Solved

AD Healthcheck tools

Posted on 2013-01-29
7
413 Views
Last Modified: 2013-02-12
Are there any tools you'd recommend for an IT Healthcheck/Audit of Active Directory, above and beyond the AD best practices analyzer. If so can you list the tools and what kinds of risks/misconfigurations they are looking for?

Also can you give me an idea on the cruical health metrics and audit checks youd recommend for a good audit of AD? based on previous audits or healthchecks youve been subject too?
0
Comment
Question by:pma111
7 Comments
 

Expert Comment

by:xpert_ali
ID: 38830829
0
 
LVL 3

Author Comment

by:pma111
ID: 38830866
An IT audit is not the same as a tool that creates audit logs of changes made to AD. An IT audit is similar to a risk assessment/best practice alignment/evaluation
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 38831014
You can use a lot of Microsoft's tools

repadmin/dcdiag/AD replication status tool/event logs/dfsrdiag

If you have a contract with Microsoft you can ask them to come in and run an "ADRAP"  It is a custom tool they use to asses the health of AD and they give you a nice report.   ADRAP is not available to the public.

Thanks

Mike
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Author Comment

by:pma111
ID: 38831026
Hi Mike,

Any idea on the ADBPA - can you give a flavour of the types of issue its checking compliance against, perhaps with a few examples of the higher risk checks it performs?
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 167 total points
ID: 38832605
You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here

As far as audit is concerned there are different practices followed by organisations depending upon business requirements which are defined by internal IT security & compliance team
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 38833184
Did you already try MBSA (Microsoft freeware)? http://www.microsoft.com/en-us/download/details.aspx?id=7558
Also remember the rule of thumb: Left with default settings, the server is secure (and I mean it). So whenever you change something to non-defaults, you would have to know exactly...
-what security trade off that implies (if any)
-if that security trade off applies to your software environment
-...and if it applied, what consequences this would have and if there are ways to mitigate it.
0
 
LVL 3

Author Comment

by:pma111
ID: 38840057
>You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here



I am aware. However, if you are looking at RISKS, then a risk assessment needs to look at far more than just security compliance. Security is just one metric in my opinion. There are many issues above and beyond security that can affect the smooth running of an AD, hence just focusing purely on security seems naive and pretty stupid in my opinion.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now