Several additional tools that can be used to configure, manage, and debug Active Directory are available as command-line tools. These tools are known as the Support Tools and are available on the installation CD in the \Support\Tools folder.
In addition, the Active Directory Migration Tool (ADMT) is available to help you migrate user accounts, groups, and computer accounts from Windows NT 4.0 domains to Active Directory domains. The Active Directory Migration Tool is a Microsoft Management Console (MMC) snap-in and is available on the installation compact disk in the
| Tool | Description |
|---|---|
| Movetree | Move objects from one domain to another. |
| SIDWalk | Set the access control lists on objects previously owned by accounts that were moved, orphaned, or deleted. |
| LDP | Allows LDAP operations to be performed against Active Directory. This tool has a graphical user interface (GUI). |
| Dnscmd | Enables administrator to check presence of domain controller locator records in DNS, add or delete such records and perform configuration of DNS servers, zones and records. |
| DSACLS | View or modify the access control lists of directory objects. |
| Netdom | Batch management of trusts, joining computers to domains, verifying trusts and secure channels. |
| NETDiag | Check end to end network and distributed services functions. |
| NLTest | Check that the locator and secure channel are functioning. |
| Repadmin | Check replication consistency between replication partners, monitor replication status, display replication metadata, force replication events and knowledge consistency checker recalculation. |
| Replmon | Display replication topology, monitor replication status (including group policies), force replication events and knowledge consistency checker recalculation. This tool has a graphical user interface (GUI). |
| DSAStat | Compare directory information on domain controllers and detect differences. |
| ADSI Edit | A Microsoft Management Console (MMC) snap-in used to view all objects in the directory (including schema and configuration information), modify objects and set access control lists on objects. |
| SDCheck | Check access control list propagation and replication for specified objects in the directory. This tool enables an administrator to determine if access control lists are being inherited correctly and if access control list changes are being replicated from one domain controller to another. |
| ACLDiag | Determine whether a user has been assigned or denied access to a directory object. It can also be used to reset access control lists to their default state. |
| DFSUtil | Command-line utility for managing all aspects of Distributed File System (DFS), checking the configuration concurrency of DFS servers, and displaying the DFS topology. |
| Dcdiag | Analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting. |
| Active Directory Migration Tool (ADMT) | A Microsoft Management Console (MMC) snap-in used to migrate user accounts, groups, and computer accounts from Windows NT 4.0 domains to Active Directory domains (available on the installation compact disk in the |
For more information, see To install Windows Support Tools and Windows Deployment and Resource Kits.