Active Directory Health Check

When should I check my active directory health?

Active Directory health depends on technical, organizational, and process factors. While it is easy enough to analyze the configuration of Active Directory and conclude that it is healthy, lack of consistent approach to things, like change control, can introduce randomness to an otherwise stable environment. Ensuring Active Directory is in healthy working order can save costs and proactively identify and reduce risk.

When should I request an Active Directory Health Check?

active directory health check

Before and after an Active Directory upgrade, migration, merger or acquisition.

active directory health check

Annually or semi-annually to make sure your configuration is working well and that best practices are followed.

How is an Active Directory Health Check Performed?

Step 1: Discovery and Planning
Step 2: Key Stakeholders Interviews
Step 3: Technical Data Collection

Step 4: Data Review and Analysis
Step 5: Report Generation
Step 6: Presentation Workshop

Active Directory Health Check Deliverables

As part of an Active Directory health check, Tallan will review and provide a documented report on the following:

active directory health check

1. Active Directory Infrastructure and Configuration

  • Active Directory forests, domains, and trust relationships
  • Domain functional level, forest functional level
  • Provide recommended upgrade plan to latest levels
  • Conformity to best practices and intended purpose
  • Discovery of nested groups which are duplicating rights
  • Discovery of Security Concerns, Replication Issues, Backup Issues, etc

active directory health check

2. Domain Controllers, Numbers, and Placement Locations

  • Number and physical characteristics (virtualization)
  • DC placement and location, FSMO services placement
  • Physical security, Global catalog configuration, time hierarchy and event log review

active directory health check

3. Sites and Services Infrastructure

  • Sites mapping to physical infrastructure
  • Site link bridging configuration, preferred bridgehead configuration
  • Site link schedule, cost configuration, IP subnet definition and mapping to sites
  • Connection objects

active directory health check

4. Namespace and Name Resolution Services

  • DNS forwarders and delegation overview
  • Zone configuration, replication, security, DNS zone scavenging settings overview
  • DHCP dynamic registration of records (assumes Windows based service)
  • DHCP service identity/configuration (assumes Windows based service)

active directory health check

5. Authentication and Authorization Strategy

  • Password policy, password lockouts and expirations
  • Stale objects and passwords
  • Number of accounts with non-expiring passwords
  • Number of privileged accounts in Domain, Enterprise Admin groups
  • Delegation of authority strategy, RBAC (Role Based Access Control)

active directory health check

6. Replication Health Review

  • Directory replication / convergence, NTFRS replication, DFSR SYSVOL replication

active directory health check

7. Domain controller Antivirus, Patching, and Backup/Recovery Practices

active directory health check

8. Group Policy and OU Structure Review

active directory health check

9. AD Delegation Activities (as applicable)

  • Recommend and document policies, configuration, and management best practices for offloading AD administrative duties to non-domain administrator roles

active directory health check

10. Remediation Report

  • Summary of report and suggested “best practices”

Start your Active Directory Health Check Today

Fill out the form below to learn more!