# diagnostic
   dcdiag /v
   dcdiag /v >c:\dcdiag.txt

# check all DCs on a location
   dcdiag /a

# check all DCs in forest
   dcdiag /e

# show only errors, no information
   dcdiag /q

# only a certain DC
   dcdiag /s:<Domainencontroller>

# automaticly register in DNS
   ipconfig /registerdns

# query for a host
# server = name or ip of the DNS-Server
   nslookup <host> <server>

# for server 2003-2021
# https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731935(v=ws.11)
# get site of the dc
   nltest /dsgetsite

# Lists all domain controllers in the domainLists all domain controllers in the domainLists all domain controllers in the domain
   nltest /dclist:<NetBIOS-DOMAIN-NAME>

# check for GPOs
# check dirs in C:\Windows\SYSVOL\domain\Policies
# {31B2F340-016D-11D2-945F-00C04FB984F9} = Default Domain Policy
# {6AC1786C-016F-11D2-945F-00C04fB984F9} = Default Domain Controller Polic
#
# get 'dnslint' from MS for Server 2003-2012
# (maybe not valid anymore)
#  http://download.microsoft.com/download/2/7/2/27252452-e530-4455-846a-dd68fc020e16/dnslint.v204.exe
# check on heise.de
# https://www.heise.de/download/product/dnslint-46189
#
# syntax
# dnslint /d <Domainname> | /ad [<LDAP_IP_Adresse>] | /ql <Input_Datei> [/c [smtp,pop,imap]]
# [/no_open] [/r <Report_Name>] [/t] [/test_tcp] [/s <DNS_IP_Adresse>] [/v] [/y]

# check for slow delegation
   dnslint /d

# check DNS-Sets on various DNS-servers
   dnslint /ql

# check DNS-sets for special ad-replications
   dnslint /ad

# dnslint /ad <IP-Adresse des ersten DC> /s <IP-Adresse des zweiten DC>

# check for correct dns-lookup zones!

# check for FSMO-roles
# command line
   dsquery server -hasfsmo pdc
   dsquery server -hasfsmo rid
   dsquery server -hasfsmo infr
   dsquery server -hasfsmo schema
   dsquery server -hasfsmo name
# or
   dcdiag /test:Knowsofroleholders /v