Brian McCann has written a wonderful article over at AdminPrep.com in regards to completing your own domain controller health check.  The article, as reproduced below, shows a complete set of steps that you can walk through to make sure your DC is on the up and up.  I really love when people write these little guides - especially when I feel that such things should come with the products.  Lets face it, Microsoft clearly wasn't thinking simplicity when they designed Active Directory. 

I didn't find the list of tasks to be overly complex and I would recommend scripting the whole thing and running it on a weekly or monthly basis.  Here's the full story:

I get asked over and over about what I do when I'm performing a health check on a domain controller. Below you will see some of the commands that I use when I need to ensure my domain controllers are still healthy after some sort of change...like patching.

The Event Viewer is always a must. I look at all the logs before and after the update to the domain controller looking for abnormal events. With the pre-check I usually go back a month of logs to get more historical data. I then run through a couple command line utilities. One thing I always do is pipe my commands out to a text document. This just makes it easier for me to read and also search for failed events.

Dcdiag.exe /v >> c:\temp\pre_dcdiag.txt
This is a must and will always tell you if there is trouble with your DCs and/or services associated with it

Netdiag.exe /v >> c:\temp\pre_Netdiag.txt
This will let me know if there are issues with the networking components on the DC. This along with the post test also is a quick easy way to ensure the patch I just installed is really installed (just check the top of the log)

Netsh dhcp show server >> c:\temp\pre_dhcp.txt
Some may not do this but I've felt the pain of a DHCP server somehow not being authorized after a patch. This allows me verify the server count and names.

Repadmin /showreps >> c:\temp\pre_rep_partners.txt
This shows all my replication and if it was successful or not. Just be aware that Global Catalogs will have more info here than a normal domain controller.

repadmin /replsum /errorsonly >> c:\temp\pre_repadmin_err.txt
This is the one that always takes forever but will let you know who you are having issues replicating with.

After I run and check the pre_ scripts I update my server. When it is done I run post_ scripts which are the same thing but this allows me to verify them against the scripts earlier.

Hopefully this helps you when you troubleshoot your domain controllers but by no way is this an all encompassing list of things to do. These are the standard steps I take but I would love to hear what you all do as well. Feel free to jump over to my blog and leave a comment to let everyone else know what you do as well.