To deploy an additional domain controller:
Dcdiag /test:dcpromo / /ReplicaDC
To deploy a child domain:
Dcdiag /test:dcpromo / /ChildDomain
Test the FSMO
Dcdiag /s:<DomainControllerName> /test:fsmocheck
Check DNS
Dcdiag /test:dns
Check for missing and duplicate SPNs as well as other errors
Dcdiag /test:checksecurityerror
Check the rid pool
dcdiag /s:server /v /test:ridmanager


Test SRV records

 set q=srv

Command to Troubleshoot DNS Issues

3. Repadmin


Disable replication
Repadmin /options <dc-fqdn> +DISABLE_OUTBOUND_REPL
Enable replication
Repadmin /options <dc-fqdn> -DISABLE_OUTBOUND_REPL

4. W32TM

Time sync issue in DC
w32tm /config /manualpeerlist:<> /syncfromflags:manual /update

Need to run non PDC.
w32tm /config /syncfromflags:domhier /update
W32tm /resync /rediscover
net stop w32time && net start w32time


How to find the site for a Server
nltest /server:%computername% /dsgetsite
nltest /

How to find DCs IP addresses


Returns only those domains that are in the same forest as the primary domain.

nltest /trusted_domains /forest

Reset the netlogon secure channel

nltest /sc_reset:<domainname>

NLTEST to test the trust relationship between a workstation and domain


6. PortQuery

PortQry.exe -n -e 53 -p both
Portqry -n -o 135,137,138,139,389,445,88,636,3268,3269,53 -p both

7.How to check the delegation

Dsrevoke /Report OU=test,DC=gs,DC=Com gs\bshwjt
 ACLDiag.exe "OU=Employee,DC=Contoso,DC=Com" /chkdeleg

For details see the below links.

8. DNSlint

All DCs GUID/CNAME & IP addresses

dnslint /ad /s localhost


runas /user:<domain\username> cmd

