Well I have spent the past two days with a Microsoft PFE (Premier Field Engineer) who has been doing a quick health check for issues in our domain.
This does not replace an Active Directory Risk Assessment Process (ADRAP) - but was a highly informative and educating session.
- Perform a detailed analysis of an organization‘s Active Directory environment.
- Review Active Directory configuration.
- Improve availability by eliminating single points of failure and by verifying that fault tolerant designs are in place.
- Improve Active Directory performance.
- Reduce service outages and subsequent downtime by identifying current or imminent issues.
- Impart knowledge and skills to administer, manage, and troubleshoot Active Directory.
- Provide tools and methodologies that will enable customers to identify existing problems.
So I have spent the past two days deep-diving into my forest.
- DNS (nltest, dcdiag, dfsutil)
- DNS architecture improvements
- Site Links redesign
- Schema (Active Directory Schema Analyzer)
- Replication (Sonar, Ultrasound)
- Advanced Active Directory Troubleshooting
- Group Policy (gpotool, AGPM)
It was a fun two days, tons of stuff I have learned, and points taken for fixing and improvement. It is always a pleasure to work with such knowledgeable people - and our PFE is highly qualified and skilled.