Solved

AD Healthcheck tools

Posted on 2013-01-29
7
416 Views
Last Modified: 2013-02-12
Are there any tools you'd recommend for an IT Healthcheck/Audit of Active Directory, above and beyond the AD best practices analyzer. If so can you list the tools and what kinds of risks/misconfigurations they are looking for?

Also can you give me an idea on the cruical health metrics and audit checks youd recommend for a good audit of AD? based on previous audits or healthchecks youve been subject too?
0
Comment
Question by:pma111
7 Comments
 

Expert Comment

by:xpert_ali
ID: 38830829
0
 
LVL 3

Author Comment

by:pma111
ID: 38830866
An IT audit is not the same as a tool that creates audit logs of changes made to AD. An IT audit is similar to a risk assessment/best practice alignment/evaluation
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 38831014
You can use a lot of Microsoft's tools

repadmin/dcdiag/AD replication status tool/event logs/dfsrdiag

If you have a contract with Microsoft you can ask them to come in and run an "ADRAP"  It is a custom tool they use to asses the health of AD and they give you a nice report.   ADRAP is not available to the public.

Thanks

Mike
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Author Comment

by:pma111
ID: 38831026
Hi Mike,

Any idea on the ADBPA - can you give a flavour of the types of issue its checking compliance against, perhaps with a few examples of the higher risk checks it performs?
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 167 total points
ID: 38832605
You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here

As far as audit is concerned there are different practices followed by organisations depending upon business requirements which are defined by internal IT security & compliance team
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 38833184
Did you already try MBSA (Microsoft freeware)? http://www.microsoft.com/en-us/download/details.aspx?id=7558
Also remember the rule of thumb: Left with default settings, the server is secure (and I mean it). So whenever you change something to non-defaults, you would have to know exactly...
-what security trade off that implies (if any)
-if that security trade off applies to your software environment
-...and if it applied, what consequences this would have and if there are ways to mitigate it.
0
 
LVL 3

Author Comment

by:pma111
ID: 38840057
>You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here



I am aware. However, if you are looking at RISKS, then a risk assessment needs to look at far more than just security compliance. Security is just one metric in my opinion. There are many issues above and beyond security that can affect the smooth running of an AD, hence just focusing purely on security seems naive and pretty stupid in my opinion.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question