Giving Your Active Directory an Annual Health CheckJanuary 23, 2020
The brain, spinal cord, and nerves running throughout the human body are what make up our central nervous system. Just as the central nervous system coordinates and influences every activity of all parts of the human body, so does Active Directory with servers, objects, shared files, and other resources, as well as with securing network resources in a Microsoft Windows network. Active Directory provides a hierarchy of management elements enabling administrators to organize resources and control the users who access them as its way to accomplish its central tasks.
It is common for medical doctors to recommend an annual checkup or physical – even if you feel that you are in the best health. The purpose of these checkups is to screen for issues, assess risk of future medical problems, encourage wellness, and risk prevention. And the purpose of an Active Directory health check could be for these exact same reasons.
Screen for Issues
- Verify trust relationships
- View replication failures between domain controllers
- View queued replication events between domain controllers
- Display replication partners and results of replication events
- Provide a summary of the replication state and health of the forest
- Analyze the state of all domain controllers in the forest and report problems
Assess Risk of Future Problems
- Discuss roadmap of your environment
- If not in the Microsoft cloud, is your Exchange server the latest version?
- Meet with Active Directory stakeholders. Will the layout and design of database be affected by any projects or applications in the future?
Encourage Ongoing Wellness
- Discuss current administrative practices surrounding Active Directory. What is the process to add, change, or delete users or resources, etc.?
- Discuss and recommend monitoring strategies around Active Directory
- Discuss and recommend auditing strategies of Active Directory
- Review objects to check for stale and out-of-date resources, or illegal objects
- Validate patch levels on domain controllers
- Validate anti-virus/malware on domain controllers
- Discuss security around the database
Just like the human body, proper care can assist in the longevity of your Active Directory good health. Ideally, Active Directory architecture, design, management and operations should receive a periodic health checkup and adjustment to keep up with the changes occurring in the larger enterprise. More often than not, however, such checkups are usually reactive in response to certain events — just like getting a cold or not feeling 100%. Sometimes cause for concern can be of a business nature, while others may be related to changes in technology or products. The following are the most common drivers for Active Directory health care:
- Office 365 and Azure AD Integration
- Mergers, Acquisitions or Divestitures
- Improving compliance and reducing risk
- Software upgrades
Being proactive with the health of your Active Directory reduces risks, improves management efficiency and facilitates Active Directory integration with other identity repositories, identity governance and administration tools. For more information about how to begin your path to wellness, contact a Binary Tree Active Directory expert today.