« Previous 1 2 3 4 Next »
Active Directory management with NetTools
Health Check
Other Options for Comparisons
Comparisons often help during troubleshooting group memberships, as well. How do two user accounts differ in terms of their group memberships? To find out, the procedure is similar to what you just saw. This time, choose Use With | Group Compare . The memberships are listed, and you can see directly what is going on in relation to two objects.
These examples are just a few that show how useful functions are integrated into the view and the context menu. A lot more is waiting, though. For example, you can see whether a conflict exists with accounts in another domain from the email address of a user account (e.g., as a check criterion before migrating the account). A look at not only user objects but also computer accounts in the context menu of an object is definitely very helpful if you want to discover the full potential.
Connection Check Between DCs
Domain controllers (DCs) maintain active communication with each other. For this reason, it can be challenging when firewall rules do too much of a good thing – especially between remote sites – and important ports are closed. The resulting error patterns are difficult to interpret and usually show up in completely different places. A function integrated into NetTools tests the connectivity between domain controllers and, in the event of individual errors, displays them at the port level. Admittedly, the Test-NetConnection
cmdlet does the same job, but it is not as nicely integrated into a GUI. All of the ports important for AD communication are already included. You also have the option of specifying individual ports that will be included in the test.
Staying with the network, in terms of site topology, correct mapping of subnets, the site, and the domain controller is immensely important. Among other things, mapping ensures that computers can find their DC. If parts of an IP address range are assigned to multiple subnets, overlapping subnets occur, which can lead to issues that are difficult to track. Although this situation is not an immediate threat, unnecessary network traffic can try users' patience; after all, you probably want each computer to communicate with the closest DC. The Overlapping Subnets function, which can also be found in the sidebar, is where the subnets and the respective masks are calculated and overlaps are displayed. You do not have to specify a network range, because the function accesses the subnet information of the topology and calculates possible overlaps.
Replacement for GPOTool
Some of you might remember the Windows Server 2003 Resource Kit, which included a tool named GPOTool.exe
that inspected and tested group policies. However, Microsoft did not provide a replacement for this feature after the resource kit was discontinued. Luckily, NetTools has a similar function named GPO Explorer.
After launching the tool, you are taken to an overview of the state of group policy objects (GPOs), which initially appears to be similar to the Group Policy Management Console (gpmc.msc
). A closer look reveals small but subtle differences. With just a few clicks, you can view assigned GPOs, output their contents by scrolling and switching between policies, and more. A Test
button lets you test a single GPO. Alternatively, you can select the node with the domain name up front to check the entire environment by including one or more DCs, or just a certain number of GPOs, in the test.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)