Menu & Search
Domain Join Sanity Checks

Domain Join Sanity Checks

Before joining a Windows Server to a domain, you might’ve had to request firewall rules from the network team to be opened up. The network requirements can be pretty complex, and the requirements will vary depending on your environment.

This post is to note a few checks to carry out after joining to a domain, particularly within a new environment.

# GPResult / GPUpdate.
# Nltest.
# Windows Event Viewer.


GPUpdate / GPResult

Using gpupdate, update and ensure the Computer and User Policies update successfully.

Windows Server GPUpdate

We can then have a look at those policies using the /v param.

Windows Update GPResult

Nltest

Nltest.exe allows you to perform network administrative tasks, which includes the ability to query/test the status of domain controllers & trust relationships. Here’s a few examples;

/dclist lists all the domain controllers in the domain.

nltest dclist

/dsgetdc queries DNS and returns a list of domain controllers (with IPs).

nltest dsgetdc

/dsgetsite returns the site name of the domain controller.

nltest getsite

/sc_query reports the state of the secure channel for when it was last used.

nltest scquery

Windows Event Viewer

Not all events require investigation… The idea is to try understand what the Warning or Error message means and then go from there.

Windows Event Viewer