Solved

AD Healthcheck tools

Posted on 2013-01-29
7
411 Views
Last Modified: 2013-02-12
Are there any tools you'd recommend for an IT Healthcheck/Audit of Active Directory, above and beyond the AD best practices analyzer. If so can you list the tools and what kinds of risks/misconfigurations they are looking for?

Also can you give me an idea on the cruical health metrics and audit checks youd recommend for a good audit of AD? based on previous audits or healthchecks youve been subject too?
0
Comment
Question by:pma111
7 Comments
 

Expert Comment

by:xpert_ali
ID: 38830829
0
 
LVL 3

Author Comment

by:pma111
ID: 38830866
An IT audit is not the same as a tool that creates audit logs of changes made to AD. An IT audit is similar to a risk assessment/best practice alignment/evaluation
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 38831014
You can use a lot of Microsoft's tools

repadmin/dcdiag/AD replication status tool/event logs/dfsrdiag

If you have a contract with Microsoft you can ask them to come in and run an "ADRAP"  It is a custom tool they use to asses the health of AD and they give you a nice report.   ADRAP is not available to the public.

Thanks

Mike
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Author Comment

by:pma111
ID: 38831026
Hi Mike,

Any idea on the ADBPA - can you give a flavour of the types of issue its checking compliance against, perhaps with a few examples of the higher risk checks it performs?
0
 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 167 total points
ID: 38832605
You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here

As far as audit is concerned there are different practices followed by organisations depending upon business requirements which are defined by internal IT security & compliance team
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 38833184
Did you already try MBSA (Microsoft freeware)? http://www.microsoft.com/en-us/download/details.aspx?id=7558
Also remember the rule of thumb: Left with default settings, the server is secure (and I mean it). So whenever you change something to non-defaults, you would have to know exactly...
-what security trade off that implies (if any)
-if that security trade off applies to your software environment
-...and if it applied, what consequences this would have and if there are ways to mitigate it.
0
 
LVL 3

Author Comment

by:pma111
ID: 38840057
>You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here



I am aware. However, if you are looking at RISKS, then a risk assessment needs to look at far more than just security compliance. Security is just one metric in my opinion. There are many issues above and beyond security that can affect the smooth running of an AD, hence just focusing purely on security seems naive and pretty stupid in my opinion.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Resolve DNS query failed errors for Exchange
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now