Just wanted to note down some really useful (and Free) Active Directory Tools that I've come across in the field over the last few weeks:
Have looksy and add to the list if you can think of more, but I would consider these 'must haves' in the Active Directory consulting world.
• Setspn Syntax *For those double-hop Kerboros authentication scenarios between SQL and IIS.
• Replmon
• Repadmin
• Movetree.exe
• Ldp
• Dsastat
• Clonepr
• Adsiedit
• Acldiag
• Xcacls
• Sidwkr.dll (Sidwalker Security Administration Tools)
• Showaccs
• Sdcheck
• Ktpass
• Ksetup
• Getsid
• Netdiag
• Addiag
And of course the all time favourite, dcdiag, but check this little variation on a theme!
C:\>dcdiag /a /q c:\DCDiagLog.txt (/a = only site issues appear) (/q = only warnings/errors appear)
This is how I like to run it as I am then able to see all in from VBSEdit inside a text file, plus only see the errors.