
Starting test: MachineAccount开始测试:机器帐户
Checking machine account for DC TEST-W301 on DC TEST-W301.
* SPN found :LDAP/test-w301.test.com/test.com
* SPN found :LDAP/test-w301.test.com
* SPN found :LDAP/TEST-W301
* SPN found :LDAP/test-w301.test.com/TEST
* SPN found :LDAP/798338cd-9c44-4051-a1c2-2ff3e45dd480._msdcs.test.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/798338cd-9c44-4051-a1c2-2ff3e45dd480/test.com
* SPN found :HOST/test-w301.test.com/test.com
* SPN found :HOST/test-w301.test.com
* SPN found :HOST/TEST-W301
* SPN found :HOST/test-w301.test.com/TEST
* SPN found :GC/test-w301.test.com/test.com
......................... TEST-W301 passed test MachineAccount TEST-W301通过机器帐户测试
Starting test: Services开始测试:服务
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... TEST-W301 passed test Services TEST-W301通过服务测试
Test omitted by user request: OutboundSecureChannels测试用户请求:对外安全通道
Starting test: ObjectsReplicated 开始测试:对象复制
TEST-W301 is in domain DC=test,DC=com
Checking for CN=TEST-W301,OU=Domain Controllers,DC=test,DC=com in domain DC=test,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com in domain
CN=Configuration,DC=test,DC=com on 1 servers
Object is up-to-date on all servers.
以上二项检测域中是否存在TEST-W301的信息,并且是否与所有的服务器进行同步
......................... TEST-W301 passed test ObjectsReplicated TEST-W301通过对象复制测试
Starting test: frssysvol开始测试:SYSVOL目录的文件复制服务
* The File Replication Service SYSVOL ready test SYSVOL目录的文件复制服务准备测试
File Replication Service's SYSVOL is ready SYSVOL目录的文件复制服务准备就绪
......................... TEST-W301 passed test frssysvol TEST-W301通过SYSVOL目录的文件复制服务测试
Starting test: frsevent开始测试:文件复制服务的日志
* The File Replication Service Event log test 文件复制服务的日志测试
......................... TEST-W301 passed test frsevent TEST-W301通过文件复制服务的日志测试
Starting test: kccevent开始测试:KCC日志
* The KCC Event log test KCC日志测试
Found no KCC errors in Directory Service Event log in the last 15 minutes.15分钟之内在目录服务日志中未发现KCC错误
......................... TEST-W301 passed test kccevent TEST-W301通过KCC日志测试
Starting test: systemlog 开始测试:系统日志
* The System Event log test 系统日志测试
Found no errors in System Event log in the last 60 minutes. 60分钟内在系统日志中未发现错误
......................... TEST-W301 passed test systemlog TEST-W301通过系统日志测试
Test omitted by user request: VerifyReplicas 忽略用户请求:复制校验
Starting test: VerifyReferences 开始测试:校验参考
The system object reference (serverReference) CN=TEST-W301,OU=Domain Controllers,DC=test,DC=com and backlink on CN=TEST-
W301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=com are correct.
系统对象参考(服务器参考)
The system object reference (frsComputerReferenceBL) CN=TEST-W301,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=test,DC=com and backlink on CN=TEST-W301,OU=Domain Controllers,DC=test,DC=com are correct.
The system object reference (serverReferenceBL) CN=TEST-W301,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=test,DC=com and backlink on CN=NTDS Settings,CN=TEST-W301,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=test,DC=com are correct.
......................... TEST-W301 passed test VerifyReferences TEST-W301通过校验参考测试
Test omitted by user request: VerifyEnterpriseReferences忽略用户请求:企业参考校验
Test omitted by user request: CheckSecurityError忽略用户请求:检查安全错误
Running partition tests on : ForestDnsZones 运行分区测试在:森林DNS区域
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones 运行分区测试在:域DNS区域
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema 运行分区测试在:架构
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration 运行分区测试在:配置
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : test 运行分区测试在:test
Starting test: CrossRefValidation
......................... test passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... test passed test CheckSDRefDom
Running enterprise tests on : test.com 运行企业测试在:test.com
Starting test: Intersite开始测试:内部站点
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided.
......................... test.com passed test Intersite
Starting test: FsmoCheck 开始测试:FSMO检测
GC Name: \\test-w301.test.com 全局编录名
Locator Flags: 0xe00003fd 位置标志
PDC Name: \\test-w301.test.com PDC主机名
Locator Flags: 0xe00003fd 位置标志
Time Server Name: \\test-w301.test.com 时间服务器名
Locator Flags: 0xe00003fd 位置标志 Preferred Time Server Name: \\test-w301.test.com 首选时间服务器名
Locator Flags: 0xe00003fd 位置标志
KDC Name: \\test-w301.test.com 密钥分配中心名
Locator Flags: 0xe00003fd位置标志
......................... test.com passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS