2885 Sanford Ave SW #35320 Grandville MI 49418, USA
Support@ITDynamicPacks.Net Info@ITDynamicPacks.Net

Perform Complete Active Directory Health Check – Part I

5  Dec  

How to perform a "Complete" Active Directory Health Check using Active Directory Dynamic Packs - Part I

DynamicPacks Health Profiler can do a complete health check of Active Directory, Hyper-V, Exchange Server, SQL Server, Windows Servers, and Azure Resources. This article explains how you can use Active Directory Dynamic Packs to perform a complete health check of an Active Directory forest.

In the Part I of this article series, I will explain following topics:

  • Discovering Active Directory Forest
  • Creating Health Profile
  • Adding "Active Directory" Dynamic Packs to the Health Profile.
  • Configuring Active Directory Dynamic Packs.
  • Adding credential support before executing the Health Profile.
  • Executing Health Profile or individual Dynamic Packs.

Most of the tools that we have seen so far do not allow you to add custom health checks. These tools also fail to address performing health checks for multiple Active Directory forests.

DynamicPacks Health Profiler is a dynamic product. It allows you to add custom Dynamic Packs designed using PowerShell cmdlets for target systems and also help you perform Active Directory/domain controller health check for multiple Active Directory forests.

Active Directory Dynamic Packs that ship with DynamicPacks Health Profiler can also be used to perform a complete health check for Active Directory running on Windows Server 2016

A Dynamic Pack consists of PowerShell cmdlets. DynamicPacks Health Profiler ships with 20 pre-defined "Active Directory" Dynamic Packs. You can use all of the Active Directory Dynamic Packs in a Health Profile which, in turn, helps in getting overall status of your Active Directory environment and detailed report in a nice HTML report. See sample HTML report here.

Step 1: Discover Active Directory Forest

Before you start make sure to discover your Active Directory environment by navigating to "Active Directory Configuration" tab as shown in the screenshot below:

Discover Active Directory Forest using DynamicPacks Health Profiler

All you need to do is provide Active Directory Forest name in "Active Directory Forest" text box and then click on the "Start Discovery" button. DynamicPacks Health Profiler will connect to Active Directory Forest and collect necessary information such as Active Directory domains, Active Directory Sites, and Active Directory domain controllers.

Step 2: Create a Health Profile

Next, you need to create a Health Profile. To create a Health Profile in DynamicPacks Health Profiler, click on the "Create Health Profile" button, give Health Profile a name and then click on the "Add Profile" button as shown in the screenshot below:

Create a New Health Profile in DynamicPacks Health Profiler

Once Health Profile is created, it will be available in the list of Health Profiles DynamicPacks Health Profiler manages as shown in the screenshot below:

Health Profiles managed by DynamicPacks Health Profiler

Step 3: Add Dynamic Packs to Health Profile

Next step is to add Dynamic Packs to the Health Profile you just created. DynamicPacks Health Profiler ships with "Active Directory Dynamic Packs". To add Active Directory Dynamic Packs to the Health Profile, navigate to "Add/Remove Dynamic Packs" tab, and then select the Health Profile (AD Health Check Forest - ABC.COM in this example).

When you click on a Health Profile, it will show the list of Dynamic Packs that have been added to the Health Profile as shown in the red circle of the below screenshot:

Add Dynamic Packs to a Health Profile

In the "Add/Remove Dynamic Packs" tab, you need to select the Dynamic Packs from "Available Dynamic Packs" pane and then click on the "Add Packs" button to add Dynamic Packs to selected Health Profile.

Since we have created a Health Profile to perform a complete health check of "ABC.COM" Active Directory forest, we will expand "Domain", Site", "Domain Controller" and "Forest" categories and then select all or required Dynamic Packs and add to the Health Profile.

When you click on the "Add Packs", you will be presented with a confirmation dialogue box as shown in the screenshot below:

Add Dynamic Packs to a Health Profile Confirmation

Click "Yes" to add selected Dynamic Packs to the Health Profile. You can see the list of Dynamic Packs that you have just added to the Health Profile by expanding the Health Profile in the "Health Profiles" tree as shown in the screenshot below:

List of Active Directory Dynamic Packs in a Health Profile

Step 4: Configure Active Directory Dynamic Packs

Your next step is to configure Active Directory Dynamic Packs that you have just added to the Health Profile.

DynamicPacks Health Profiler populates configuration information for Dynamic Packs automatically when you add Dynamic Packs to a Health Profile. For example, for Dynamic Pack "Get Active Directory Domain FSMO", it configures the list of domains in the Dynamic Pack configuration as shown in the screenshot below:

Configure Dynamic Pack - Get Active Directory Domain FSMO

However, a few of the Active Directory Dynamic Packs require configuration. For example, to get the Active Directory security group membership, you must add required security groups in the "Get Active Directory Domain Security Groups Membership" Dynamic Pack configuration as shown in the screenshot below:

Configure Dynamic Pack - Get Active Directory Security Groups Membership

As you can see in the screenshot above, by default DynamicPacks Health Profiler adds "Domain Admins", "Enterprise Admins", "Server Operators", and "Schema Admins" security groups. In case you need to add more Active Directory Security Groups, just enter the name of the security group. Once you're done entering required security groups, click on the "Save" button to save Dynamic Pack configuration.

It is recommended that you check all of the Active Directory Dynamic Packs that require some sort of configuration.

Once you're done configuring Active Directory Dynamic Packs, proceed to next step.

Step 5: Add Active Directory Credentials

By default, DynamicPacks Health Profiler executes a Health Profile under "Locally Logged On Credentials". In case you need to execute a Health Profile or a Dynamic Pack (remember that you can also execute a Dynamic Pack individually) under different set of credentials, let DynamicPacks Health Profiler know about it.

DynamicPacks Health Profiler supports adding credentials for allowing execution of Health Profiles or Dynamic Packs under different set of credentials. To add credential, click on "Add Credentials" button as shown in the screenshot below:

Add credential in DynamicPacks Health Profiler to execute Health Profiles or Dynamic Packs under different credentials

When you click on the "Add Credentials", you will be asked to provide username and password.

You can add unlimited credentials in DynamicPacks Health Profiler.

Step 6Ready to execute Health Profile or Dynamic Pack

DynamicPacks Health Profiler allows you to execute individual Dynamic Packs apart from executing a Health Profile.

When you execute a Health Profile, all Dynamic Packs that are part of the Health Profile will also be executed.

Before you execute a Health Profile or Dynamic Pack, select the credential under which you would want to start the execution.

Skip below steps if you need to execute Health Profile under locally logged on credentials.

To execute a Health Profile, follow these steps:

    1. Select a Health Profile you want to execute by navigating to Health Profiles Tree.
    2. Next, select the credential under which you want to execute the Health Profile as shown in the screenshot below.

Selecting Credential before executing a Health Profile - Active Directory, Hyper-V, Windows Servers, Azure, Azure Resource Explorer

3. Finally right click on the Health Profile and then click on the "Execute" button as shown in the screenshot below:

Executing a Health Profile in DynamicPacks Health Profiler - Active Directory, Hyper-V, Windows Servers, Azure Resource Explorer, Azure, Public Cloud

In case you need to execute individual Dynamic Packs, expand Health Profile, right click on the Dynamic Pack and then click on the "Execute" action as shown in the screenshot below:

Executing Individual Dynamic Pack - Hyper-V, Azure Resource Explorer

Executing individual Dynamic Packs is sometimes beneficial. For example, execute "Get Active Directory Forest Replication Status - Domain Controllers" Dynamic Pack to get replication status of an Active Directory Forest and so on.

Let me write part II of this article series. I will explain following topics in Part II:

  • Executing and Checking Health Profile status
  • Generating Report
  • Generating Treeview and Grid view data
  • Working with Dynamic Pack data
  • How to create and apply a Health Set to maintain health of Active Directory environment

***

Recommend DynamicPacks Health Profiler