There are possibly better and/or nicer ways to do this, but this works for me.
If you write your own server monitoring scripts you may well be running them as an account that’s a member of the local administrators group on all your servers. This allows you to use WMI and any other command line utilities to query all kinds of things about the remote systems. However Domain Controllers don’t have a local Adminstrators group, so are slightly more tricky to work with, despite being some of the most critical servers you own.
WMI won’t allow you to query service status. Where you could use something like this as a member of the local Administrators group:
Set wmiColl = GetObject("WinMgmts:\\" & serverName & "\root\cimv2").ExecQuery("Select * FROM Win32_Service WHERE Name LIKE'" & Trim(serviceName) & "'")
It won’t work on a domain controller unless you’re a Domain Admin.
xnet.exe list \\server\service
it too requires admin rights.
Help is at hand though, the sc command does not require admin rights to query service status:
sc \\server query service
For any services that it fails on, e.g. NTDS on a Windows Server 2008 R2 domain controller, I used SubInACL to grant the account running the command Read access to the service:
subinacl /service NTDS /grant="domain\account"=R
I would suggest using v5.2 of SubInACL as an older version I tried didn’t affect the service permissions.