Windows 10

Checking connectivity to Active Directory: Test-ComputerSecureChannel

It’s one of my favourite commands when it comes to troubleshooting Active Directory and network connectivity. Suppose the following. A user tries to log on to the domain. The login is successful. Shortly thereafter, the user reports that he cannot access the files on the fileserver, nor he can send e-mails.

The default Active Directory setting allows the login without a domain controller, but only if the user has already logged on to the computer. The password is then stored locally. So far so good, but how can we find out whether we are logged on locally or not?

Test-ComputerSecureChannel verifies the secure channel to the domain.

Test-ComputerSecureChannel

Unbenannt

True … is in good condition … that sounds great.

If Test-ComputerSecureChannel returns False, check your connection. Afterwards try to repair the channel with the parameter -repair.

Test-ComputerSecureChannel -Repair -Verbose

Unbenannt.PNG

You can also test the connectivity for remote hosts.

I am logged on server dc01. Can server03 reach its Domain Controller?

Invoke-Command -ComputerName server03 {Test-ComputerSecureChannel -verbose}

Unbenannt.PNG

Yes, server03 can reach its Domain Controller.

Technet: Test-ComputerSecureChannel.

Related Links

For checking name resoultion and network connectivity see also: The new nslookup: Resolve-DnsName and The modern version of ping: Test-Connection.

4 replies »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s