Active directory is a huge part of any business environment, monitoring it to make sure its healthy can be a challenge. Microsoft’s system center ops manager can do a good job with all of the health packs and monitors built into it, but its a beast and I don’t have the staff to maintain it. So I’ve been looking online for some scripts and best practice for what to look for when checking the health of AD. Here are three good sites I found.
Jeremey has a great site and this post of his has a list of great scripts to use to help check the help and keep your active directory running smooth. Auditing AD subnets, he’s got a script for that.
SukhijaVikas is next up and he has created a powershell script to check?Ping, Netlogon, NTDS, DNS, DCdiag Test(Replication,sysvol,Services) and email you the results. So you can set this up to run on a schedule for hands off reporting. I did have some issues with false failures on some of my remote domains. I haven’t had time to dig into why the script reported errors but when I manually ran DCdiag and repladmin I had no problems.
This post comes from dove stone software, they have a nice writeup on common areas to check (event log,etc) and some common commands to run to check if your domain is healthy.
I hope these links help you and all the results return no issues, because fixing and cleaning up active directory errors can cause many new gray hairs 🙂