This article shows how to use the checkADConfig.sh script. This script is meant to collect data regarding connectivity/port connectivity to all the Domain Controllers within the specified domain based on krb5-affinity.conf file and lookups of SRV records for the specified domain with the functionality to check site specific SRV records.  It can also be used to query a specified DNS server to get the response for lookups of Domain Controllers.

Symptoms:
Slow or failed authentication with Active Directory credentials.

Using the checkADConfig.sh script

This tool should be run from a PSC or embedded vCenter Server.

1. Download the checkADConfig.sh script attached to this article.
2. From an SSH session to the vCenter Appliance, create a new directory for the tool

3. Move the checkADConfig.sh file to the /root/debugging directory
4. Make the file executable

5. Run the script with the options applicable for your environment

• Required: --domain=<single or comma-separated AD domain list>
• Required: --hostType=<esx/vc>
• Optional: --site=<single or comma-separated sites list>
• Optional: --nameserver=<dns server ip>

For information on using the lw_measure tool to detect latency between vCenter Server and Active Directory domain controllers, see the following KB: Using the lw-measure tool to detect latency between vCenter Server and Active Directory domain controllers