Active Directory Helpful Admin Tools



Support Tools

  • REPLMON.EXE: Active Directory Replication Monitor
    • Display status of domain controllers.
    • The Active Directory Replication Monitor tool enables administrators to view the low-level status of Active Directory replication, force synchronization between domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller replication through a graphical interface. The Active Directory Replication Monitor is a graphical tool located on the Tools menu within Windows 2000 Support Tools.
    • Active Directory Replication Monitor Features
      Some of the key features of the Active Directory Replication Monitor are
      • Graphic displays – Replication Monitor displays whether or not the monitored server is a global catalog server, automatically discovers the directory partitions that the monitored server hosts, graphically displays this breakdown, and shows the replication partners that are used for inbound replication for each directory partition. Replication Monitor distinguishes between direct replication partners, transitive replication partners, bridgehead servers, and servers removed from the network in the user interface. Failures from a specific replication partner are indicated by a change in the icon used for the partner.
      • Replication status history – The history of replication status per directory partition, per replication partner is recorded, generating a granular history of what occurred between two domain controllers. This history can be viewed through Replication Monitor’s user interface or can be viewed offline or remotely through a text editor.
      • Property pages – For direct replication partners, a series of property pages displays the following for each partner: the name of the domain controller, its globally unique identifier (GUID), the directory partition that it replicates to the monitored server, the transport used (remote procedure call [RPC] or Simple Mail Transfer Protocol [SMTP] and distinguishes between intra- and inter-site when RPC is used), the time of the last successful and attempted replication events, update sequence number (USN) values, and any special properties of the connection between the two servers.
      • Status report generation – Administrators can generate a status report for the monitored server that includes a listing of the directory partitions for the server, the status of each replication partner (direct and transitive) for each directory partition, detail on which domain controllers the monitored server notifies when changes have been recorded, the status of any group policy objects (GPOs), the domain controllers that hold the Flexible Single Master Operations (FSMO) roles, a snapshot of the performance counters on the computer, and the registry configuration of the server (including parameters for the Knowledge Consistency Checker [KCC], Active Directory, Jet database, and LDAP). Additionally, the administrator can also choose to record (in the same report) the enterprise configuration, which includes each site, site link, site link bridge, subnet, and domain controller (regardless of domain) and the properties of each type of object just mentioned. For example, for the domain controller properties, this records the GUID that makes up the Domain Name System (DNS) record that is used in replication, the location of the computer account in Active Directory, the inter-site mail address (if it exists), the host name of the computer, and any special flags for the server (whether or not it is a global catalog server). This can be extremely helpful when troubleshooting an Active Directory replication problem.
      • Server Wizard – With Server Wizard, administrators can either browse for the server to monitor or explicitly enter it. The administrator can also create an .ini file, which predefines the names of the servers to monitor, which is then loaded by Replication Monitor to populate the user interface.
      • Graphical site topology – Replication Monitor displays a graphical view of the intra-site topology and, by using the context menu for a given domain controller in the view, allows the administrator to quickly display the properties of the server and any intra- and inter-site connections that exist for that server.
      • Properties display – Administrators can display the properties for the monitored server including the server name, the DNS host name of the computer, the location of the computer account in Active Directory, preferred bridgehead status, any special flags for the server (for example, if it is the Primary Domain Controller [PDC] Emulator for its domain or not), which computers it believes to hold the FSMO roles, the replication connections (Replication Monitor differentiates between administrator and automatically generated connection objects) and the reasons they were created, and the Internet Protocol (IP) configuration of the monitored server.
      • Statistics and replication state polling – In Automatic Update mode, Replication Monitor polls the server at an administrator-defined interval to get the current statistics and replication state. This feature generates a history of changes for each monitored server and its replication partners and allows the administrator to see topology changes as they occur for each monitored server. In this mode, Replication Monitor also monitors the count of failed replication attempts for each replication partner. If the failure count meets or exceeds an administrator-defined value, it can write to the event log and send an e-mail notification to the administrator.
      • Replication triggering – Administrators can trigger replication on a server with a specific replication partner, with all other domain controllers in the site, or all other domain controllers intra- and inter-site.
      • KCC triggering – Administrators can trigger the KCC on the monitored server to recalculate the replication topology.
      • Display nonreplicated changes – Administrators can display, on demand, Active Directory changes that have not yet replicated from a given replication partner.


    • diagnostic tool helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client
    • displays directory size information, including compression information for NTFS volumes
    • You can use Diruse to determine the actual usage of space for compressed files and directories
    • You can also specify a maximum folder size, then diruse marks any folders that exceed the specified limit and, if you choose, alerts you to the problem
  • REPADMIN.EXE: Replication Diagnostics Tool*
    • Diagnose replication problems
  • SDCHECK.EXE: Security Descriptor Check Utility*
    • Display effective access controls on an object
    • Use to check status of trusts, Lists PDCs, force a user db into sync in an NT4 domain
  • ACLDIAG.EXE: ACL Diagnostics*
    • determine whether a user has been granted or denied access to a directory object. It can also be used to reset access control lists to their default state
    • View or modify the access control lists of directory objects
  • LDP.EXE: Active Directory Administration Tool
    • Allows LDAP operations to be performed against Active Directory
  • DSASTAT.EXE: Active Directory Diagnostic Tool*
    • Compare directory information on domain controllers and detect differences
    • Compares directory trees within or across different domains


Resource Kit Tools

    • Analyzes the state of domain controllers in a forest or enterprise to assist in troubleshooting
    • The Active Directory Sizer tool allows you to estimate the hardware required for deploying Active Directory in your organization
    • The estimate provided is based on your organization’s usage profile, domain and site topology
    • updates the group policy changes made to the entire domain
    • creates reports when policy settings are refreshed and displays the reports so an administrator can view them
    • helps check Group Policy object (GPO) stability and monitor policy replication
  • Ntrights.exe*
    • NTRights is a command-line tool that allows you to grant or revoke a right for a user or group of users on a local or remote computer
    • You can also place an entry in the event log of the computer, noting the change.
    • Useful in unattended or automated installations during which you may want to change the default rights
    • You can also use it in situations where you need to change a right in an existing installation, but you cannot access and log on to all computers
  • Oh.exe*
    • Open Handles (OH) is a command-line tool that shows the handles of all open windows
    • used to show only information about a specific process
    • finding the process that has a file open when a sharing violation occurs
  • Permcopy.exe*
    • Share Permissions Copy
  • Perms.exe*
    • User File Permissions Tool
  • Tcmon.exe
    • Traffic Control Monitor

Alphabetical List of Tools by File Name


Cool Tools by Sysinternals

  • DiskMon
    • an application that logs and displays all hard disk activity on a Windows system.
    • You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity.
  • FileMon
    • monitors and displays file system activity on a system in real-time
    • shows how applications use the files and DLLs
    • helps track down problems in system or application file configurations
    • Filemon’s timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome
  • Regmon
    • Registry monitoring utility that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing – all in real-time
    • This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry
  • TCPView
    • will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections
    • Reports the name of the process that owns the endpoint
    • TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows
  • PsExec – execute processes remotely
  • PsFile – shows files opened remotely
  • PsGetSid – display the SID of a computer or a user
  • PsKill – kill processes by name or process ID
  • PsInfo – list information about a system
  • PsList – list detailed information about processes
  • PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
  • PsLogList – dump event log records
  • PsPasswd – changes account passwords
  • PsService – view and control services
  • PsShutdown – shuts down and optionally reboots a computer
  • PsSuspend – suspends processes
  • PsUptime – shows you how long a system has been running since its last reboot




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s