Anyone who has ever worked with Microsoft’s Active Directory, either as an end user or administrator, has undoubtedly come across strangeness and unexplained occurrences. Active Directory serves many purposes: identity management, resource policy deployment, and user security management to name a few. Active Directory handles its extremely complex inter-workings in a very robust and flexible way. It is designed to resist outages and lost communication while continuing to provide services to users. While all of that is good from an availability standpoint, it also makes it easy to hide problems from its administrators.
Help Desk conversations about Active Directory can often be heard with the phrases, “I don’t know why that happened,” “That’s weird. I’ve never seen it do that before,” and “Oh well, it works now.” These conversations can lead to the realization that Active Directory isn’t totally healthy and could be performing better than it is currently. Something as simple as logging on to a workstation may generate multiple errors that aren’t visible to the end user except in the symptom of a log on delay.
The health of Active Directory can be affected in many ways. Changes to Active Directory throughout the years can add up to significant problems that seem to show up suddenly. Examples of these types of changes could be any of the following:
- Adding or removing domain controllers
- Upgrading domain controllers
- Adding or removing Exchange servers
- Adding or removing physical sites to your environment
- Extending the schema
- Unreliable communication between domain controllers
These changes, if done incorrectly, can cause multiple problems including log on issues, replication failures, DNS misconfiguration, or GPO problems to name a few.
Simple questions that you can ask yourself to determine if your Active Directory is currently not as healthy as it could be are as follows:
- Do your users complain of strange log on or authentication issues?
- Does it take an abnormally long time for users to log on to their workstations?
- Do your GPOs work sometimes and not other times?
- Do you get strange references to old domain controllers or Exchange servers that have long since been removed?
- Do you have issues resolving server’s names through DNS?
- Do your DNS servers get out of sync?
- Do DNS entries mysteriously disappear?
- And maybe most importantly, have you ever employed an admin that was given full rights to Active Directory who you later learned was not qualified?
Active Directory is integral to the IT success of just about every company. Finding issues and correcting them before they become a problem can prevent outages and future losses in revenue. Whether you are currently experiencing noticeable issues or just want a “feel good” report on the current status of your Active Directory, Zunesis can provide that peace of mind. With over 15 years supporting Microsoft Active Directory services for our customers, we have the experience and skills to get your Active Directory to a healthy state. Our proven method of using various tools to extract Active Directory information, analyze that data, and prepare and deliver a detailed report has proven very successful. Contact Zunesis today to set up an appointment to talk about your Active Directory needs.