Skip to main content
Checklist of Active Directory tasks

- Verify that all domain controllers are communicating with the central monitoring console or collector.
- View and examine all new alerts on each domain controller, resolving them in a timely fashion.
- Resolve alerts indicating the following services are not running: FRS, Net Logon, KDC, W32Time, ISMSERV. MOM reports these as Active Directory Essential Services.
- Resolve alerts indicating SYSVOL is not shared.
- Resolve alerts indicating that the domain controller is not advertising itself.
- Resolve alerts indicating time synchronization problems.
- Resolve all other alerts in order of severity. If alerts are given error, warning, and information status similar to the event log, resolve alerts marked error first.
- Identify a site that has no global catalog server.
- Review the Time Synchronization Report to detect intermittent problems and resolve time-related alerts.
- Review the Authentication Report to help resolve problems generated by computer accounts with expired passwords.
- Review the Duplicate Service Principal Name Report to list all security principals that have a service principal name conflict.
- Review a report of the top alerts generated by the Active Directory monitoring indicators and resolve those items that occur most frequently.
- Review the report that lists all trust relationships in the forest and check for obsolete, unintended, or broken trusts.
- Verify that all domain controllers are running with the same service pack and hot fix patches.
- Review all Active Directory reports and adjust thresholds as needed. Examine each report and determine which reports, data, and alerts are important for your environment and service level agreement.
- Review the Replication Monitoring Report to verify that replication throughout the forest occurs within acceptable limits
- Review the Active Directory response time reports.
- Review the domain controller disk space reports.
- Review all performance related reports. These reports are called Health Monitoring reports in MOM.
- Review all performance related reports for capacity planning purposes to ensure that you have enough capacity for current and expected growth. These reports are called Health Monitoring reports in MOM.
- Adjust performance counter thresholds or disable rules that are not applicable to your environment or that generate irrelevant alerts.
- Identify the global catalog servers in a site.
- Back up Active Directory and associated components.
- Perform a non-authoritative restore.
- Perform an authoritative restore of a subtree or leaf object.
- Perform an authoritative restore of the entire directory.
- Recover a domain controller through reinstallation.
- Restore a domain controller through reinstallation and subsequent restore from backup.
- Prepare for Active Directory Installation.
- Install Active Directory.
- Perform Active Directory post-installation tasks.
- Decommission a domain controller.
- Identify the current configuration of a domain controller.
- Rename a domain controller.
- Restore the original configuration of a domain controller.
- Add the global catalog to a domain controller and verify global catalog readiness.
- Remove the global catalog from a domain controller.
- Designate operations master roles.
- Reduce the workload on a PDC emulator.
- Decommission an operations master role holder.
- Seize operations master roles.
- Choose a standby operations master.
- Relocate directory database files.
- Return unused disk space from the directory database to the file system.
- Speed removal of an expired-tombstone backlog.
- Change the space allocated to the Staging Area folder.
- Relocate the Staging Area folder.
- Move SYSVOL by using the Active Directory Installation Wizard.
- Move SYSVOL manually.
- Update the SYSVOL path.
- Restore and rebuild SYSVOL.
- Configure a time source for the forest.
- Configure a reliable time source on a computer other than the PDC emulator.
- Configure a client to request time from a specific time source.
- Optimize the polling interval.
- Disable the Windows Time Service.
- Prepare a domain controller for long disconnection.
- Reconnect a long-disconnected domain controller.
- Remove lingering objects from an outdated writable domain controller.
- Remove lingering objects from a global catalog server.
- Create an external trust.
- Create a shortcut trust.
- Remove a manually created trust.
- Prevent unauthorized privilege escalation.
- Add a new site.
- Add a subnet to the network.
- Link sites for replication.
- Change site link properties.
- Move a domain controller to a different site.
- Remove a site.

Comments
Post a comment