Top 5 Free Microsoft Tools for Active Directory Health How to evaluate the health of an Active Directory implementation with instrumentation built right into the platform. • By Gary Olsen • Active Directory health assessment is a challenge, especially for small and midsize companies that can't afford a full-time Active Directory admin or costly third-party tools. The first indication that Active Directory isn't healthy is when a flood of calls comes to the help desk indicating a potential crisis is brewing. Fortunately, Active Directory is amazingly self-healing, and can run even when it isn't 100 percent healthy. Unfortunately, this usually aids in hiding problems that should be fixed by IT staff who are busy putting out other fires. I recall a number of years ago when I was contacted by a staffer who said a domain controller wasn't replicating. Upon examination of the logs, I discovered that this DC hadn't replicated for three years.
Here are five basic tools that can be used to provide a quick Active Directory health assessment. All of them are free and relatively easy to use. Active Directory Best Practices Analyzer With the Active Directory Best Practices Analyzer (ADBPA) tool provided by Microsoft in Windows Server 2008 R2, it seemed that Microsoft was going to unlock the treasure chest of health secrets for Active Directory. After all, the Exchange Best Practices Analyzer (ExBPA) is well-known and well-used among admins, myself included. I was expecting detailed reporting and a very thorough analysis of Active Directory best practices that would translate into a good troubleshooting tool like ExBPA.
ADBPA falls short of the mark, at least for troubleshooting, but it does offer some good value. ADBPA appears under the Active Directory Domain Services role in Server Manager, as shown in Figure 1.
[Click on image for larger view.] Figure 1. The Active Directory Domain Services role in Server Manager provides recommended configurations, task best practices and online resources.
Note that you can click on each entry and get a description below the listing. This example shows all green checks indicating the DC is compliant with the ADBP listing. It will show errors and warnings as well. It checks to ensure all primary DCs are configured to a valid time source; all domains have two functioning DCs; all organizational units (OUs) are protected from accidental deletion; when last backups were executed; DNS is configured correctly; and file replication service (FRS) replication and Group Policy replication are working.
ADBPA is a good place to start as an overview, but details are obviously lacking. For instance, it doesn't display information about Active Directory replication or if any DCs haven't replicated over a period of time (like tombstone lifetime). While it indicates if DNS is working to allow clients to connect, there's nothing to indicate which DNS server might be incorrectly configured. MPS Reports In the early days of Windows 2000, Microsoft released the Microsoft Product Support (MPS) Reports diagnostic script first to Microsoft partners, then later to the general public.
Receipt, analysis and monitoring of corrective tenders, targeting the most agile and economical maintenance service and control of the vehicle fleet of your company. Global Fleet will always have a consultant ready for service, providing a safe and responsive tracking and control of the vehicle fleet of your company. The following is the state of the global fleet market report, by global region, based on presentations given at the GFS Conference, and also includes additional input from global fleet management companies ALD Automotive, Wheels, and FleetPartners, who shared their insights about the global fleet market with Automotive.
I've utilized MPS Reports for many years, and it's a cornerstone in any Active Directory health assessment or troubleshooting effort. It's a free download from bit.ly/LGivyL.
Simply select the x86 or x64 version for the system you're running it on and save the MPSReports.exe to a computer. When you run the MPSReports.exe, the dialog shown in Figure 2 will appear. Note that MPS Reports requires admin privileges to gather the correct information, and requires the following components as prerequisites: the Microsoft.NET Framework 2, Windows PowerShell 1.0, Windows Installer 3.1 and Microsoft Core XML Services 6.0. [Click on image for larger view.] Figure 2. This dialog box lets the administrator select which computer is experiencing a problem. Note that the dialog seems to indicate you can install MPS Reports on another computer -- but actually this is just a handy way to find the.NET Framework and Windows PowerShell components, save them on the current computer and copy them to a Windows Server 2003, Windows XP or Windows Vista machine. The MPSReports.exe must be copied and run locally on each computer that it will be used on.
Figure 3 shows the menu of diagnostics to be run. Previously, there were several versions of MPS Reports, for Networking, SQL, Exchange, Active Directory and more. Now it's all one package and you choose what you need to run. For Active Directory issues, I'd recommend checking General, Internet and Networking, Business Networks, Server Components and Exchange Servers (if Exchange is involved). [Click on image for larger view.] Figure 3.
Global Fleet Control v40 free download, review. Modular PC-Software package for planning and controlling of arbitrary sea routes with integrated calculation of time. ARI is a Global Fleet Management Services Company. We are the world's largest privately held fleet management company, providing fleet operations management consulting.
Administrators can select which diagnostics to run or they can select a separate configuration file. Clicking on 'Link to more info' will display the files collected so you know what MPS Reports is gathering.
This is helpful not only for security but for troubleshooting, so you know what will be collected. Click 'Next' to begin collecting diagnostic data. This will take a while. The value of MPS Reports is that it runs a bunch of command-line tools and produces the results in a simple, easy-to-find file. Besides the tools I'm discussing in this article, there are many command-line tools that gather invaluable data.
MPS Reports gathers it so you don't have to type and file data. For instance, MPS Reports collects Event Logs in TXT, ECTX and CSV formats. My favorite is the CSV format. In Excel, it's easy to search and sort to find error text, error-level events, event IDs and so forth.
Along with the TXT version, the CSV displays the description of events for apps -- so when reading it on your laptop, you can see the event description without loading the app (such as Exchange or SQL). Here's a tip: When diagnosing multiple servers or DCs, make a single Excel file and include the worksheet from MPS Reports for each machine in that file. It makes finding them a lot easier. If you open separate Excel files from the same instance of Excel, you can copy worksheets between the files.
Right-click on the tab and select 'Move or Copy.' In the Move or Copy dialog, in the dropdown list To Book: select new book, check the 'Create a copy' box and hit OK.
This will open a new Excel file, to which you should copy the worksheet. Repeat for each worksheet you want to include and then save the combined file with a descriptive name. Note that this only works if you open all Excel files from the same Excel instance.
ASN Active Directory Network Manager (ADNM) is a web based application that comes in handy for administrators who want to manage multiple computers from different domains. The application provides users with two components namely Service and Client that can be installed on the same machines or different ones, monitor the processes and the devices, as well as to assign users rights. Also, with the help of ASN Active Directory Network Manager, users are able to add computers to a specified group, enable or disable computer accounts, as well as to move computers to a different domain. System requirements • Internet Information Services 6 or above • Active Directory • Limitations in the unregistered version • 14 days trial period.