Checklist of Active Directory tasks

  • Verify that all domain controllers are communicating with the central monitoring console or collector.
  • View and examine all new alerts on each domain controller, resolving them in a timely fashion.
  • Resolve alerts indicating the following services are not running: FRS, Net Logon, KDC, W32Time, ISMSERV. MOM reports these as Active Directory Essential Services.
  • Resolve alerts indicating SYSVOL is not shared.
  • Resolve alerts indicating that the domain controller is not advertising itself.
  • Resolve alerts indicating time synchronization problems.
  • Resolve all other alerts in order of severity. If alerts are given error, warning, and information status similar to the event log, resolve alerts marked error first.
  • Identify a site that has no global catalog server.
  • Review the Time Synchronization Report to detect intermittent problems and resolve time-related alerts.
  • Review the Authentication Report to help resolve problems generated by computer accounts with expired passwords.
  • Review the Duplicate Service Principal Name Report to list all security principals that have a service principal name conflict.
  • Review a report of the top alerts generated by the Active Directory monitoring indicators and resolve those items that occur most frequently.
  • Review the report that lists all trust relationships in the forest and check for obsolete, unintended, or broken trusts.
  • Verify that all domain controllers are running with the same service pack and hot fix patches.
  • Review all Active Directory reports and adjust thresholds as needed. Examine each report and determine which reports, data, and alerts are important for your environment and service level agreement.
  • Review the Replication Monitoring Report to verify that replication throughout the forest occurs within acceptable limits
  • Review the Active Directory response time reports.
  • Review the domain controller disk space reports.
  • Review all performance related reports. These reports are called Health Monitoring reports in MOM.
  • Review all performance related reports for capacity planning purposes to ensure that you have enough capacity for current and expected growth. These reports are called Health Monitoring reports in MOM.
  • Adjust performance counter thresholds or disable rules that are not applicable to your environment or that generate irrelevant alerts.
  • Identify the global catalog servers in a site.
  • Back up Active Directory and associated components.
  • Perform a non-authoritative restore.
  • Perform an authoritative restore of a subtree or leaf object.
  • Perform an authoritative restore of the entire directory.
  • Recover a domain controller through reinstallation.
  • Restore a domain controller through reinstallation and subsequent restore from backup.
  • Prepare for Active Directory Installation.
  • Install Active Directory.
  • Perform Active Directory post-installation tasks.
  • Decommission a domain controller.
  • Identify the current configuration of a domain controller.
  • Rename a domain controller.
  • Restore the original configuration of a domain controller.
  • Add the global catalog to a domain controller and verify global catalog readiness.
  • Remove the global catalog from a domain controller.
  • Designate operations master roles.
  • Reduce the workload on a PDC emulator.
  • Decommission an operations master role holder.
  • Seize operations master roles.
  • Choose a standby operations master.
  • Relocate directory database files.
  • Return unused disk space from the directory database to the file system.
  • Speed removal of an expired-tombstone backlog.
  • Change the space allocated to the Staging Area folder.
  • Relocate the Staging Area folder.
  • Move SYSVOL by using the Active Directory Installation Wizard.
  • Move SYSVOL manually.
  • Update the SYSVOL path.
  • Restore and rebuild SYSVOL.
  • Configure a time source for the forest.
  • Configure a reliable time source on a computer other than the PDC emulator.
  • Configure a client to request time from a specific time source.
  • Optimize the polling interval.
  • Disable the Windows Time Service.
  • Prepare a domain controller for long disconnection.
  • Reconnect a long-disconnected domain controller.
  • Remove lingering objects from an outdated writable domain controller.
  • Remove lingering objects from a global catalog server.
  • Create an external trust.
  • Create a shortcut trust.
  • Remove a manually created trust.
  • Prevent unauthorized privilege escalation.
  • Add a new site.
  • Add a subnet to the network.
  • Link sites for replication.
  • Change site link properties.
  • Move a domain controller to a different site.
  • Remove a site.
https://www.linkedin.com/pulse/my-top-10-posts-pulse-ronald-bartels/

Comments