×
Menu & Search

Domain Join Sanity Checks

Published
October 31, 2019
Comments
1 Comment

Domain Join Sanity Checks

In order to join a Windows Server to a domain, you may need to request that the network team open certain firewall rules. The network requirements for this process can be complex and may vary depending on your specific environment.

After joining a domain, especially in a new environment, it is important to perform some checks to ensure everything is working correctly. These checks may include using GPResult and GPUpdate to update and verify Computer and User Policies, using Nltest to perform network administrative tasks such as querying domain controllers and trust relationships, and reviewing the Windows Event Viewer for any issues.

This post shows examples of performing such checks post joining a Domain for a Windows Server:
# GPResult / GPUpdate
# Nltest
# Windows Event Viewer

GPUpdate / GPResult

After joining a Windows Server to a domain, you can use the gpupdate command to check if the domain join is healthy. This command updates Computer and User Policies on the server, and can help to ensure that the server is properly configured and communicating with the domain controller.

Here is an example of running gpupdate:

Windows Server GPUpdate

We can also have a look at applied Computer policies using the /v parameter when running gpresult.

Windows Update GPResult

Nltest

Nltest.exe is a command-line tool that allows you to perform network administrative tasks, including querying and testing the status of domain controllers and trust relationships. Some examples of the tasks that you can perform with Nltest include:

nltest /dclist:<domain> lists all the domain controllers in the domain.

nltest dclist

nltest /dsgetdc:<domain> queries DNS and returns a list of domain controllers (with IPs).

nltest dsgetdc

nltest /dsgetsite returns the site name of the domain controller.

nltest getsite

nltest /sc_query:<domain> reports the state of the secure channel for when it was last used.

nltest scquery

Windows Event Viewer

The Windows Event Viewer is a useful tool for viewing and managing events that are recorded by Windows operating systems. While not all events recorded in the Event Viewer require investigation, it is important to pay attention to errors and critical events, especially during the domain join process.

Windows Event Viewer

Labels

1 Comment

  1. “Changing the Primary Domain DNS Name of this Computer Failed” – Server 2008 R2 - Peter Whyte
    4 years ago
    Reply

    […] run some domain checks which all appear to be successful. All traffic open between each […]

SQL DBA Blog

Peter Whyte

Blog Menu

Categories

Tags

Active Directory (AD) (4) AWS CLI (3) CDC (2) Certificates & Encryption (3) Change Data Capture (2) CSV Files (4) Database Admin (54) Database Backups (10) Data Types (2) Deleting Data (2) Error Messages (4) Featured (4) Git (11) Git Commands (4) Git Log (3) Installing SQL Server (10) Linked Servers (3) Linux Admin (2) Measuring Databases (9) MSSQL SPIDs (3) NetFirewallProfile (3) New-Item PowerShell (2) PowerShell Create Folder (2) PowerShell Delete Files (2) PowerShell ForEach (2) PowerShell Tips (20) PowerShell Version (2) Restoring Databases (7) SQL Server Agent (4) SQL Server ETL (2) SQL Server Management Studio (SSMS) (14) SQL Server Processes (6) SQL Server Scripts (3) SQL Tips (19) SSH (2) SSMS Tips (9) Temp DB (2) Windows Admin (21) Windows Firewall (4) WordPress Tutorials (2) WSL (22) WSL1 (4) WSL2 (4) WSL Ubuntu (6) WSL Version (4)