Active Directory Best Practices Analyzer in Windows Server 2008 R2

In this blog post we will be learning about how we can save our valuable time by scanning our Active Directory Environment using Best Practices Analyzer tool.

As we all are aware that Exchange Best Practices Analyzer tool is one of the best tool which Exchange Administrators use as and when they want to scan Exchange ORG and it is available in the market for many years now. Many improvements has been made to help Administrators Across the globe.

There are few other Best Practices tool available to scan different server, however in this article we will be focusing on Active Directory. We believe that Active Directory is one of the critical area of troubleshooting and if we follow best practices recommended by Microsoft then it can save us with unwanted downtime.

Scenario

The tool is available only with Windows Server 2008 R2 Domain Controllers. In our scenario I have only one DC for testing purpose.

DC Name :- DC1

Domain Name :- MEXCHANGETEAM.IN

To open the tool go to Server Manager as shown below.

image

Figure 1.1 : Server Manager

In Server Manager you have to go to Roles and Select Active Directory Domain Services.

image

Figure 1.2 : Active Directory Domain Services

In figure 1.2 we have to select directory domain services and then select Best Practices Analyzer. Post which select Scan This Role as shown in the screenshot. In this tool it scans the role and not the server. Since Active Directory is a Role. So we will not have an option to scan single server or single site.

Now lets start the scan and see what best practices I have missed and how to fix it.

image

Figure 2.1 : Scanning the Environment.

In the scan report there are two areas of focus.

1) Non Compliant – The result displayed here will let the Administrator know that whether the environment is Non Complaint.

2) Complaint – Good to know that the environment is complaint as per Microsoft Standards.

image

Figure 3.1 : Non Complaint and Complaint Report.

In figure 3.1 when you see there are severity and Title for the issue which is Non Complaint.

Now lets Expand Error and Warning and see what it has to say.

image

Figure 3.2 : Select and error message.

In figure 3.2 when you click on any one result you see in the right hand side the options gets highlighted. We can either select Exclude Result or Properties or Copy Result Properties.

If you have fixed the issue. Then you can select Exclude Result so that the same is not repeated.

By selecting properties you can view the result on the same window. And copying will allow you to save it in a notepad.

Now lets select Properties.

image

Figure 3.3 : Properties of Error Message which is Non Complaint.

In Figure 3.3 the property page is very clear and can help us in understanding what configuration changes is required so that we are complaint.

Now let me break this in five parts.

1) Title – Brief description.

2) Severity – Error

3) Date – When scan was performed with date and time.

4) Category – Configuration – This will help us which partition has the issue and that needs to be changed..

5) Details – Now Details can be broken down into three parts.

I ) Issue – Which will help us what is the issue and how it can impact ADDS.

II) Impact – Details report what is the impact and what known issue we may have.

III) Resolution – This one is very nice since it also helps us resolving the issue.

image

Figure 3.4 : Properties of Warning.

Figure 3.4 tells us that we should have one more domain controller in the event of failure. Best Practices.

image

Figure 3.5 : Warning for protecting Accidental deletion of OU. New feature introduced to save and protect Organization Unit.

image

Figure 3.6 : Warning to let us know that System State Backup has to be performed. Which usually Admins miss and in case of disaster its difficult to restore the deleted objects. Best Practices.

I hope this tool is helpful and a must to have with every Admins on field. This will ensure that whether the environment is Complaint or Non Complaint as per Microsoft and Industry Standards.

Happy Learning

Sunder

MSEXCHANGETEAM | Ideas That Clicks

Tagged , . Bookmark the permalink.

One Response to Active Directory Best Practices Analyzer in Windows Server 2008 R2

  1. Mackay says:

    Active Directory Management tools available here ….

    http://www.adsysnet.com/downloads.aspx