Active Directory Health Check Tool

Easily Check the health of Active Directory, diagnose issues, check DNS and event logs

  • Test domain controllers
  • Replication status
  • Test DNS
active directory health monitoring

Active Directory Health Monitoring

Active Directory health monitoring is important to ensure that your domain controllers are running without errors. If your domain controllers have issues it can cause all kinds of problems such as authentication issues, replication, slow logons, access, and application problems.

The health monitoring tool will check each domain controller and provide an easy to read status report. This will save you time and help you identify any issues with your domain controllers.

Download Free Trial


DNS Health Report

DNS translates domain names to IP addresses. When DNS is down or having issues it can basically take the entire network down.

With the health check tool, you can run basic DNS tests on all your domain controllers. The default test will check network connectivity, DNS client configuration, service availability, and zone existence.

If you want to only run a DNS test you can select “Dns Only” from the test options.

domain controller dns health report

schedule automated health checks

Automate Active Directory Health Reports

By using the built in scheduler you can schedule daily email reports on the health of your domain controllers.

  • Daily, weekly or monthly report
  • Choose your email recipients
  • Select test options and domain controllers

This is a huge time saver and very popular with System Administrators. I would recommend setting the schedule to run daily.


Domain Controller Event Logs

Each domain controller will generate event logs for system errors and warnings. These events are logged in various places in the Windows event viewer.

The toolkit will pull down the important events related to the domain controller services from the last 24 hours. This makes it easy to review any errors or spot any potential problems before they occur.

For example in the screenshot, you can see event 2089 is being logged. This indicates the Active Directory partition has not been backed up during the latency interval.

domain controller event logs

Frequently Asked Questions

Have a different question and can’t find the answer you’re looking for? Reach out to our
support team by sending us an email and we’ll get back to you as soon as we can.

How does the Active Directory Health Check Tool work?

The health check tool works by utilizing the dcdiag.exe command that is included with each Microsoft domain controller. The health check tool will execute the dcdiag command and pull back the results into a grid format for easy viewing. When the report is completed you can filter, sort, and export the report.

What permissions are required to run the health check tool?

You will need to have administrator rights to each domain controller to complete each test, this is typically done by having domain administrator rights.

Will the tool check domain controller replication?

Yes, below is from the Microsoft documentation.

This test checks all AD replication connection objects for all naming contexts on specified DC(s) to see:

  • f the last replication attempted was successful or returned an error
  • If replication is disabled
  • If replication latency is more than 12 hours

The tests are done with LDAP and RPC using DsReplicaGetInfo.

What services are checked?

There is a total of 27 tests that are checked. Click here to learn more about each test.

Related Tools

Try The Health Check Tool For FREE

Join thousands of IT professionals using the Bulk User Creation Tool to automate the process of account management and enjoy greater freedom over your time.