Solved

AD Healthcheck tools

Posted on 2013-01-29
7
420 Views
Last Modified: 2013-02-12
Are there any tools you'd recommend for an IT Healthcheck/Audit of Active Directory, above and beyond the AD best practices analyzer. If so can you list the tools and what kinds of risks/misconfigurations they are looking for?

Also can you give me an idea on the cruical health metrics and audit checks youd recommend for a good audit of AD? based on previous audits or healthchecks youve been subject too?
0
Comment
Question by:pma111
7 Comments
 

Expert Comment

by:xpert_ali
ID: 38830829
0
 
LVL 3

Author Comment

by:pma111
ID: 38830866
An IT audit is not the same as a tool that creates audit logs of changes made to AD. An IT audit is similar to a risk assessment/best practice alignment/evaluation
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 38831014
You can use a lot of Microsoft's tools

repadmin/dcdiag/AD replication status tool/event logs/dfsrdiag

If you have a contract with Microsoft you can ask them to come in and run an "ADRAP"  It is a custom tool they use to asses the health of AD and they give you a nice report.   ADRAP is not available to the public.

Thanks

Mike
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 3

Author Comment

by:pma111
ID: 38831026
Hi Mike,

Any idea on the ADBPA - can you give a flavour of the types of issue its checking compliance against, perhaps with a few examples of the higher risk checks it performs?
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 167 total points
ID: 38832605
You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here

As far as audit is concerned there are different practices followed by organisations depending upon business requirements which are defined by internal IT security & compliance team
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 166 total points
ID: 38833184
Did you already try MBSA (Microsoft freeware)? http://www.microsoft.com/en-us/download/details.aspx?id=7558
Also remember the rule of thumb: Left with default settings, the server is secure (and I mean it). So whenever you change something to non-defaults, you would have to know exactly...
-what security trade off that implies (if any)
-if that security trade off applies to your software environment
-...and if it applied, what consequences this would have and if there are ways to mitigate it.
0
 
LVL 3

Author Comment

by:pma111
ID: 38840057
>You need to understand first that health checks and security compliance are two different concepts or requirement
There are different tools for monitoring different processes for eg. Replication monitoring tool used for monitoring replication status which can be found here



I am aware. However, if you are looking at RISKS, then a risk assessment needs to look at far more than just security compliance. Security is just one metric in my opinion. There are many issues above and beyond security that can affect the smooth running of an AD, hence just focusing purely on security seems naive and pretty stupid in my opinion.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question