Link to home
Create AccountLog in
Avatar of rsnellman
rsnellmanFlag for United States of America

asked on

What is Regular AD maintanence best practices?

Hi, I was going through my AD to remove any old user & computer objects when I starting thinking about what is best practice for regular AD maintanence to keep the AD in tip top shape.

So, what regular maintanence do you perform on your AD?  Monthly, Weekly or Daily?

Can any of it be automated?  Is it a good idea to automate it?

I have 5 Server 2003 servers & 1 Server 2008 R2 server running as DCs spread across 4 physical sites.

Thanks for your time.

ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of rsnellman

ASKER

Thanks.  I use dcdiag from time to time, probably every couple months.  I have started using repadmin some.  I have DNS server set to scavenge stale DNS records too.

We have SCOM, which I plan to set up in the next month or two, along with SCCM.

Thanks for the quick responses.

Sometimes you just don't know if you are checking all your bases, unless you bounce it off of other admins.

Thanks again.

Make sure you are aware of the data retention policies of your company and of your industry.  For example, finance, legal, health care, and government services have specific retention policies for things like AD accounts.  While I agree with my two previous colleagues, I think it important to make sure that whatever you choose to do (and it is mostly a personal preference thing if not mandated) is in line with whatever ordinances govern your industry/environment.

DrUltima