How to perform a "Complete" Active Directory Health Check using Active Directory Dynamic Packs - Part I
DynamicPacks Health Profiler can do a complete health check of Active Directory, Hyper-V, Exchange Server, SQL Server, Windows Servers, and Azure Resources. This article explains how you can use Active Directory Dynamic Packs to perform a complete health check of an Active Directory forest.
In the Part I of this article series, I will explain following topics:
- Discovering Active Directory Forest
- Creating Health Profile
- Adding "Active Directory" Dynamic Packs to the Health Profile.
- Configuring Active Directory Dynamic Packs.
- Adding credential support before executing the Health Profile.
- Executing Health Profile or individual Dynamic Packs.
Most of the tools that we have seen so far do not allow you to add custom health checks. These tools also fail to address performing health checks for multiple Active Directory forests.
DynamicPacks Health Profiler is a dynamic product. It allows you to add custom Dynamic Packs designed using PowerShell cmdlets for target systems and also help you perform Active Directory/domain controller health check for multiple Active Directory forests.
Active Directory Dynamic Packs that ship with DynamicPacks Health Profiler can also be used to perform a complete health check for Active Directory running on Windows Server 2016.
A Dynamic Pack consists of PowerShell cmdlets. DynamicPacks Health Profiler ships with 20 pre-defined "Active Directory" Dynamic Packs. You can use all of the Active Directory Dynamic Packs in a Health Profile which, in turn, helps in getting overall status of your Active Directory environment and detailed report in a nice HTML report. See sample HTML report here.
Before you start make sure to discover your Active Directory environment by navigating to "Active Directory Configuration" tab as shown in the screenshot below:
All you need to do is provide Active Directory Forest name in "Active Directory Forest" text box and then click on the "Start Discovery" button. DynamicPacks Health Profiler will connect to Active Directory Forest and collect necessary information such as Active Directory domains, Active Directory Sites, and Active Directory domain controllers.
Next, you need to create a Health Profile. To create a Health Profile in DynamicPacks Health Profiler, click on the "Create Health Profile" button, give Health Profile a name and then click on the "Add Profile" button as shown in the screenshot below:
Once Health Profile is created, it will be available in the list of Health Profiles DynamicPacks Health Profiler manages as shown in the screenshot below:
Next step is to add Dynamic Packs to the Health Profile you just created. DynamicPacks Health Profiler ships with "Active Directory Dynamic Packs". To add Active Directory Dynamic Packs to the Health Profile, navigate to "Add/Remove Dynamic Packs" tab, and then select the Health Profile (AD Health Check Forest - ABC.COM in this example).
When you click on a Health Profile, it will show the list of Dynamic Packs that have been added to the Health Profile as shown in the red circle of the below screenshot:
In the "Add/Remove Dynamic Packs" tab, you need to select the Dynamic Packs from "Available Dynamic Packs" pane and then click on the "Add Packs" button to add Dynamic Packs to selected Health Profile.
Since we have created a Health Profile to perform a complete health check of "ABC.COM" Active Directory forest, we will expand "Domain", Site", "Domain Controller" and "Forest" categories and then select all or required Dynamic Packs and add to the Health Profile.
When you click on the "Add Packs", you will be presented with a confirmation dialogue box as shown in the screenshot below:
Click "Yes" to add selected Dynamic Packs to the Health Profile. You can see the list of Dynamic Packs that you have just added to the Health Profile by expanding the Health Profile in the "Health Profiles" tree as shown in the screenshot below:
Your next step is to configure Active Directory Dynamic Packs that you have just added to the Health Profile.
DynamicPacks Health Profiler populates configuration information for Dynamic Packs automatically when you add Dynamic Packs to a Health Profile. For example, for Dynamic Pack "Get Active Directory Domain FSMO", it configures the list of domains in the Dynamic Pack configuration as shown in the screenshot below:
However, a few of the Active Directory Dynamic Packs require configuration. For example, to get the Active Directory security group membership, you must add required security groups in the "Get Active Directory Domain Security Groups Membership" Dynamic Pack configuration as shown in the screenshot below:
As you can see in the screenshot above, by default DynamicPacks Health Profiler adds "Domain Admins", "Enterprise Admins", "Server Operators", and "Schema Admins" security groups. In case you need to add more Active Directory Security Groups, just enter the name of the security group. Once you're done entering required security groups, click on the "Save" button to save Dynamic Pack configuration.
It is recommended that you check all of the Active Directory Dynamic Packs that require some sort of configuration.
Once you're done configuring Active Directory Dynamic Packs, proceed to next step.
By default, DynamicPacks Health Profiler executes a Health Profile under "Locally Logged On Credentials". In case you need to execute a Health Profile or a Dynamic Pack (remember that you can also execute a Dynamic Pack individually) under different set of credentials, let DynamicPacks Health Profiler know about it.
DynamicPacks Health Profiler supports adding credentials for allowing execution of Health Profiles or Dynamic Packs under different set of credentials. To add credential, click on "Add Credentials" button as shown in the screenshot below:
When you click on the "Add Credentials", you will be asked to provide username and password.
You can add unlimited credentials in DynamicPacks Health Profiler.
DynamicPacks Health Profiler allows you to execute individual Dynamic Packs apart from executing a Health Profile.
When you execute a Health Profile, all Dynamic Packs that are part of the Health Profile will also be executed.
Before you execute a Health Profile or Dynamic Pack, select the credential under which you would want to start the execution.
Skip below steps if you need to execute Health Profile under locally logged on credentials.
To execute a Health Profile, follow these steps:
- Select a Health Profile you want to execute by navigating to Health Profiles Tree.
- Next, select the credential under which you want to execute the Health Profile as shown in the screenshot below.
3. Finally right click on the Health Profile and then click on the "Execute" button as shown in the screenshot below:
In case you need to execute individual Dynamic Packs, expand Health Profile, right click on the Dynamic Pack and then click on the "Execute" action as shown in the screenshot below:
Executing individual Dynamic Packs is sometimes beneficial. For example, execute "Get Active Directory Forest Replication Status - Domain Controllers" Dynamic Pack to get replication status of an Active Directory Forest and so on.
Let me write part II of this article series. I will explain following topics in Part II:
- Executing and Checking Health Profile status
- Generating Report
- Generating Treeview and Grid view data
- Working with Dynamic Pack data
- How to create and apply a Health Set to maintain health of Active Directory environment