Skip to main content

Checklist of Active Directory tasks

  • Verify that all domain controllers are communicating with the central monitoring console or collector.
  • View and examine all new alerts on each domain controller, resolving them in a timely fashion.
  • Resolve alerts indicating the following services are not running: FRS, Net Logon, KDC, W32Time, ISMSERV. MOM reports these as Active Directory Essential Services.
  • Resolve alerts indicating SYSVOL is not shared.
  • Resolve alerts indicating that the domain controller is not advertising itself.
  • Resolve alerts indicating time synchronization problems.
  • Resolve all other alerts in order of severity. If alerts are given error, warning, and information status similar to the event log, resolve alerts marked error first.
  • Identify a site that has no global catalog server.
  • Review the Time Synchronization Report to detect intermittent problems and resolve time-related alerts.
  • Review the Authentication Report to help resolve problems generated by computer accounts with expired passwords.
  • Review the Duplicate Service Principal Name Report to list all security principals that have a service principal name conflict.
  • Review a report of the top alerts generated by the Active Directory monitoring indicators and resolve those items that occur most frequently.
  • Review the report that lists all trust relationships in the forest and check for obsolete, unintended, or broken trusts.
  • Verify that all domain controllers are running with the same service pack and hot fix patches.
  • Review all Active Directory reports and adjust thresholds as needed. Examine each report and determine which reports, data, and alerts are important for your environment and service level agreement.
  • Review the Replication Monitoring Report to verify that replication throughout the forest occurs within acceptable limits
  • Review the Active Directory response time reports.
  • Review the domain controller disk space reports.
  • Review all performance related reports. These reports are called Health Monitoring reports in MOM.
  • Review all performance related reports for capacity planning purposes to ensure that you have enough capacity for current and expected growth. These reports are called Health Monitoring reports in MOM.
  • Adjust performance counter thresholds or disable rules that are not applicable to your environment or that generate irrelevant alerts.
  • Identify the global catalog servers in a site.
  • Back up Active Directory and associated components.
  • Perform a non-authoritative restore.
  • Perform an authoritative restore of a subtree or leaf object.
  • Perform an authoritative restore of the entire directory.
  • Recover a domain controller through reinstallation.
  • Restore a domain controller through reinstallation and subsequent restore from backup.
  • Prepare for Active Directory Installation.
  • Install Active Directory.
  • Perform Active Directory post-installation tasks.
  • Decommission a domain controller.
  • Identify the current configuration of a domain controller.
  • Rename a domain controller.
  • Restore the original configuration of a domain controller.
  • Add the global catalog to a domain controller and verify global catalog readiness.
  • Remove the global catalog from a domain controller.
  • Designate operations master roles.
  • Reduce the workload on a PDC emulator.
  • Decommission an operations master role holder.
  • Seize operations master roles.
  • Choose a standby operations master.
  • Relocate directory database files.
  • Return unused disk space from the directory database to the file system.
  • Speed removal of an expired-tombstone backlog.
  • Change the space allocated to the Staging Area folder.
  • Relocate the Staging Area folder.
  • Move SYSVOL by using the Active Directory Installation Wizard.
  • Move SYSVOL manually.
  • Update the SYSVOL path.
  • Restore and rebuild SYSVOL.
  • Configure a time source for the forest.
  • Configure a reliable time source on a computer other than the PDC emulator.
  • Configure a client to request time from a specific time source.
  • Optimize the polling interval.
  • Disable the Windows Time Service.
  • Prepare a domain controller for long disconnection.
  • Reconnect a long-disconnected domain controller.
  • Remove lingering objects from an outdated writable domain controller.
  • Remove lingering objects from a global catalog server.
  • Create an external trust.
  • Create a shortcut trust.
  • Remove a manually created trust.
  • Prevent unauthorized privilege escalation.
  • Add a new site.
  • Add a subnet to the network.
  • Link sites for replication.
  • Change site link properties.
  • Move a domain controller to a different site.
  • Remove a site.
https://www.linkedin.com/pulse/my-top-10-posts-pulse-ronald-bartels/

Labels:

Comments

Post a Comment

Popular posts from this blog

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall
Post a Comment
Read more

No Scrubs: The Architecture That Made Unmetered Mitigation Possible

When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach. Read the post of at Cloudflare's blog: N o Scrubs: The Architecture That Made Unmetered Mitigation Possible
Post a Comment
Read more

Should You Buy A UniFi Dream Machine, USG, USG Pro, or Dream Machine Pro?

 
Post a Comment
Read more