Dcdiag Syntax

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

DCDiag Syntax

DCDiag uses the following syntax:

Art Image dcdiag /s: DomainController [/n:NamingContext] [/u:Domain\UserName /p:{* | Password | ""}] [{/a | /e}] [{/q | /v}] [/i] [/f:LogFile] [/ferr:ErrLog] [/c [/skip:Test]] [/test:Test] [/fix] [{/h | /?}] [/ReplSource:SourceDomainController]


/s: DomainController
Uses DomainController as the home server. This parameter is required. It is ignored for DcPromo and RegisterInDns tests which can only be run locally.

/n: NamingContext
Uses NamingContext as the naming context to test. Domains may be specified in NetBIOS, DNS or distinguished name format.

/u: Domain\UserName /p:{* | Password | ""}
Uses Domain\UserNameDCDiag uses the process's or users default credentials. If alternate credentials are needed, use the following options to provide those credentials for binding with Password as the password. Use "" for an empty or null password, or the wildcard character (*) to prompt for the password.

Tests all the servers on this site.

Tests all the servers in the entire enterprise. Overrides /a.

Quiet. Prints only error messages.

Verbose. Prints extended information.

Ignores superfluous error messages.

Only affects the MachineAccount test. It causes the test to fix the SPNs (Service Principal Names) on the domain controller's Machine Account Object.

/f: LogFile
Redirects all output to LogFile. The /f parameter operates independently of /ferr.

/ferr: ErrLog
Redirects fatal error output to a separate file ErrLog. The /ferr parameter operates independently of /f.

Comprehensive. Runs all tests except DCPromo and RegisterInDNS, including non-default tests. Optionally, can be used with /skip to skip specified tests. The following tests are not run by default:




{ /h | /?}
Displays a syntax screen at the command prompt.

/test: Test
Runs only this test. The nonskippable test Connectivity is also run. Should not be run in the same command with /skip.


  • All tests except DcPromo and RegisterInDNS must be run on computers that have been promoted to domain controller.

  • The test CheckSecurityError is available only in the version of Dcdiag that is included with Windows Support Tools in Windows Server 2003 Service Pack 1 (SP1) and must be run on a domain controller that is running Windows Server 2003 with SP1.

/ReplSource: SourceDomainController
Option for /test:CheckSecurityError. Tests the connection between the domain controller on which you run the command and the source domain controller. SourceDomainController is the DNS name, NetBIOS name, or distinguished name of a real or potential "from" server that is represented by a real or potential connection object.

DNS Syntax

The new DNS tests in Windows Server 2003 SP1 use the following syntax:

dcdiag /test:DNS [/DnsBasic | /DnsForwarders | /DnsDelegation | /DnsDynamicUpdate | /DnsRecordRegistration | /DnsResolveExtName [/DnsInternetName:InternetName] | /DnsAll] [/f:LogFile] [/ferr:ErrLog] /s:DomainController [/e] [/v]


/test:DNS [DNS test]
Performs the specified DNS test. If no test is specified, defaults to /DnsAll.

Performs basic DNS tests, including network connectivity, DNS client configuration, service availability, and zone existence.

Performs the /DnsBasic tests, and also checks the configuration of forwarders.

Performs the /DnsBasic tests, and also checks for proper delegations.

Performs /DnsBasic tests, and also determines if dynamic update is enabled in the Active Directory zone.

Performs the /DnsBasic tests, and also checks if the address (A), canonical name (CNAME) and well-known service (SRV) resource records are registered. In addition, creates an inventory report based on the test results.

/DnsResolveExtName [/DnsInternetName:InternetName]
Performs the /DnsBasic tests, and also attempts to resolve InternetName. If /DnsInternetName is not specified, attempts to resolve the name www.microsoft.com. If /DnsInternetName is specified, attempts to resolve the Internet name supplied by the user.

Performs all tests, except for the DnsResolveExtName test, and generates a report.

/f: LogFile
Redirects all output to LogFile. The /f parameter operates independently of /ferr.

/ferr: ErrLog
Redirects fatal error output to a separate file ErrLog. The /ferr parameter operates independently of /f.

/s: DomainController
Runs the tests against DomainController.

Runs all tests specified by /test:DNS against all domain controllers in the Active Directory forest.

Verbose. Presents extended information about successful test results, in addition to information about errors and warnings. When the /v parameter is not used, provides only error and warning information. Use the /v switch when errors or warnings are reported in the summary table.

See Also

Community Additions