Active Directory Health Monitoring

Easily monitor the health of Active Directory, diagnose issues, check DNS and event logs


Monitor Domain Controller Health

The Active Directory monitoring tool runs a total of 27 tests on each domain controller. You can choose between basic, comprehensive, and DNS-only tests. See test comparison below.

Export Report

Reports can be exported by clicking on the export button and selecting either CSV or HTML.

Monitor Event Logs

Coming soon. This tool will collect logs from each domain controller and display the latest critical and warning level logs.

Easily Troubleshoot DC Issues

Failed tests are highlighted in red, click on a failed test to see details. This makes it very easy to troubleshoot health issues with your domain controllers.

Diagnose replication issues

If you have multiple domain controllers it’s critical that replication is working. The health monitor tool checks replication will display a fail if it does not pass the test.

Check DNS server health

You can select DNS Only to check the health of your DNS server. This only tests the DNS if your domain controller is a DNS server.

Active Directory Diagnostic Tests

Below is a list of tests that the health monitor tool runs.


Checks whether each DSA is advertising itself, and whether it is advertising itself as having the capabilities of a DSA.


This test checks that all application directory partitions have appropriate security descriptor reference domains.


Locates security errors (or those possibly security related) and performs the initial diagnosis of the problem. *Comprehensive only*


Tests whether DSAs are DNS registered, respond to ping, and have LDAP/RPC connectivity.


This test looks for cross-refs that are in some way invalid.


Check for servers that won’t receive replications because its partners are down. *Comprehensive only*


This test checks the health of DNS settings for the domain environment. *Comprehensive & DNS Only*


This test checks to see if there are any operation errors in the file replication system (FRS).


This test checks to see if there are any operation errors in the DFS.


This test checks that the SYSVOL is ready.

LocatorCheck FSMO Roles

Checks that global role-holders are known, can be located, and are responding.


Checks for failures that would prevent or temporarily hold up intersite replication.


This test checks that the Knowledge Consistency Checker is completed without errors.


Check whether the DSA thinks it knows the role holders, and prints these roles out in verbose mode.


Check to see if the Machine Account has the proper information.


Checks that the security descriptors on the naming context heads have appropriate permissions for replication.


Checks that the appropriate logon privileges allow replication to proceed.


Check that Machine Account (AD only) and DSA objects have been replicated.


Tests if there are secure channels from all the DC’s in the domain. *Comprehensive only*


Checks for timely replication between directory servers.


Check to see if RID master is accessible and to see if it contains the proper information.


Check to see if appropriate supporting services are running.


This test checks that the system is running without errors.


Checks that the generated topology is fully connected for all DSAs. *Comprehensive only*


This test verifies that certain system references are intact for the FRS and Replication infrastructure across all objects in the enterprise on each DSA. *Comprehensive only*


This test verifies that certain system references are intact for the FRS and Replication infrastructure.


This test verifies that all application directory partitions are fully instantiated on all replica servers. *Comprehensive only*

Easy to use, Impressive Results

Buy Now