[ActiveDir] Results of survey - Most common cause of Active Directory "failures"?

[Gil Kirkpatrick]

Title: Most common cause of Active Directory "failures"?

Here's the summary of the results from last weeks informal survey. By far the most popular cause of AD failure is the inadvertant misconfiguration of MSFT DNS, which is interesting, because that was true 2 years ago as well. I guess some things never change.

 

(45 pts) C. Inadvertant misconfiguration of MSFT DNS.
(30 pts) B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change)

(28 pts) A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU)
(22 pts) G. Hardware failure of a networking device (including DNS servers, if they are not also DCs)
(15 pts) H. Physical disaster (fire, flood, power failure, etc)

(14 pts) F. Hardware failure of a DC
(12 pts) E. Inadvertant misconfiguration of networking devices
(4 pts) J. Malicious attack by a data admin

(2 pts) K. Malicious attack by an authenticated user

 

I ignored anything that was ranked lower than 5th...

Also interesting to note that the top three items are human error due to lack of knowledge or carelessness, the next three are physical failures nominally outside of human control. Is this because there are just too many knobs and switches on AD and DNS?

 

A little surprising is that the there were two votes for malicious attacks by an internal source.

 

Some of the other failure reasons cited (no overlap, so I must have listed all the important reasons...)

 

Incomplete load of an IPSec filter list

Impact of a 3^rd party agent or application on a DC e.g. Antivirus software

Issues with FW config that hindered replication over tombstone livetime (may belong to E)

Corrupt AD DC database / required metadata cleanup and repromotion of DC

Misconfiguration by a previous admin, and shutting down a DC with out dcpromo, or cleaning up metadata afterwards.

Inadvertantly double-clicking a _vbscript_ when someone meant to right-click > edit it :)

 

The two winners of the "nothing too fancy" prize are Hunter Coleman and Stuart Fuller (wait for applause to die down...) Please email your shipping particulars to me at mailto:[EMAIL PROTECTED], and I will get your gifts sent out ASAP.

 

I only received about 20 responses... I was expecting maybe 40 or 50. Any suggestions as to how to make this more effective (I don't have any money to spend on this, so large cash-value prizes are right out :)

 

-gil

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Wednesday, October 05, 2005 4:32 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Most common cause of Active Directory "failures"?

Greetings fellow travellers,

Here's a quick, informal, non-scientific survey. Please reply to me directly at mailto:[EMAIL PROTECTED] so we don't spam the list with responses. I've got a some swell gifts to give away at random to a couple of lucky respondants (nothing too fancy). I'll post the summary in a few days.

Question: *In your experience*, which are the most common causes of Active Directory "failure" (where failure is defined as failure to authenticate, authorize, replicate, or apply GPOs as expected). List as many as you care to, in order from most common to least common. Note that I am not considering the consequences of the failure, just how frequent they are.

Just send me a response like B, A, F or some such, along with any commentary you might have.

A. Inadvertant data deletion (fat-fingering a user object or, God-forbid, an OU)
B. Inadvertant misconfiguration of AD (for instance screwing up a connection object, or changing the wrong registry setting, or making an inappropriate GPO change)

C. Inadvertant misconfiguration of MSFT DNS.
D. Inadvertant misconfiguration of non-MSFT DNS.
E. Inadvertant misconfiguration of networking devices
F. Hardware failure of a DC
G. Hardware failure of a networking device (including DNS servers, if they are not also DCs)
H. Physical disaster (fire, flood, power failure, etc)
I. Malicious attack by a service admin
J. Malicious attack by a data admin
K. Malicious attack by an authenticated user
L. Malicious attack by an unauthenticated user
M. Other (please specify)

Thanks for your feedback.

-gil

Gil Kirkpatrick
CTO, NetPro

Don''t miss the Directory Experts Conference 2006. More information at www.dec2006.com.