Skip to main content

Checklist of Active Directory tasks

  • Verify that all domain controllers are communicating with the central monitoring console or collector.
  • View and examine all new alerts on each domain controller, resolving them in a timely fashion.
  • Resolve alerts indicating the following services are not running: FRS, Net Logon, KDC, W32Time, ISMSERV. MOM reports these as Active Directory Essential Services.
  • Resolve alerts indicating SYSVOL is not shared.
  • Resolve alerts indicating that the domain controller is not advertising itself.
  • Resolve alerts indicating time synchronization problems.
  • Resolve all other alerts in order of severity. If alerts are given error, warning, and information status similar to the event log, resolve alerts marked error first.
  • Identify a site that has no global catalog server.
  • Review the Time Synchronization Report to detect intermittent problems and resolve time-related alerts.
  • Review the Authentication Report to help resolve problems generated by computer accounts with expired passwords.
  • Review the Duplicate Service Principal Name Report to list all security principals that have a service principal name conflict.
  • Review a report of the top alerts generated by the Active Directory monitoring indicators and resolve those items that occur most frequently.
  • Review the report that lists all trust relationships in the forest and check for obsolete, unintended, or broken trusts.
  • Verify that all domain controllers are running with the same service pack and hot fix patches.
  • Review all Active Directory reports and adjust thresholds as needed. Examine each report and determine which reports, data, and alerts are important for your environment and service level agreement.
  • Review the Replication Monitoring Report to verify that replication throughout the forest occurs within acceptable limits
  • Review the Active Directory response time reports.
  • Review the domain controller disk space reports.
  • Review all performance related reports. These reports are called Health Monitoring reports in MOM.
  • Review all performance related reports for capacity planning purposes to ensure that you have enough capacity for current and expected growth. These reports are called Health Monitoring reports in MOM.
  • Adjust performance counter thresholds or disable rules that are not applicable to your environment or that generate irrelevant alerts.
  • Identify the global catalog servers in a site.
  • Back up Active Directory and associated components.
  • Perform a non-authoritative restore.
  • Perform an authoritative restore of a subtree or leaf object.
  • Perform an authoritative restore of the entire directory.
  • Recover a domain controller through reinstallation.
  • Restore a domain controller through reinstallation and subsequent restore from backup.
  • Prepare for Active Directory Installation.
  • Install Active Directory.
  • Perform Active Directory post-installation tasks.
  • Decommission a domain controller.
  • Identify the current configuration of a domain controller.
  • Rename a domain controller.
  • Restore the original configuration of a domain controller.
  • Add the global catalog to a domain controller and verify global catalog readiness.
  • Remove the global catalog from a domain controller.
  • Designate operations master roles.
  • Reduce the workload on a PDC emulator.
  • Decommission an operations master role holder.
  • Seize operations master roles.
  • Choose a standby operations master.
  • Relocate directory database files.
  • Return unused disk space from the directory database to the file system.
  • Speed removal of an expired-tombstone backlog.
  • Change the space allocated to the Staging Area folder.
  • Relocate the Staging Area folder.
  • Move SYSVOL by using the Active Directory Installation Wizard.
  • Move SYSVOL manually.
  • Update the SYSVOL path.
  • Restore and rebuild SYSVOL.
  • Configure a time source for the forest.
  • Configure a reliable time source on a computer other than the PDC emulator.
  • Configure a client to request time from a specific time source.
  • Optimize the polling interval.
  • Disable the Windows Time Service.
  • Prepare a domain controller for long disconnection.
  • Reconnect a long-disconnected domain controller.
  • Remove lingering objects from an outdated writable domain controller.
  • Remove lingering objects from a global catalog server.
  • Create an external trust.
  • Create a shortcut trust.
  • Remove a manually created trust.
  • Prevent unauthorized privilege escalation.
  • Add a new site.
  • Add a subnet to the network.
  • Link sites for replication.
  • Change site link properties.
  • Move a domain controller to a different site.
  • Remove a site.


Popular posts from this blog

Why Madge Networks, the token-ring company, went titsup

There I was shooting the breeze with an old mate. The conversation turned to why Madge Networks which I wrote about here went titsup. My analysis is that Madge Networks had a solution and decided to go out and find a problem. They deferred to more incorrect strategic technology choices. The truth of the matter is that when something goes titsup, its not because of one reason only, but a myriad of them all contributing to the negative consequence. There are the immediate or visual ones, which are underpinned by intermediate ones and finally after digging right down, there are the root causes. There is never a singular root cause for anything but I'll present my opinion and encourage everyone else to chip in. All of them together are more likely the reason the company went titsup. As far as technology brainfarts go there is no better example than Kodak . They invented the digital camera that killed them. However, they were so focused on milking people in their leg

Flawed "ITIL aligned"​ Incident Management

Many "ITIL aligned" service desk tools have flawed incident management. The reason is that incidents are logged with a time association and some related fields to type in some gobbledygook. The expanded incident life cycle is not enforced and as a result trending and problem management is not possible. Here is a fictitious log of an incident at PFS, a financial services company, which uses CGTSD, an “ITIL-aligned” service desk tool. Here is the log of an incident record from this system: Monday, 12 August: 09:03am (Bob, the service desk guy): Alice (customer in retail banking) phoned in. Logged an issue. Unable to assist over the phone (there goes our FCR), will escalate to second line. 09:04am (Bob, the service desk guy): Escalate the incident to Charles in second line support. 09:05am (Charles, technical support): Open incident. 09:05am (Charles, technical support): Delayed incident by 1 day. Tuesday, 13 August: 10:11am (Charles, technical support): Phoned Alice.

Updated: Articles by Ron Bartels published on iot for all

  These are articles that I published during the course of the past year on one of the popular international Internet of Things publishing sites, iot for all .  These are articles that I published during the course of the past year on one of the popular international Internet of Things publishing sites, iot for all . Improving Data Center Reliability With IoT Reliability and availability are essential to data centers. IoT can enable better issue tracking and data collection, leading to greater stability. Doing the Work Right in Data Centers With Checklists Data centers are complex. Modern economies rely upon their continuous operation. IoT solutions paired with this data center checklist can help! IoT Optimi