1.DCDIAG
To deploy an additional domain controller: Dcdiag /test:dcpromo /DnsDomain:domain_name.com /ReplicaDC To deploy a child domain: Dcdiag /test:dcpromo /DnsDomain:child_domain_name.forest.com /ChildDomain Test the FSMO Dcdiag /s:<DomainControllerName> /test:fsmocheck Check DNS Dcdiag /test:dns Check for missing and duplicate SPNs as well as other errors Dcdiag /test:checksecurityerror Check the rid pool dcdiag /s:server /v /test:ridmanager
2. NSLOOKUP
Test SRV records cmd---nslookup set q=srv _ldap._tcp.dc._msdcs.yourdomain.com _ldap._tcp.gc._msdcs.yourdomain.com _ldap._tcp.pdc._msdcs.yourdomain.com 3. Repadmin
Disable replication Repadmin /options <dc-fqdn> +DISABLE_OUTBOUND_REPL Enable replication Repadmin /options <dc-fqdn> -DISABLE_OUTBOUND_REPL
4. W32TM Time sync issue in DC w32tm /config /manualpeerlist:<DC1.contoso.com> /syncfromflags:manual /update 5. NLTEST How to find the site for a Server nltest /server:%computername% /dsgetsite nltest /dsgetdc:contoso.com
6. PortQuery PortQry.exe -n 10.236.214.136 -e 53 -p both
7.How to check the delegation Dsrevoke /Report OU=test,DC=gs,DC=Com gs\bshwjt ACLDiag.exe "OU=Employee,DC=Contoso,DC=Com" /chkdeleg
For details see the below links. http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated- permissions.aspx http://msmvps.com/blogs/acefekay/archive/2012/02/07/active-directory-server-2008-r2-you-do-not-have-permission-to-modify-the-group.aspx