SlideShare a Scribd company logo

Inorbit Consulting Corp Pre AD Domain Upgrade Report

E
Ed Longstrom

AD Upgrade - Pre upgrade Domain status report

Technology
1 of 45
Download to read offline
Risk and Health Assessment Program for Active Directory ACME Ed Longstrom Inorbit Consulting Corporation
Example Risk Assessment Program Overview • Program Goals: • Assess risks of specified environment using a suite of data collection tools and operational interview • Identify key areas where your environment deviates from MS Best Practices • Provide enough details to plan improvements and mitigate risks • Program Phases: • Environmental Assessment: Accredited MS personnel collected detailed data regarding your environment focusing on key known critical areas • Analysis and Reporting: Accredited MS personnel collected data analyzed and compared to best practices, yielding reports and data reflecting key findings and risks • Remediation: Once identified issues and risks have been remediated, you should see a reduction in support incidents and improvements in infrastructure efficiencies
Example Overall Risk Based on the scope of this assessment, your Active Directory Environment is found to be at High Risk.
Example Consolidated Scorecard Active Directory Consolidated Scorecard Before After Account Information High High Token Size High High AD Database Medium Medium AD Object Count Low Low Database Info Medium Medium AD Integrated Services Low Low Certificate Services Low Low AD Replication High High Account Policies Low Low Forest/Domain Info Low Low Large Groups High High
Example Consolidated Scorecard (2) Active Directory Consolidated Scorecard Before After Replication Configuration Low Low Replication Status High High Site Configuration High High Subnet Information Medium Medium Backup Low Low Backup Status Low Low DC Health High High DCDiag - General Medium Medium Event Logs High High OS Information High High Performance Info High High
Example Consolidated Scorecard (3) Active Directory Consolidated Scorecard Before After Security Updates High High Time Configuration High High FRS/Group Policy High High FRS Convergence Low Low GPOTool Low Low SYSVOL Information High High Unlinked GPOs Low Low Name Resolution High High DCDiag - DNS Medium Medium DNS Information High High DNSLint High High
Example Consolidated Scorecard (4) Active Directory Consolidated Scorecard Before After IP Information Medium Medium WINS 1B & 1C Medium Medium Operational Excellence High High Backup Low Low Design High High Disaster Recovery High High Environmental Dependencies Low Low Monitoring High High Operate Low Low RODC Low Low Strategy Medium Medium
Example Consolidated Scorecard (5) Active Directory Consolidated Scorecard Before After Transition High High Virtualization Low Low Other Low Low Account Lockouts Low Low Exchange DSAccess Low Low Machine Account Info Low Low User Account Info Low Low Prerequisites High High ADST Dependencies High High
Example Key Issues and Risks - Critical The following Critical risks were identified in your environment: • AD Replication • Site Configuration • Preferred Bridgeheads Excluding NC (Resolved) • DC Health • Event Logs • Event ID 1388, NTDS Replication, Lingering Object Replicated
Example Key Issues and Risks - Critical • OS Information • Supportability of Windows Server 2003 Service Pack 1 • Performance Info • Non-Paged Pool Memory Leak (Resolved) • Security Updates • Critical Security Updates Missing • FRS/Group Policy • SYSVOL Information • FRS is in Journal Wrap
Example Key Issues and Risks - Critical (2) • Operational Excellence • Monitoring • The organization has not implemented management packs or guides to monitor the service environment.
Example High Risk Scorecard Active Directory High Risk Scorecard Before After Account Information Token Size User access tokens causing 16K or greater Paged Pool allocations High High User Kerberos tickets larger than IIS 5 can accept by default High High User Kerberos tickets may be larger than IIS 6 or 7 can accept by default High High Users’ Kerberos tickets may exceed default OS buffer limit High High
Example High Risk Scorecard (2) Active Directory High Risk Scorecard Before After AD Replication Large Groups Group Legacy Members Greater Than 5,000 in 2000 FFL Forest High High Replication Status NC Failed to Replicate Multiple Times High High
Example High Risk Scorecard (3) Active Directory High Risk Scorecard Before After Site Configuration DCs not in Domain Controllers OU High High Preferred Bridgeheads Excluding NC High Low
Example High Risk Scorecard (4) Active Directory High Risk Scorecard Before After DC Health Event Logs Event ID 1388, NTDS Replication, Lingering Object Replicated High High OS Information Event Logs Exceed 300MB High High Supportability of Windows Server 2003 Service Pack 1 High High
Example High Risk Scorecard (5) Active Directory High Risk Scorecard Before After Performance Info High Paged Pool Usage High High Non-Paged Pool Memory Leak High Low Security Updates Critical Security Updates Missing High High
Example High Risk Scorecard (6) Active Directory High Risk Scorecard Before After Time Configuration Maximum Negative Phase Correction Greater Than 48 Hours High High Maximum Positive Phase Correction Greater Than 48 Hours High High
Example High Risk Scorecard (7) Active Directory High Risk Scorecard Before After FRS/Group Policy SYSVOL Information FRS is in Journal Wrap High High SYSVOL Not Shared High Low SYSVOL Replication Partners Failing to Replicate High High
Example High Risk Scorecard (8) Active Directory High Risk Scorecard Before After Name Resolution DNS Information Zone Transfer is Enabled to Any Server High High DNSLint Missing Host/Glue Registrations High High
Example High Risk Scorecard (9) Active Directory High Risk Scorecard Before After Operational Excellence Design The organization does not have defined Operating Level Agreements (OLAs) between dependent IT units. High High Disaster Recovery The organization does not test service continuity plans after a major release or on a regular basis. High High
Example High Risk Scorecard (10) Active Directory High Risk Scorecard Before After Monitoring The organization has not implemented management packs or guides to monitor the service environment. High High Transition The organization does not receive alerts when a change is made to services or hardware. High High
Example High Risk Scorecard (11) Active Directory High Risk Scorecard Before After Prerequisites ADST Dependencies FRS Service Stopped Or Does Not Start Automatically High Low Inconsistent Infrastructure Master FSMO Role Owner High High Inconsistent RID Master FSMO Role Owner High High Kerberos KDC Service Stopped Or Does Not Start Automatically High Low
Example High Risk Scorecard (12) Active Directory High Risk Scorecard Before After Scalable Networking Pack Components Enabled High High
Example Appendix – Medium Risk Scorecard Active Directory Medium Risk Scorecard Before After Account Information Token Size User access tokens causing 12K Paged Pool allocations Medium Medium
Example Appendix – Medium Risk Scorecard (2) Active Directory Medium Risk Scorecard Before After AD Database Database Info Low Free Disk Space on Database and Log Path Medium Medium
Example Appendix – Medium Risk Scorecard (3) Active Directory Medium Risk Scorecard Before After AD Replication Replication Status A DC Has Never Replicated an NC With a Partner Medium Medium Subnet Information DCs in Sites With Conflicting Subnet Definitions Medium Medium Sites With No Subnet Definitions Medium Medium
Example Appendix – Medium Risk Scorecard (4) Active Directory Medium Risk Scorecard Before After DC Health DCDiag - General DCDiag Errors Medium Medium Performance Info Average Disk Sec/Write on Log Drive Is 25 Milliseconds or Greater Medium Medium Average Disk Sec/Write on NTDS Drive Is 25 Milliseconds or Greater Medium Medium
Example Appendix – Medium Risk Scorecard (5) Active Directory Medium Risk Scorecard Before After Average Disk Sec/Write on System Drive Is 25 Milliseconds or Greater Medium Medium Average LDAP Bind Time Is 20 Milliseconds or Greater Medium Medium Overall CPU Utilization 80 Percent or Greater Medium Medium Security Updates Important Security Updates Missing Medium Medium
Example Appendix – Medium Risk Scorecard (6) Active Directory Medium Risk Scorecard Before After Time Configuration DCs Are 30 Seconds or More Out of Sync Medium Low FRS/Group Policy SYSVOL Information Large Backlogged Connections Medium Medium
Example Appendix – Medium Risk Scorecard (7) Active Directory Medium Risk Scorecard Before After Name Resolution DCDiag - DNS DNS Service Stopped Medium Medium Single Valid Forwarder Medium Medium
Example Appendix – Medium Risk Scorecard (8) Active Directory Medium Risk Scorecard Before After IP Information WINS Split Registration Medium Medium WINS 1B & 1C 1C Record Contains Less Than 2 Valid Entries Medium Low Static Domain 1B Registrations Found Medium Medium
Example Appendix – Medium Risk Scorecard (9) Active Directory Medium Risk Scorecard Before After Operational Excellence Disaster Recovery Disaster Recovery Plan Does Not Include Common Scenarios Medium Medium Strategy The organization does not review performance against their existing support agreements Medium Medium
Example Appendix – Low Risk Scorecard Active Directory Low Risk Scorecard Before After Account Information Token Size User access tokens approaching next jump in Paged Pool allocation Low Low User access tokens causing 08K Paged Pool allocations Low Low User Kerberos tickets approaching maximum size that IIS 5 can accept by default Low Low User Kerberos tickets may be approaching the default size limit for IIS 6 and 7 Low Low
Example Appendix – Low Risk Scorecard (2) Active Directory Low Risk Scorecard Before After Users and/or Groups with SID History Low Low Users’ Kerberos tickets may approach default OS buffer limit Low Low AD Database AD Object Count DLT Objects Found Low Low
Example Appendix – Low Risk Scorecard (3) Active Directory Low Risk Scorecard Before After Database Info Low Free Disk Space Low Low AD Replication Replication Configuration Strict Replication Consistency Disabled Low Low
Example Appendix – Low Risk Scorecard (4) Active Directory Low Risk Scorecard Before After Site Configuration Bridgehead With Many Inter-Site Inbound Replication Connections Is Virtualized Low Low Single Preferred Bridgehead Low Low Site Not Contained in a Site Link Low Low
Example Appendix – Low Risk Scorecard (5) Active Directory Low Risk Scorecard Before After Subnet Information Orphaned Subnet Definitions Low Low DC Health Event Logs Event ID 11, KDC, Duplicate UPN or SPN Low Low
Example Appendix – Low Risk Scorecard (6) Active Directory Low Risk Scorecard Before After OS Information LAN Manager Hash for Passwords Stored Low Low PAE Enabled on Microsoft Windows 2003 or Greater DCs Low Low System Drive Has Less Than 1GB Free Space Low Low
Example Appendix – Low Risk Scorecard (7) Active Directory Low Risk Scorecard Before After Performance Info Average Disk Sec/Read on Log Drive is Between 25 and 49 Milliseconds Low Low Average Disk Sec/Read on NTDS Drive Is Between 25 and 49 Milliseconds Low Low Average Disk Sec/Read on System Drive Is Between 25 and 49 Milliseconds Low Low Average Disk Sec/Write on Log Drive Is Between 15 and 24 Milliseconds Low Low Average Disk Sec/Write on NTDS Drive Is Between 15 and 24 milliseconds Low Low
Example Appendix – Low Risk Scorecard (8) Active Directory Low Risk Scorecard Before After Average Disk Sec/Write on System Drive Is Between 15 and 24 Milliseconds Low Low Average LDAP Bind Time Is Between 15 and 19 Milliseconds Low Low Overall CPU Utilization 60 Percent or Greater Low Low
Example Appendix – Low Risk Scorecard (9) Active Directory Low Risk Scorecard Before After FRS/Group Policy FRS Convergence Did Not Replicate Within Time-out Low Low GPOTool GPOTOOL Detected Errors Low Low
Example Appendix – Low Risk Scorecard (10) Active Directory Low Risk Scorecard Before After SYSVOL Information SYSVOL Free Space Less Than 1GB Low Low SYSVOL Staging Path Free Space Less Than 1GB Low Low
Example Appendix – Low Risk Scorecard (11) Active Directory Low Risk Scorecard Before After Name Resolution DCDiag - DNS Broken Delegation Low Low Invalid DNS Address Low Low
Example Appendix – Low Risk Scorecard (12) Active Directory Low Risk Scorecard Before After IP Information Single WINS Server Specified Low Low WINS 1B & 1C Static Domain 1C Registrations Found Low Low
Example Appendix – Low Risk Scorecard (13) Active Directory Low Risk Scorecard Before After Operational Excellence Strategy Base Level IT Certification Is Not Required Low Low Transition No Active Directory Lab That Mirrors the Production Environment Low Low

Recommended

Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt
omalreda
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Kiran Gajbhiye
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventory
ikirmer
 
Disaster Recovery & Data Backup Strategies
Disaster Recovery & Data Backup StrategiesDisaster Recovery & Data Backup Strategies
Disaster Recovery & Data Backup Strategies
Spiceworks
 
Automated Analytics at Scale
Automated Analytics at ScaleAutomated Analytics at Scale
Automated Analytics at Scale
DataWorks Summit/Hadoop Summit
 
HADRFINAL13112016
HADRFINAL13112016HADRFINAL13112016
HADRFINAL13112016
Thevapriyan Shanmugam
 
Deployment websese
Deployment webseseDeployment websese
Deployment websese
thanglx
 
Security Updates: More Seamless Access Controls with Apache Spark and Apache ...
Security Updates: More Seamless Access Controls with Apache Spark and Apache ...Security Updates: More Seamless Access Controls with Apache Spark and Apache ...
Security Updates: More Seamless Access Controls with Apache Spark and Apache ...
DataWorks Summit
 

Recommended

Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt
omalreda
 
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation Security Threats to Hadoop: Data Leakage Attacks and Investigation
Security Threats to Hadoop: Data Leakage Attacks and Investigation
Kiran Gajbhiye
 
IT Network Asset Discovery & Inventory
IT Network Asset Discovery & InventoryIT Network Asset Discovery & Inventory
IT Network Asset Discovery & Inventory
ikirmer
 
Disaster Recovery & Data Backup Strategies
Disaster Recovery & Data Backup StrategiesDisaster Recovery & Data Backup Strategies
Disaster Recovery & Data Backup Strategies
Spiceworks
 
Automated Analytics at Scale
Automated Analytics at ScaleAutomated Analytics at Scale
Automated Analytics at Scale
DataWorks Summit/Hadoop Summit
 
HADRFINAL13112016
HADRFINAL13112016HADRFINAL13112016
HADRFINAL13112016
Thevapriyan Shanmugam
 
Deployment websese
Deployment webseseDeployment websese
Deployment websese
thanglx
 
Security Updates: More Seamless Access Controls with Apache Spark and Apache ...
Security Updates: More Seamless Access Controls with Apache Spark and Apache ...Security Updates: More Seamless Access Controls with Apache Spark and Apache ...
Security Updates: More Seamless Access Controls with Apache Spark and Apache ...
DataWorks Summit
 
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
DataWorks Summit
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
MarketingArrowECS_CZ
 
Best practices and trends in people soft
Best practices and trends in people softBest practices and trends in people soft
Best practices and trends in people soft
Hazelknight Media & Entertainment Pvt Ltd
 
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data ExplosionAudax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
actifio
 
Increased IT infrastructure effectiveness by 80% with Microsoft system center...
Increased IT infrastructure effectiveness by 80% with Microsoft system center...Increased IT infrastructure effectiveness by 80% with Microsoft system center...
Increased IT infrastructure effectiveness by 80% with Microsoft system center...
Aspire Systems
 
Integration architecture framework
Integration architecture frameworkIntegration architecture framework
Integration architecture framework
Yaohua (Ivan) Chen, Ph.D.
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL Server
Bob Roudebush
 
Slide 1 - St. Louis SharePoint Users Group
Slide 1 - St. Louis SharePoint Users GroupSlide 1 - St. Louis SharePoint Users Group
Slide 1 - St. Louis SharePoint Users Group
webhostingguy
 
MAA Best Practices for Oracle Database 19c
MAA Best Practices for Oracle Database 19cMAA Best Practices for Oracle Database 19c
MAA Best Practices for Oracle Database 19c
Markus Michalewicz
 
Presentation riverbed steelhead appliance main 2010
Presentation riverbed steelhead appliance main 2010Presentation riverbed steelhead appliance main 2010
Presentation riverbed steelhead appliance main 2010
chanwitcs
 
Microsoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft SQL Server - Reduce Your Cost and Improve your Agility PresentationMicrosoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft Private Cloud
 
200308 Active Directory Security
200308 Active Directory Security200308 Active Directory Security
200308 Active Directory Security
Armando Leon
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
Kal BO
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Focus on business, not backups
Focus on business, not backupsFocus on business, not backups
Focus on business, not backups
Dell World
 
Ppt Template
Ppt TemplatePpt Template
Ppt Template
papdev
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Australia
 
Eniac – Lotus Consolidation 2009
Eniac – Lotus Consolidation 2009Eniac – Lotus Consolidation 2009
Eniac – Lotus Consolidation 2009
Edwin Kanis
 
Sybase Global Infrastructure
Sybase Global InfrastructureSybase Global Infrastructure
Sybase Global Infrastructure
Robert Mobley
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
中 央社
 

More Related Content

Similar to Inorbit Consulting Corp Pre AD Domain Upgrade Report

Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
DataWorks Summit
 
Slide 1 - St. Louis SharePoint Users Group
Slide 1 - St. Louis SharePoint Users GroupSlide 1 - St. Louis SharePoint Users Group
Slide 1 - St. Louis SharePoint Users Group
webhostingguy
 
Presentation riverbed steelhead appliance main 2010
Presentation riverbed steelhead appliance main 2010Presentation riverbed steelhead appliance main 2010
Presentation riverbed steelhead appliance main 2010
chanwitcs
 
Microsoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft SQL Server - Reduce Your Cost and Improve your Agility PresentationMicrosoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft Private Cloud
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Ppt Template
Ppt TemplatePpt Template
Ppt Template
papdev
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Australia
 
Sybase Global Infrastructure
Sybase Global InfrastructureSybase Global Infrastructure
Sybase Global Infrastructure
Robert Mobley
 

Similar to Inorbit Consulting Corp Pre AD Domain Upgrade Report (20)

Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
Disaster Recovery Experience at CACIB: Hardening Hadoop for Critical Financia...
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Best practices and trends in people soft
Best practices and trends in people softBest practices and trends in people soft
Best practices and trends in people soft
 
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data ExplosionAudax Group: CIO Perspectives - Managing The Copy Data Explosion
Audax Group: CIO Perspectives - Managing The Copy Data Explosion
 
Increased IT infrastructure effectiveness by 80% with Microsoft system center...
Increased IT infrastructure effectiveness by 80% with Microsoft system center...Increased IT infrastructure effectiveness by 80% with Microsoft system center...
Increased IT infrastructure effectiveness by 80% with Microsoft system center...
 
Integration architecture framework
Integration architecture frameworkIntegration architecture framework
Integration architecture framework
 
Availability Considerations for SQL Server
Availability Considerations for SQL ServerAvailability Considerations for SQL Server
Availability Considerations for SQL Server
 
Slide 1 - St. Louis SharePoint Users Group
Slide 1 - St. Louis SharePoint Users GroupSlide 1 - St. Louis SharePoint Users Group
Slide 1 - St. Louis SharePoint Users Group
 
MAA Best Practices for Oracle Database 19c
MAA Best Practices for Oracle Database 19cMAA Best Practices for Oracle Database 19c
MAA Best Practices for Oracle Database 19c
 
Presentation riverbed steelhead appliance main 2010
Presentation riverbed steelhead appliance main 2010Presentation riverbed steelhead appliance main 2010
Presentation riverbed steelhead appliance main 2010
 
Microsoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft SQL Server - Reduce Your Cost and Improve your Agility PresentationMicrosoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
Microsoft SQL Server - Reduce Your Cost and Improve your Agility Presentation
 
200308 Active Directory Security
200308 Active Directory Security200308 Active Directory Security
200308 Active Directory Security
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
 
Focus on business, not backups
Focus on business, not backupsFocus on business, not backups
Focus on business, not backups
 
Ppt Template
Ppt TemplatePpt Template
Ppt Template
 
Logicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data ProtectionLogicalis Backup as a Service: Re-defining Data Protection
Logicalis Backup as a Service: Re-defining Data Protection
 
Eniac – Lotus Consolidation 2009
Eniac – Lotus Consolidation 2009Eniac – Lotus Consolidation 2009
Eniac – Lotus Consolidation 2009
 
Sybase Global Infrastructure
Sybase Global InfrastructureSybase Global Infrastructure
Sybase Global Infrastructure
 

Recently uploaded

TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 

Recently uploaded (20)

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 

Inorbit Consulting Corp Pre AD Domain Upgrade Report

  • 1. Risk and Health Assessment Program for Active Directory ACME Ed Longstrom Inorbit Consulting Corporation
  • 2. Example Risk Assessment Program Overview • Program Goals: • Assess risks of specified environment using a suite of data collection tools and operational interview • Identify key areas where your environment deviates from MS Best Practices • Provide enough details to plan improvements and mitigate risks • Program Phases: • Environmental Assessment: Accredited MS personnel collected detailed data regarding your environment focusing on key known critical areas • Analysis and Reporting: Accredited MS personnel collected data analyzed and compared to best practices, yielding reports and data reflecting key findings and risks • Remediation: Once identified issues and risks have been remediated, you should see a reduction in support incidents and improvements in infrastructure efficiencies
  • 3. Example Overall Risk Based on the scope of this assessment, your Active Directory Environment is found to be at High Risk.
  • 4. Example Consolidated Scorecard Active Directory Consolidated Scorecard Before After Account Information High High Token Size High High AD Database Medium Medium AD Object Count Low Low Database Info Medium Medium AD Integrated Services Low Low Certificate Services Low Low AD Replication High High Account Policies Low Low Forest/Domain Info Low Low Large Groups High High
  • 5. Example Consolidated Scorecard (2) Active Directory Consolidated Scorecard Before After Replication Configuration Low Low Replication Status High High Site Configuration High High Subnet Information Medium Medium Backup Low Low Backup Status Low Low DC Health High High DCDiag - General Medium Medium Event Logs High High OS Information High High Performance Info High High
  • 6. Example Consolidated Scorecard (3) Active Directory Consolidated Scorecard Before After Security Updates High High Time Configuration High High FRS/Group Policy High High FRS Convergence Low Low GPOTool Low Low SYSVOL Information High High Unlinked GPOs Low Low Name Resolution High High DCDiag - DNS Medium Medium DNS Information High High DNSLint High High
  • 7. Example Consolidated Scorecard (4) Active Directory Consolidated Scorecard Before After IP Information Medium Medium WINS 1B & 1C Medium Medium Operational Excellence High High Backup Low Low Design High High Disaster Recovery High High Environmental Dependencies Low Low Monitoring High High Operate Low Low RODC Low Low Strategy Medium Medium
  • 8. Example Consolidated Scorecard (5) Active Directory Consolidated Scorecard Before After Transition High High Virtualization Low Low Other Low Low Account Lockouts Low Low Exchange DSAccess Low Low Machine Account Info Low Low User Account Info Low Low Prerequisites High High ADST Dependencies High High
  • 9. Example Key Issues and Risks - Critical The following Critical risks were identified in your environment: • AD Replication • Site Configuration • Preferred Bridgeheads Excluding NC (Resolved) • DC Health • Event Logs • Event ID 1388, NTDS Replication, Lingering Object Replicated
  • 10. Example Key Issues and Risks - Critical • OS Information • Supportability of Windows Server 2003 Service Pack 1 • Performance Info • Non-Paged Pool Memory Leak (Resolved) • Security Updates • Critical Security Updates Missing • FRS/Group Policy • SYSVOL Information • FRS is in Journal Wrap
  • 11. Example Key Issues and Risks - Critical (2) • Operational Excellence • Monitoring • The organization has not implemented management packs or guides to monitor the service environment.
  • 12. Example High Risk Scorecard Active Directory High Risk Scorecard Before After Account Information Token Size User access tokens causing 16K or greater Paged Pool allocations High High User Kerberos tickets larger than IIS 5 can accept by default High High User Kerberos tickets may be larger than IIS 6 or 7 can accept by default High High Users’ Kerberos tickets may exceed default OS buffer limit High High
  • 13. Example High Risk Scorecard (2) Active Directory High Risk Scorecard Before After AD Replication Large Groups Group Legacy Members Greater Than 5,000 in 2000 FFL Forest High High Replication Status NC Failed to Replicate Multiple Times High High
  • 14. Example High Risk Scorecard (3) Active Directory High Risk Scorecard Before After Site Configuration DCs not in Domain Controllers OU High High Preferred Bridgeheads Excluding NC High Low
  • 15. Example High Risk Scorecard (4) Active Directory High Risk Scorecard Before After DC Health Event Logs Event ID 1388, NTDS Replication, Lingering Object Replicated High High OS Information Event Logs Exceed 300MB High High Supportability of Windows Server 2003 Service Pack 1 High High
  • 16. Example High Risk Scorecard (5) Active Directory High Risk Scorecard Before After Performance Info High Paged Pool Usage High High Non-Paged Pool Memory Leak High Low Security Updates Critical Security Updates Missing High High
  • 17. Example High Risk Scorecard (6) Active Directory High Risk Scorecard Before After Time Configuration Maximum Negative Phase Correction Greater Than 48 Hours High High Maximum Positive Phase Correction Greater Than 48 Hours High High
  • 18. Example High Risk Scorecard (7) Active Directory High Risk Scorecard Before After FRS/Group Policy SYSVOL Information FRS is in Journal Wrap High High SYSVOL Not Shared High Low SYSVOL Replication Partners Failing to Replicate High High
  • 19. Example High Risk Scorecard (8) Active Directory High Risk Scorecard Before After Name Resolution DNS Information Zone Transfer is Enabled to Any Server High High DNSLint Missing Host/Glue Registrations High High
  • 20. Example High Risk Scorecard (9) Active Directory High Risk Scorecard Before After Operational Excellence Design The organization does not have defined Operating Level Agreements (OLAs) between dependent IT units. High High Disaster Recovery The organization does not test service continuity plans after a major release or on a regular basis. High High
  • 21. Example High Risk Scorecard (10) Active Directory High Risk Scorecard Before After Monitoring The organization has not implemented management packs or guides to monitor the service environment. High High Transition The organization does not receive alerts when a change is made to services or hardware. High High
  • 22. Example High Risk Scorecard (11) Active Directory High Risk Scorecard Before After Prerequisites ADST Dependencies FRS Service Stopped Or Does Not Start Automatically High Low Inconsistent Infrastructure Master FSMO Role Owner High High Inconsistent RID Master FSMO Role Owner High High Kerberos KDC Service Stopped Or Does Not Start Automatically High Low
  • 23. Example High Risk Scorecard (12) Active Directory High Risk Scorecard Before After Scalable Networking Pack Components Enabled High High
  • 24. Example Appendix – Medium Risk Scorecard Active Directory Medium Risk Scorecard Before After Account Information Token Size User access tokens causing 12K Paged Pool allocations Medium Medium
  • 25. Example Appendix – Medium Risk Scorecard (2) Active Directory Medium Risk Scorecard Before After AD Database Database Info Low Free Disk Space on Database and Log Path Medium Medium
  • 26. Example Appendix – Medium Risk Scorecard (3) Active Directory Medium Risk Scorecard Before After AD Replication Replication Status A DC Has Never Replicated an NC With a Partner Medium Medium Subnet Information DCs in Sites With Conflicting Subnet Definitions Medium Medium Sites With No Subnet Definitions Medium Medium
  • 27. Example Appendix – Medium Risk Scorecard (4) Active Directory Medium Risk Scorecard Before After DC Health DCDiag - General DCDiag Errors Medium Medium Performance Info Average Disk Sec/Write on Log Drive Is 25 Milliseconds or Greater Medium Medium Average Disk Sec/Write on NTDS Drive Is 25 Milliseconds or Greater Medium Medium
  • 28. Example Appendix – Medium Risk Scorecard (5) Active Directory Medium Risk Scorecard Before After Average Disk Sec/Write on System Drive Is 25 Milliseconds or Greater Medium Medium Average LDAP Bind Time Is 20 Milliseconds or Greater Medium Medium Overall CPU Utilization 80 Percent or Greater Medium Medium Security Updates Important Security Updates Missing Medium Medium
  • 29. Example Appendix – Medium Risk Scorecard (6) Active Directory Medium Risk Scorecard Before After Time Configuration DCs Are 30 Seconds or More Out of Sync Medium Low FRS/Group Policy SYSVOL Information Large Backlogged Connections Medium Medium
  • 30. Example Appendix – Medium Risk Scorecard (7) Active Directory Medium Risk Scorecard Before After Name Resolution DCDiag - DNS DNS Service Stopped Medium Medium Single Valid Forwarder Medium Medium
  • 31. Example Appendix – Medium Risk Scorecard (8) Active Directory Medium Risk Scorecard Before After IP Information WINS Split Registration Medium Medium WINS 1B & 1C 1C Record Contains Less Than 2 Valid Entries Medium Low Static Domain 1B Registrations Found Medium Medium
  • 32. Example Appendix – Medium Risk Scorecard (9) Active Directory Medium Risk Scorecard Before After Operational Excellence Disaster Recovery Disaster Recovery Plan Does Not Include Common Scenarios Medium Medium Strategy The organization does not review performance against their existing support agreements Medium Medium
  • 33. Example Appendix – Low Risk Scorecard Active Directory Low Risk Scorecard Before After Account Information Token Size User access tokens approaching next jump in Paged Pool allocation Low Low User access tokens causing 08K Paged Pool allocations Low Low User Kerberos tickets approaching maximum size that IIS 5 can accept by default Low Low User Kerberos tickets may be approaching the default size limit for IIS 6 and 7 Low Low
  • 34. Example Appendix – Low Risk Scorecard (2) Active Directory Low Risk Scorecard Before After Users and/or Groups with SID History Low Low Users’ Kerberos tickets may approach default OS buffer limit Low Low AD Database AD Object Count DLT Objects Found Low Low
  • 35. Example Appendix – Low Risk Scorecard (3) Active Directory Low Risk Scorecard Before After Database Info Low Free Disk Space Low Low AD Replication Replication Configuration Strict Replication Consistency Disabled Low Low
  • 36. Example Appendix – Low Risk Scorecard (4) Active Directory Low Risk Scorecard Before After Site Configuration Bridgehead With Many Inter-Site Inbound Replication Connections Is Virtualized Low Low Single Preferred Bridgehead Low Low Site Not Contained in a Site Link Low Low
  • 37. Example Appendix – Low Risk Scorecard (5) Active Directory Low Risk Scorecard Before After Subnet Information Orphaned Subnet Definitions Low Low DC Health Event Logs Event ID 11, KDC, Duplicate UPN or SPN Low Low
  • 38. Example Appendix – Low Risk Scorecard (6) Active Directory Low Risk Scorecard Before After OS Information LAN Manager Hash for Passwords Stored Low Low PAE Enabled on Microsoft Windows 2003 or Greater DCs Low Low System Drive Has Less Than 1GB Free Space Low Low
  • 39. Example Appendix – Low Risk Scorecard (7) Active Directory Low Risk Scorecard Before After Performance Info Average Disk Sec/Read on Log Drive is Between 25 and 49 Milliseconds Low Low Average Disk Sec/Read on NTDS Drive Is Between 25 and 49 Milliseconds Low Low Average Disk Sec/Read on System Drive Is Between 25 and 49 Milliseconds Low Low Average Disk Sec/Write on Log Drive Is Between 15 and 24 Milliseconds Low Low Average Disk Sec/Write on NTDS Drive Is Between 15 and 24 milliseconds Low Low
  • 40. Example Appendix – Low Risk Scorecard (8) Active Directory Low Risk Scorecard Before After Average Disk Sec/Write on System Drive Is Between 15 and 24 Milliseconds Low Low Average LDAP Bind Time Is Between 15 and 19 Milliseconds Low Low Overall CPU Utilization 60 Percent or Greater Low Low
  • 41. Example Appendix – Low Risk Scorecard (9) Active Directory Low Risk Scorecard Before After FRS/Group Policy FRS Convergence Did Not Replicate Within Time-out Low Low GPOTool GPOTOOL Detected Errors Low Low
  • 42. Example Appendix – Low Risk Scorecard (10) Active Directory Low Risk Scorecard Before After SYSVOL Information SYSVOL Free Space Less Than 1GB Low Low SYSVOL Staging Path Free Space Less Than 1GB Low Low
  • 43. Example Appendix – Low Risk Scorecard (11) Active Directory Low Risk Scorecard Before After Name Resolution DCDiag - DNS Broken Delegation Low Low Invalid DNS Address Low Low
  • 44. Example Appendix – Low Risk Scorecard (12) Active Directory Low Risk Scorecard Before After IP Information Single WINS Server Specified Low Low WINS 1B & 1C Static Domain 1C Registrations Found Low Low
  • 45. Example Appendix – Low Risk Scorecard (13) Active Directory Low Risk Scorecard Before After Operational Excellence Strategy Base Level IT Certification Is Not Required Low Low Transition No Active Directory Lab That Mirrors the Production Environment Low Low