This page categorizes the Active Directory troubleshooting information that is spread all over the Internet, so you can get to the resource you need to solve your specific issue.
You might want to check out these overviews, flow charts, and general Active Directory troubleshooting strategy resources if you are not quite sure where to start:
The following topics contain information that can help you gather more information about the problems that you are experiencing:
DCdiag - general domain controller diagnostics especially dcdiag /fix on a domain controller Netdiag - general network diagnostics, especially useful is netdiag /fix for Windows Server 2003 R2 and earlier implementations Netdom - used for resetting domain member computer secure channels and setting up trust relationships ADSIEdit - used for browsing Active Directory structure from an LDAP perspective LDP - LDAP browser that can be used for browsing, finding, and modifying the security settings of Active Directory objects Insight for Active Directory - Intercepts and displays LDAP and ADSI calls to show you what is happening when Active Directory is accessed from the system on which it is installed. ACLDiag - shows permissions set on Active Directory objects SDCheck - Security Descriptor Checker is used to query security descriptor information on Active Directory objects DSAStat - used to compare Active Directory replica sets NTFRSUtil - used to monitor and diagnose issues with the NT File Replication System used for Active Directory replication by default in Windows Server 2003 R2 and earlier. Starting in Windows Server 2008 Directory File Service Replication (DFSR) was enabled by default on new forests Repadmin - used for monitoring and troubleshooting Active Directory replication Replmon - a graphical replication troubleshooting tool for Windows Server 2003 R2 and earlier - deprecated starting in Windows Server 2008 Codeplex Active Directory Utilities - Multiple tools available for Active Directory from this site Useful Microsoft Active Directory Tools - Another site ad-active-directory-tools.com that is dedicated to discussing Active Directory tools. Active Directory Replication Status Tool - GUI tool released 7/2012 to analyze and check replication status.
Starting with Windows Server 2008 the most frequently encountered event viewer messages have been targeted for more information. There are two big collections in the TechNet Library that we are planning to move onto the TechNet Wiki, so that a larger group of people can help provide assistance in getting them documented.
There are also people working on a similar endeavor at EventID.Net, where you can search for more information by providing the Event Source and ID. A similar mechanism exists on the TechNet Errors and Events Message Center. This TechNet Wiki may one day be the best place to find more information on Events and Errors as there are several people working on fleshing these out on this platform. More about that in the following section.
The vision for this section is to link from each of the following event sources below to pages that discuss the event source and link out to specific Event IDs. The Event ID pages will then provide troubleshooting information specific to the event. We are already working on this as you can see in Event ID 1311. Our goal is for each page to provide the information that people will need to solve the issues they encounter. There are many people already committed to this effort and working on it. Still, we can use all the help we can get; if you are inclined to help - we encourage you to do so.
Microsoft-Windows-ActiveDirectory_DomainService SAM Microsoft-Windows-Time-Service LsaSrv NetLogon
There are many different factors that can limit the scale and performance of Active Directory. Here are articles that discuss them:
Resources that will help you troubleshoot Active Directory replication issues include:
Kurt L Hudson edited Revision 21. Comment: Demonstration by Kurt Hudson meant to be deleted
Kurt L Hudson edited Revision 20. Comment: Updated title to ensure that AD DS acroynm is shown in title for discoverability
Kurt L Hudson edited Revision 19. Comment: Changing the title based on feedback from the Active Directory Documentation Team
Kurt L Hudson edited Revision 18. Comment: Added link to the SPN troubleshooting article
Kurt L Hudson edited Revision 17. Comment: Completed links and fixed typos
Kurt L Hudson edited Revision 16. Comment: created a link menu at the top and added information regarding access denied messages
Kurt L Hudson edited Revision 15. Comment: removed some blank spaces
Kurt L Hudson edited Revision 14. Comment: Reformatting with Firefox
Mike Kline edited Revision 13. Comment: Added links for dcdiag /fix & netdiag /fix from AskDS blog (Friday mail sack edition)
Kurt L Hudson edited Revision 12. Comment: Reorganized a bit and added the Resource Usage Issues section
Kurt L Hudson edited Revision 22. Comment: Demo
Kurt L Hudson edited Revision 23. Comment: Reverting thjis article, modified by Kurt Hudson during demo
Testing IE 9 edits
Kurt L Hudson edited Revision 24. Comment: Added Survival Guide to the title
Kurt L Hudson edited Revision 25. Comment: Changed the title yet again to try to make it clear in two of the popular nomenclatures that are being used