Network diagnostics: How to run DCDiag remotely on all domain controllers

By /

DCDiag, sometimes referred to as Domain Controller Diagnostic tool, can be used to check various aspects of an Active Directory domain controller. It provides several health sections such as DNS Tests, which includes DNS forwarders, DNS delegation, DNS record registration, Active Directory replication tests, domain controller advertising tests, and many more. You can run DCDiag on a local domain controller as well as against a remote domain controller by specifying the “/S:<Domain Controller>” parameter. As you might be know, Microsoft provides the Active Directory Risk Assessment Program, which includes a test to run DCDiag against all the domain controllers. The ADRAP tool connects to all the domain controllers and runs basic tests using the DCDiag tool. However, the ADRAP engagement is available only to Microsoft Premier customers. In case you need to run DCDiag tool on all the domain controllers and collect the test status in a CSV file for reporting purposes, you can use the PowerShell script we have put together for you in this article. The script connects to each domain controller, collects the DCDiag data, and then saves the DCDiag data in the <DomainControllerName_DCDiag.TXT> file. PowerShell also creates a report file under C:\Temp folder.

Requirements for running DCDiag PowerShell script

Please make sure to run the script from a Windows Server 2012 R2 member server or domain controller, and create a Temp folder on the C:\ drive, as script generates a report by name “DCDiagStatusReport.CSV” under the C:\Temp folder. Apart from meeting these requirements, make sure to create a text file that holds that DCDiag tests to be run against each domain controller as shown in the screenshot below:

DCDiag

As you can see in the above screenshot, we have selected to run only “DNS,” “NetLogon,” “Replications,” and “Services” tests. The script looks for a “Fail” string for each test. If the script finds a “Fail” string in any of the tests, the test is considered as failed and the output is recorded in the report file.

You would also be required to collect domain controller names in FQDN format and specify in the “C:\Temp\DCList.TXT” file which is used by the script. Once you have met these requirements, copy the script below in a PS1 file and execute it from an elevated PowerShell window.

$TestCSVFile = “C:\Temp\DCDiagStatusReport.CSV”
Remove-item $TestCSVFile -ErrorAction SilentlyContinue
$ThisString=”Domain Controller,Connection,Command Status, DCDIAG Test, Test Status, Final Status”
Add-Content “$TestCSVFile” $ThisString
$TotNo=0
$ItemCount=0
$TestText = “”
$TestStatus=””
$SumVal = “”
$AnyGap = “No”
$ErrorOrNot = “No”
$AnyOneOk = “No”
$TotDCsInError = 0
$IntDirNow = “C:\Temp\DCDiagTest”
mkdir $IntDirNow -Force
$GDCList = “C:\Temp\DClist.TXT”
$DCDiagTestFile = “C:\Temp\DCDiagTests.DPC”
$DCDiagTestCSV = Import-CSV $DCDiagTestFile -Delimiter “-“
Foreach ($ItemName in Get-Content “$GDCList”)
{
$DCConError = “Ok”
$DCConStatus = “Ok”
$ProceedOrNot = “Yes”
$Error.Clear()
$AllServices = Get-WMIObject Win32_Service -computer $ItemName
IF ($Error.Count -ne 0)
{
$ProceedOrNot = “No”
$TotDCsInError++
$DCConError = $Error[0].Exception.Message
$FinalSTR = $ItemName+”,Not OK: Error: $DCConError”
Add-Content “$TestCSVFile” $FinalSTR
}
IF ($ProceedOrNot -eq “Yes”)
{
$ComConError=”Ok”
ForEach ($ThisTestNow in $DCDiagTestCSV)
{
$ThisTestToRun=$ThisTestNow.TestName
$ThisLookFor = $ThisTestNow.LookFor
$DCDiagTestREsultFile=”C:\Temp\DCDiagTest\”+$ItemName+”_Test_”+$ThisTestToRun+”.CSV”
Remove-item $DCDiagTestREsultFile -ErrorAction SilentlyContinue
$Error.Clear()
$DCDiagResult = dcdiag /test:$ThisTestToRun /v -s:$ItemName
IF ($Error.Count -eq 0)
{
$DCdiagResult | Out-file $DCDiagTestREsultFile
$FoundOrNot=Select-String -Path $DCDiagTestREsultFile -Pattern $ThisLookFor
$TotFoundNow=$FoundOrNot.Count
$IsThisDCOk=”Yes”
$FinStatus = “Ok”
$TestStatus=”Passed”
IF ($TotFoundNow -eq 0)
{
}
else
{
$TestStatus = “Failed”
$AnyGap = “Yes”
$IsThisDCOk=”No”
$FinStatus = “Not Ok”
}
$ThisSTR = $ItemName+”,”+$DCConError+”,”+$ComConError+”,”+$ThisTestToRun+”,”+$TestStatus+”,”+$FinStatus
Add-Content “$TestCSVFile” $ThisStr
}
}
IF ($IsThisDCOk -eq “No”)
{
$TotNo++
}
}
else
{
$ComConError = $Error[0].Exception.Message
$FinalSTR = $ItemName+”,$DCConError,”+$ComConError
Add-Content “$TestCSVFile” $FinalSTR
}
}
$OthText = “”
IF ($TotDCsInError -ne 0)
{
$OthText = “Some Domain Controllers have not been checked due to connectivity or command issues.”
}
IF ($AnyGap -eq “Yes”)
{
$TestText = “DCDiag Test reported errors on domain controllers. Please load result and check which DCDiag test result reported errors and on which domain controllers. $OthText”
$SumVal = $TotNo
$TestStatus=”Critical”
}
IF ($AnyGap -eq “No”)
{
$TestText = “All DCDiag tests have been passed on all domain controllers. $OthText”
$SumVal = “”
$TestStatus=”Passed”
IF ($AnyOneOk -eq “No”)
{
$TestText = “Error Executing Dynamic Pack.”
$SumVal = “”
$TestStatus=”Completed with Errors.”
}
}
$STR = $ADTestName +”,”+$TestStartTime+”,”+$TestStatus+”,”+$SumVal +”,”+$TestText

Once the script has finished executing, a report will be generated under C:\Temp\DCHostRecordStatus.CSV as shown in the screenshot below.

DCDiag

As you can see in the report above, the script ran DCDiag tests against all domain controllers in the TechGenix.com domain and reported the result of each test. The script ran DNS, NetLogons, Replications, and Services tests against DC1.TechGenix.com and DC2.TechGenix.com domain controllers and reported “Not Ok” in the Final Status column for the DNS test. In case you wish to see DCDiag data for each domain controller, navigate to C:\Temp\DCDiagTest folder and look for <DomainControllerName>_Test_<TestName>.CSV file.

We explained how you can run DCDiag tool on all domain controllers and collect data for reporting purposes. The PowerShell script executes the DCDiag tool on a remote domain controller by using “/S:<ComputerName>” parameter. The PowerShell script also generates test results in each domain controller file, which you can check to investigate further on a particular DCDiag test. It is recommended to run DCDiag tool on all domain controllers once in a month to ensure critical components such as DNS, NetLogons, Replications, and Services are healthy.

Photo credit: Shutterstock

About The Author

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

Read Next

1 thought on “Network diagnostics: How to run DCDiag remotely on all domain controllers”

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top