Simon336697
asked on
Tips on what would be good indicators of a healthy active directory
Hi guys hope you are all well and can help.
Guys I would love your kind help on the following.
I have been tasked with identifying things that would be good candidates for reporting on with respect to ongoing health of our Active Directory.
So, for example, our team holds weekly meetings. In those meetings, we would like to share a report on key indicators of a healthy and secure AD environment. The idea of this is that we come up with a list of standards that we abide by to ensure the smooth running and operations of our AD. In our current environment, we have been running a bit hit and miss, reactive, and adhoc manner, which we wish to change by carving out a list of minimum standards that we regularly try and achieve. This is what this question is all about.....trying to get your guys input on what you guys deem as good standards to adopt.
For example:
1) Number of domain admins to be no more than x at any point in time
2) Only network printers to be published into AD, and not workstation-based printers
3) User account names to abide by naming convention, and exceptions to be noted.
Etc etc
If you guys can help me add to this list, that would be most greatly appreciated, as I can then hone in and customize for our own requirements.
Thanking you in advance.
Guys I would love your kind help on the following.
I have been tasked with identifying things that would be good candidates for reporting on with respect to ongoing health of our Active Directory.
So, for example, our team holds weekly meetings. In those meetings, we would like to share a report on key indicators of a healthy and secure AD environment. The idea of this is that we come up with a list of standards that we abide by to ensure the smooth running and operations of our AD. In our current environment, we have been running a bit hit and miss, reactive, and adhoc manner, which we wish to change by carving out a list of minimum standards that we regularly try and achieve. This is what this question is all about.....trying to get your guys input on what you guys deem as good standards to adopt.
For example:
1) Number of domain admins to be no more than x at any point in time
2) Only network printers to be published into AD, and not workstation-based printers
3) User account names to abide by naming convention, and exceptions to be noted.
Etc etc
If you guys can help me add to this list, that would be most greatly appreciated, as I can then hone in and customize for our own requirements.
Thanking you in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi mike, we are not yet at 2008, we are still at 2003.
I am tasked with designing some guidelines for our AD in terms of administrative delegation. We are currently consolidating domains from six domains down to two, and would really love to get some tips on what people would suggest on going about this in terms of this. The complexity is dealing with current admins that currently administer their own domain, and will now come into a new consolidated domain. What I have to try and do, is provide these admins with the same level of access to do their job, but no more. Aso for example:
Current environment:
Root domain
|_____subdomainA
|_____subdomainB
|_____subdomainC
|_____subdomainD
|_____subdomainE
New environment:
Root domain
|_____subdomainA
In the current world, there are Dom admins in each subdomain.
When moving to the new world, we don't want them to have domain admin privileges to the entire subdomainA, since this would mean they have a larger footprint than what they currently have, due to the fact that the other subdomains will be consolidated into the new domain as well.
I am tasked with designing some guidelines for our AD in terms of administrative delegation. We are currently consolidating domains from six domains down to two, and would really love to get some tips on what people would suggest on going about this in terms of this. The complexity is dealing with current admins that currently administer their own domain, and will now come into a new consolidated domain. What I have to try and do, is provide these admins with the same level of access to do their job, but no more. Aso for example:
Current environment:
Root domain
|_____subdomainA
|_____subdomainB
|_____subdomainC
|_____subdomainD
|_____subdomainE
New environment:
Root domain
|_____subdomainA
In the current world, there are Dom admins in each subdomain.
When moving to the new world, we don't want them to have domain admin privileges to the entire subdomainA, since this would mean they have a larger footprint than what they currently have, due to the fact that the other subdomains will be consolidated into the new domain as well.
https://www.experts-exchange.com/questions/27296228/replication-DCs.html
Thanks
Mike