Scribd
Upload
141 views

Active Directory Tools

This document lists and briefly describes several command line tools and utilities for managing and troubleshooting Active Directory and related services. Key tools include ntdsutil for Active Directory database maintenance, dcdiag.exe and netdiag.exe for domain controller and network testing, replmon.exe and repadmin.exe for replication monitoring and troubleshooting, and ADSI Edit and GPMC for lower-level and group policy management respectively. Other tools allow dumping AD data to CSV, modifying objects in bulk, and managing account lockouts.

Uploaded by

ankit
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
141 views

Active Directory Tools

This document lists and briefly describes several command line tools and utilities for managing and troubleshooting Active Directory and related services. Key tools include ntdsutil for Active Directory database maintenance, dcdiag.exe and netdiag.exe for domain controller and network testing, replmon.exe and repadmin.exe for replication monitoring and troubleshooting, and ADSI Edit and GPMC for lower-level and group policy management respectively. Other tools allow dumping AD data to CSV, modifying objects in bulk, and managing account lockouts.

Uploaded by

ankit
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

ntdsutil

Use for command-line maintenance of your Active Directory database. Installed by


default on domain controllers and menu driven. Although many of its functions are also
available via the GUI, it's worth becoming familiar with this tool as sometimes nothing
else will do. For example, it's needed for cleaning up if a domain controller isn't demoted
cleanly.
dcdiag.exe
Command-line tool to perform various domain controller tests to help confirm health and
diagnose problems. Part of the Support Tools suite (2000/2003) or included by default in
Windows 2008.
netdiag.exe
For network-related tests and troubleshooting. Part of the Support Tools suite
(2000/2003) or included by default in Windows 2008.
repadmin.exe and replmon.exe
Command-line tool to monitor and troubleshoot replication issues (repadmin.exe) and a
GUI version that provides much of the same functionality (replmon.exe). Part of the
Support Tools suite (2000/2003) or included by default in Windows 2008 (replmon is no
longer provided).
ntfrsutl.exe
Accesses information on the ntfrs service including subscription information etc. Part of
the Support Tools suite (2000/2003) or included by default in Windows 2008.
Sonar
A graphical tool to monitor the status of the File Replication Service. Look for it on the
Microsoft Download Center.
ADSI Edit
Low level editor for Active Directory. Installed as part of the Support Tools for Windows
Server 2000 and 2003, and installed by default when you install Active Directory on
Windows Server 2008.
Group Policy Management Console (GPMC)
It's been around for a while but you need to download it separately on 2003 (it's included
in 2008). An improvement on the built-in group policy editor, you need at least 2003
server or XP SP1 to run it. Download it from Microsoft.
dsadd, dsget, dsmod, dsmove, dsquery, dsrm
Built-in command-line tools included with 2003 and 2008, use /? after the command for
syntax.
csvde, ldifde
Built-in command-line tools included with 2000 and above, csvde is particularly useful
for dumping the contents of Active Directory into a csv file, or creating new objects from
a similar file. Again, use /? after the command for help.
ADModify
Created to make it easier to do bulk operations on Active Directory objects, such as
modifications, imports and exports. Requires .NET framework installed (version 2
probably). It's currently travelling the internet so download from http://ADModify.NET
and check the Microsoft Exchange Team Blog for an introduction.
redirusr.exe and redircmp.exe

Built-in command-line tools included with Windows 2003 and above. Change the default
containers for new user and computer objects respectively.
Account lockout and Management Tools
Microsoft have provided a number of tools in their Account lockout and Management
Tools package, to help in these areas, along with a script to turn on Kerberos logging.
They also provide some information on the Account Management Tools.

You might also like