none
Active Directory Day to Day Activites

    Question

  • Hi

    We have 60 plus domain controllers globally.please let me the day to day activites in Active directory services.

    kindly advise the suggestion.

    DC:2008

    Sunday, May 13, 2012 7:19 AM

Answers

  • Hello,

    I would recommend using Microsoft System Center Operation Manager for monitoring your DCs.

    You will have a centralized monitoring solution and you will be able to see what to monitor exactly.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Sunday, May 13, 2012 8:18 PM
  • You can also use "Reliability Workbook for Active Directory Domain Services" for this purpose. In this document, you can find that many actions should be done through System Center Operations Manager. Use the following link to download this great document.

    http://www.microsoft.com/en-us/download/details.aspx?id=11789


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Monday, May 14, 2012 4:30 AM
  • When you said, you want to monitor day to day activities or you are talking about real time monitoring or offline? There is product from Quest to monitor AD called Spotlight and its benefit is it can be integrated with SCOM. SCOM requires agent to be installed on the each devices which can be monitored and installation of the agent can be automated within SCOM. Apart from the AD and MS, you can monitor network devices. SCOM uses MP(management pack) which can be configured based on your environment threshold.

    http://www.quest.com/spotlight-on-active-directory-pack/



    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, May 14, 2012 5:10 AM

All replies

  • Hi,

    Complete monitoring of AD is explained at http://technet.microsoft.com/en-us/library/bb727046.aspx 


    Regards, Mohan R Sr. Administrator - Server Support

    Sunday, May 13, 2012 7:39 AM
  • Hello,

    I would recommend using Microsoft System Center Operation Manager for monitoring your DCs.

    You will have a centralized monitoring solution and you will be able to see what to monitor exactly.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Sunday, May 13, 2012 8:18 PM
  • I agree with Mr X, SCOM is the best tool for all Microsoft products( Server OS Monitoring , AD and Exchange etc.)

    Regards, Ravikumar P

    Monday, May 14, 2012 2:54 AM
  • You can also use "Reliability Workbook for Active Directory Domain Services" for this purpose. In this document, you can find that many actions should be done through System Center Operations Manager. Use the following link to download this great document.

    http://www.microsoft.com/en-us/download/details.aspx?id=11789


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Monday, May 14, 2012 4:30 AM
  • When you said, you want to monitor day to day activities or you are talking about real time monitoring or offline? There is product from Quest to monitor AD called Spotlight and its benefit is it can be integrated with SCOM. SCOM requires agent to be installed on the each devices which can be monitored and installation of the agent can be automated within SCOM. Apart from the AD and MS, you can monitor network devices. SCOM uses MP(management pack) which can be configured based on your environment threshold.

    http://www.quest.com/spotlight-on-active-directory-pack/



    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, May 14, 2012 5:10 AM
  • Hi

    We have 60 plus domain controllers globally.please let me the day to day activites in Active directory services.

    kindly advise the suggestion.

    DC:2008

    Hello mcsebala,

     I really dont understand your question properly..However from your post I presume that you are trying to monitor day to day activities of your AD. If this is the case then you can use monitoring tools as suggested by others.

    Popular monitoring tools available are,

    1.SCOM

    2. BMC Patrol

     Using this montioring tool you can monitor helath of AD, DNS, AD FSMO roles,Replication Trust, LDAP,Address book Etc

    Below is the link which explains you about SCOM

    http://www.windowsnetworking.com/articles_tutorials/Introduction-System-Center-Operations-Manager-2012-Part1.html

    http://www.windowsnetworking.com/articles_tutorials/Introduction-System-Center-Operations-Manager-2012-Part6.html

     For BMC Patrol you can easliy find the PDF Explaining about monitoring of AD . ( Just put BMC Patol monitoring AD)

    Apart for this you can enable Auditing in AD to get the informations like account logon and logoff's , Auditing object access,Auditing policy changes etc

    Please refer below link to understand this better

    http://www.windowsecurity.com/articles/windows-active-directory-auditing.html

    Do let us know if you have any other question on this

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, May 14, 2012 5:14 AM
  • Hello,

    i agree wiht the others about monitoring tools and software.

    But what exactly are your day to day activities you are talking about? If you don't mean monitoring then you may be talk about using the support tools? Then see the following ones and use the output files for better overviews.

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2]
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Monday, May 14, 2012 7:44 AM
  • Hi

    You can monitor the AD replication using the repadmin tool - http://www.windowstricks.in/2010/03/health-check-active-directory.html

    dcdiag - check the Domain Controller health - need to run on each DC

    Netdiag - Check the network health - need to run on each DC

    Regards

    Ganesh

    www.windowstricks.in


    Regards www.windowstricks.in

    Monday, May 14, 2012 7:59 AM