subject:"RE\: \[ActiveDir\] AD\/DNS BPA\?"

RE: [ActiveDir] AD/DNS BPA?

2005-10-16 Thread Rick Kingslan

Huh.  That doesn't appear to be _US_  I wonder if the Engineering
Services group knows that a third party (Partner at that) is advertising
these services.

Honestly, I didn't think that we farmed those services out

Checking.

Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Saturday, October 15, 2005 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD/DNS BPA?

Microsoft AD Health Check:
http://www.systems-group.net/En/Consultancy+Services/Solutions/Microsoft+AD+
Health+Check.htm

Looks like it's talked about here too

Dean Wells wrote:

Ooops ... my apologies :O(

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Friday, October 14, 2005 10:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

Boo, hiss.  It's Engineering Services that offers it, not MCS.  ;

  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Thursday, October 13, 2005 11:22 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] AD/DNS BPA?

The tool I spoke about in confidence with Tony (just teasing
;o) is an offering from MCS known as the ADHC or AD Health Check ... 
it is a nicely shrink-wrapped series of powerful interrogation 
scripts/tools that, when compiled by someone sufficiently trained, 
produces a very detailed configuration breakdown, useful 
recommendations and/or general mis-configurations.  As I understand 
it, it is available exclusively via an MCS engagement.

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, October 11, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

If find DNSlint to be pretty good, but obviously limited in scope.  I 
think Dean mentioned to me recently that PSS have a tool that provides 
BPA-like functionality.  It sounded like the output might be a little 
too complicated to make it publicly available.

Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G 
I've been told that several companies are currently offering health 
checks, but I haven't tested any of them.

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right 
after scanning the event logs.  That'll give me an idea of where to 
focus more effort if needed. Most of what I want to know is going to 
show up there without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two 
steps in my normal approach. That'll indicate whether or not I have to 
dig deeper.
Some other tools such as repadmin are useful as well. And there was a 
tool, SPA that could be helpful in some situations depending on what 
you want to know.

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan 
Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer 
right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag, 
Sysinternals, Joeware stuff and such things... is there currently 
enough tools in your bag'o'tricks to ensure DNS/AD is set up right?
Do you guys have a tool that you consider 'the' DNS/AD BPA and if so 
what is it?

Or is AD/DNS health review like security log reviews/dump files where 
it's an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as 
well.

;-)

lurk mode back on

--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
##
##
#
This communication, including any attachments, is confidential.
If you are not the intended recipient

RE: [ActiveDir] AD/DNS BPA?

2005-10-16 Thread Rick Kingslan

Yes, they (we) do.  I'll check into them and give you an overview of what
they do  If I can, to be more correct.

Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, October 11, 2005 9:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

If find DNSlint to be pretty good, but obviously limited in scope.  I think
Dean mentioned to me recently that PSS have a tool that provides BPA-like
functionality.  It sounded like the output might be a little too complicated
to make it publicly available. 

Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G I've
been told that several companies are currently offering health checks, but I
haven't tested any of them.  

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after
scanning the event logs.  That'll give me an idea of where to focus more
effort if needed. Most of what I want to know is going to show up there
without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two steps in
my normal approach. That'll indicate whether or not I have to dig deeper.
Some other tools such as repadmin are useful as well. And there was a tool,
SPA that could be helpful in some situations depending on what you want to
know. 

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals,
Joeware stuff and such things... is there currently enough tools in your
bag'o'tricks to ensure DNS/AD is set up right?  Do you guys have a tool that
you consider 'the' DNS/AD BPA and if so what is it?

Or is AD/DNS health review like security log reviews/dump files where it's
an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as well.

;-)

lurk mode back on

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

#
This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read it - please
contact me immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it.
Thank You.

Please note that this communication does not designate an information system
for the purposes of the NZ Electronic Transactions Act 2002.

This email has been scanned for Viruses and Content and cleared by NetIQ
MailMarshal at Gen-i.

#

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD/DNS BPA?

2005-10-16 Thread joe

That isn't necessarily the same check. I have seen several companies who
have offered an AD Healthcheck. Occasionally they even know something about
AD.

  joe 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Sunday, October 16, 2005 8:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

Huh.  That doesn't appear to be _US_  I wonder if the Engineering
Services group knows that a third party (Partner at that) is advertising
these services.

Honestly, I didn't think that we farmed those services out

Checking.

Rick [msft]
--
Posting is provided AS IS, and confers no rights or warranties ...
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Saturday, October 15, 2005 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD/DNS BPA?

Microsoft AD Health Check:
http://www.systems-group.net/En/Consultancy+Services/Solutions/Microsoft+AD+
Health+Check.htm

Looks like it's talked about here too

Dean Wells wrote:

Ooops ... my apologies :O(

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Friday, October 14, 2005 10:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

Boo, hiss.  It's Engineering Services that offers it, not MCS.  ;

  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Thursday, October 13, 2005 11:22 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] AD/DNS BPA?

The tool I spoke about in confidence with Tony (just teasing
;o) is an offering from MCS known as the ADHC or AD Health Check ... 
it is a nicely shrink-wrapped series of powerful interrogation 
scripts/tools that, when compiled by someone sufficiently trained, 
produces a very detailed configuration breakdown, useful 
recommendations and/or general mis-configurations.  As I understand 
it, it is available exclusively via an MCS engagement.

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, October 11, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

If find DNSlint to be pretty good, but obviously limited in scope.  I 
think Dean mentioned to me recently that PSS have a tool that provides 
BPA-like functionality.  It sounded like the output might be a little 
too complicated to make it publicly available.

Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G 
I've been told that several companies are currently offering health 
checks, but I haven't tested any of them.

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right 
after scanning the event logs.  That'll give me an idea of where to 
focus more effort if needed. Most of what I want to know is going to 
show up there without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two 
steps in my normal approach. That'll indicate whether or not I have to 
dig deeper.
Some other tools such as repadmin are useful as well. And there was a 
tool, SPA that could be helpful in some situations depending on what 
you want to know.

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan 
Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer 
right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag, 
Sysinternals, Joeware stuff and such things... is there currently 
enough tools in your bag'o'tricks to ensure DNS/AD is set up right?
Do you guys have a tool that you consider 'the' DNS/AD BPA and if so 
what is it?

Or is AD/DNS health review like security log reviews/dump files where 
it's an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as 
well.

;-)

lurk mode back on

--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir

RE: [ActiveDir] AD/DNS BPA?

2005-10-16 Thread David Adner

Correct, that's a 3rd party's offering that has no relation to MS's
workshop.  There are multiple companies who offer Active Directory Health
Checks like aren't part of MS's workshop.  I don't believe the term is
copyrighted.  :)

Essentially, if it wasn't arranged via a company's Premier support contract
then it's pretty much guaranteed to be a 3rd party company, not MS.  I've
never sat through another company's health check so I can't offer a
comparison.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
 Sent: Sunday, October 16, 2005 7:05 AM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 Huh.  That doesn't appear to be _US_  I wonder if the 
 Engineering Services group knows that a third party (Partner 
 at that) is advertising these services.
 
 Honestly, I didn't think that we farmed those services out
 
 Checking.
 
 Rick [msft]
 --
 Posting is provided AS IS, and confers no rights or warranties ...
   
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
 Sent: Saturday, October 15, 2005 1:32 PM
 To: ActiveDir@mail.activedir.org
 Subject: Re: [ActiveDir] AD/DNS BPA?
 
 Microsoft AD Health Check:
 http://www.systems-group.net/En/Consultancy+Services/Solutions
 /Microsoft+AD+
 Health+Check.htm
 
 Looks like it's talked about here too
 
 Dean Wells wrote:
 
 Ooops ... my apologies :O(
 
 --
 Dean Wells
 MSEtechnology
 * Email: [EMAIL PROTECTED]
 http://msetechnology.com
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
 Sent: Friday, October 14, 2005 10:44 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 Boo, hiss.  It's Engineering Services that offers it, not MCS.  ;
 
   
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
 Sent: Thursday, October 13, 2005 11:22 AM
 To: Send - AD mailing list
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 The tool I spoke about in confidence with Tony (just teasing
 ;o) is an offering from MCS known as the ADHC or AD Health 
 Check ... 
 it is a nicely shrink-wrapped series of powerful interrogation 
 scripts/tools that, when compiled by someone sufficiently trained, 
 produces a very detailed configuration breakdown, useful 
 recommendations and/or general mis-configurations.  As I understand 
 it, it is available exclusively via an MCS engagement.
 
 --
 Dean Wells
 MSEtechnology
 * Email: [EMAIL PROTECTED]
 http://msetechnology.com
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: Tuesday, October 11, 2005 7:45 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 If find DNSlint to be pretty good, but obviously limited in 
 scope.  I 
 think Dean mentioned to me recently that PSS have a tool 
 that provides 
 BPA-like functionality.  It sounded like the output might 
 be a little 
 too complicated to make it publicly available.
 
 Perhaps Dean has more info on this (assuming it's not under NDA)?
 
 Tony
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
 Sent: Wednesday, 12 October 2005 2:58 p.m.
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 The tools are there, but the interpretation is sometimes 
 lacking G 
 I've been told that several companies are currently offering health 
 checks, but I haven't tested any of them.
 
 As for Microsoft tools, I'm a fan of using dcdiag and netdiag right 
 after scanning the event logs.  That'll give me an idea of where to 
 focus more effort if needed. Most of what I want to know is 
 going to 
 show up there without having to do too much waving of the 
 magic wand.
 There are some additional tools, but they get used after these two 
 steps in my normal approach. That'll indicate whether or 
 not I have to 
 dig deeper.
 Some other tools such as repadmin are useful as well. And 
 there was a 
 tool, SPA that could be helpful in some situations 
 depending on what 
 you want to know.
 
 I haven't seen an AD BPA though.  Be interesting to see one. 
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Susan 
 Bradley, CPA aka Ebitz - SBS Rocks [MVP]
 Sent: Tuesday, October 11, 2005 9:34 PM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] AD/DNS BPA?
 
 
 lurk mode off
 
 Stupid question... okay we have Exchange Best practices analyzer 
 right?
 http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
  
 I know you guys don't like GUI...but besides DNSlint, dnsdiag, 
 Sysinternals, Joeware stuff and such things... is there currently 
 enough tools in your bag'o'tricks to ensure DNS/AD is set up right?
 Do you guys have a tool that you consider 'the' DNS/AD BPA

RE: [ActiveDir] AD/DNS BPA?

2005-10-16 Thread David Adner

To the original poster, if you have a TAM that would be the best avenue to
obtain further information.  They can get you a document that details what
the Active Directory Health Check involves. 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
 Sent: Sunday, October 16, 2005 7:11 AM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?

 Yes, they (we) do.  I'll check into them and give you an 
 overview of what they do  If I can, to be more correct.

 Rick [msft]
 --
 Posting is provided AS IS, and confers no rights or warranties ...

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: Tuesday, October 11, 2005 9:45 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?

 If find DNSlint to be pretty good, but obviously limited in 
 scope.  I think Dean mentioned to me recently that PSS have a 
 tool that provides BPA-like functionality.  It sounded like 
 the output might be a little too complicated to make it 
 publicly available. 

 Perhaps Dean has more info on this (assuming it's not under NDA)?

 Tony

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
 Sent: Wednesday, 12 October 2005 2:58 p.m.
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?

 The tools are there, but the interpretation is sometimes 
 lacking G I've been told that several companies are 
 currently offering health checks, but I haven't tested any of them.  

 As for Microsoft tools, I'm a fan of using dcdiag and netdiag 
 right after scanning the event logs.  That'll give me an idea 
 of where to focus more effort if needed. Most of what I want 
 to know is going to show up there without having to do too 
 much waving of the magic wand.
 There are some additional tools, but they get used after 
 these two steps in my normal approach. That'll indicate 
 whether or not I have to dig deeper.
 Some other tools such as repadmin are useful as well. And 
 there was a tool, SPA that could be helpful in some 
 situations depending on what you want to know. 

 I haven't seen an AD BPA though.  Be interesting to see one. 

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
 Sent: Tuesday, October 11, 2005 9:34 PM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] AD/DNS BPA?

 lurk mode off

 Stupid question... okay we have Exchange Best practices 
 analyzer right?
 http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx

 I know you guys don't like GUI...but besides DNSlint, 
 dnsdiag, Sysinternals, Joeware stuff and such things... is 
 there currently enough tools in your bag'o'tricks to ensure 
 DNS/AD is set up right?  Do you guys have a tool that you 
 consider 'the' DNS/AD BPA and if so what is it?

 Or is AD/DNS health review like security log reviews/dump 
 files where it's an art and not a science?

 And feel free to lob 'SBS could run on ipx/spx' comments my 
 way as well.

 ;-)

 lurk mode back on

 --
 Letting your vendors set your risk analysis these days?  
 http://www.threatcode.com

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 ##
 ##
 #
 This communication, including any attachments, is confidential.
 If you are not the intended recipient, you should not read it 
 - please contact me immediately, destroy it, and do not copy 
 or use any part of this communication or disclose anything about it.
 Thank You.

 Please note that this communication does not designate an 
 information system for the purposes of the NZ Electronic 
 Transactions Act 2002.

 This email has been scanned for Viruses and Content and 
 cleared by NetIQ MailMarshal at Gen-i.
 ##
 ##
 #

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD/DNS BPA?

2005-10-15 Thread Dean Wells

Ooops ... my apologies :O(

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Friday, October 14, 2005 10:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

Boo, hiss.  It's Engineering Services that offers it, not MCS.  ;

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
 Sent: Thursday, October 13, 2005 11:22 AM
 To: Send - AD mailing list
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 The tool I spoke about in confidence with Tony (just teasing
 ;o) is an offering from MCS known as the ADHC or AD Health Check ... 
 it is a nicely shrink-wrapped series of powerful interrogation 
 scripts/tools that, when compiled by someone sufficiently trained, 
 produces a very detailed configuration breakdown, useful 
 recommendations and/or general mis-configurations.  As I understand 
 it, it is available exclusively via an MCS engagement.
 
 --
 Dean Wells
 MSEtechnology
 * Email: [EMAIL PROTECTED]
 http://msetechnology.com
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: Tuesday, October 11, 2005 7:45 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 If find DNSlint to be pretty good, but obviously limited in scope.  I 
 think Dean mentioned to me recently that PSS have a tool that provides 
 BPA-like functionality.  It sounded like the output might be a little 
 too complicated to make it publicly available.
 
 Perhaps Dean has more info on this (assuming it's not under NDA)?
 
 Tony
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
 Sent: Wednesday, 12 October 2005 2:58 p.m.
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?
 
 The tools are there, but the interpretation is sometimes lacking G 
 I've been told that several companies are currently offering health 
 checks, but I haven't tested any of them.
 
 As for Microsoft tools, I'm a fan of using dcdiag and netdiag right 
 after scanning the event logs.  That'll give me an idea of where to 
 focus more effort if needed. Most of what I want to know is going to 
 show up there without having to do too much waving of the magic wand.
 There are some additional tools, but they get used after these two 
 steps in my normal approach. That'll indicate whether or not I have to 
 dig deeper.
 Some other tools such as repadmin are useful as well. And there was a 
 tool, SPA that could be helpful in some situations depending on what 
 you want to know.
 
 I haven't seen an AD BPA though.  Be interesting to see one. 
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Susan 
 Bradley, CPA aka Ebitz - SBS Rocks [MVP]
 Sent: Tuesday, October 11, 2005 9:34 PM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] AD/DNS BPA?
 
 
 lurk mode off
 
 Stupid question... okay we have Exchange Best practices analyzer 
 right?
 http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
  
 I know you guys don't like GUI...but besides DNSlint, dnsdiag, 
 Sysinternals, Joeware stuff and such things... is there currently 
 enough tools in your bag'o'tricks to ensure DNS/AD is set up right?  
 Do you guys have a tool that you consider 'the' DNS/AD BPA and if so 
 what is it?
 
 Or is AD/DNS health review like security log reviews/dump files where 
 it's an art and not a science?
 
 And feel free to lob 'SBS could run on ipx/spx' comments my way as 
 well.
 
 ;-)
 
 lurk mode back on
 
 --
 
 Letting your vendors set your risk analysis these days?  
 http://www.threatcode.com
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 ##
 ##
 #
 This communication, including any attachments, is confidential.
 If you are not the intended recipient, you should not read it
 - please contact me immediately, destroy it, and do not copy or use 
 any part of this communication or disclose anything about it.
 Thank You.
 
 Please note that this communication does not designate an information 
 system for the purposes of the NZ Electronic Transactions Act 2002.
 
 This email has been scanned for Viruses and Content and cleared by 
 NetIQ MailMarshal at Gen-i.
 ##
 ##
 #
 
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: 
 http://www.mail-archive.com

Re: [ActiveDir] AD/DNS BPA?

2005-10-15 Thread Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]


Microsoft AD Health Check:
http://www.systems-group.net/En/Consultancy+Services/Solutions/Microsoft+AD+Health+Check.htm

Looks like it's talked about here too

Dean Wells wrote:


Ooops ... my apologies :O(

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Friday, October 14, 2005 10:44 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

Boo, hiss.  It's Engineering Services that offers it, not MCS.  ;

 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Thursday, October 13, 2005 11:22 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] AD/DNS BPA?

The tool I spoke about in confidence with Tony (just teasing
;o) is an offering from MCS known as the ADHC or AD Health Check ... 
it is a nicely shrink-wrapped series of powerful interrogation 
scripts/tools that, when compiled by someone sufficiently trained, 
produces a very detailed configuration breakdown, useful 
recommendations and/or general mis-configurations.  As I understand 
it, it is available exclusively via an MCS engagement.


--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, October 11, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

If find DNSlint to be pretty good, but obviously limited in scope.  I 
think Dean mentioned to me recently that PSS have a tool that provides 
BPA-like functionality.  It sounded like the output might be a little 
too complicated to make it publicly available.


Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G 
I've been told that several companies are currently offering health 
checks, but I haven't tested any of them.


As for Microsoft tools, I'm a fan of using dcdiag and netdiag right 
after scanning the event logs.  That'll give me an idea of where to 
focus more effort if needed. Most of what I want to know is going to 
show up there without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two 
steps in my normal approach. That'll indicate whether or not I have to 
dig deeper.
Some other tools such as repadmin are useful as well. And there was a 
tool, SPA that could be helpful in some situations depending on what 
you want to know.


I haven't seen an AD BPA though.  Be interesting to see one. 




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan 
Bradley, CPA aka Ebitz - SBS Rocks [MVP]

Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer 
right?

http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx

I know you guys don't like GUI...but besides DNSlint, dnsdiag, 
Sysinternals, Joeware stuff and such things... is there currently 
enough tools in your bag'o'tricks to ensure DNS/AD is set up right?  
Do you guys have a tool that you consider 'the' DNS/AD BPA and if so 
what is it?


Or is AD/DNS health review like security log reviews/dump files where 
it's an art and not a science?


And feel free to lob 'SBS could run on ipx/spx' comments my way as 
well.


;-)

lurk mode back on

--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
##
##
#
This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read it
- please contact me immediately, destroy it, and do not copy or use 
any part of this communication or disclose anything about it.

Thank You.

Please note that this communication does not designate an information 
system for the purposes of the NZ Electronic Transactions Act 2002.


This email has been scanned for Viruses and Content and cleared by 
NetIQ MailMarshal at Gen-i.

##
##
#

List info   : http://www.activedir.org/List.aspx
List FAQ: http

RE: [ActiveDir] AD/DNS BPA?

2005-10-14 Thread David Adner

Boo, hiss.  It's Engineering Services that offers it, not MCS.  ;

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
 Sent: Thursday, October 13, 2005 11:22 AM
 To: Send - AD mailing list
 Subject: RE: [ActiveDir] AD/DNS BPA?

 The tool I spoke about in confidence with Tony (just teasing 
 ;o) is an offering from MCS known as the ADHC or AD Health 
 Check ... it is a nicely shrink-wrapped series of powerful 
 interrogation scripts/tools that, when compiled by someone 
 sufficiently trained, produces a very detailed configuration 
 breakdown, useful recommendations and/or general 
 mis-configurations.  As I understand it, it is available 
 exclusively via an MCS engagement.

 --
 Dean Wells
 MSEtechnology
 * Email: [EMAIL PROTECTED]
 http://msetechnology.com

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
 Sent: Tuesday, October 11, 2005 7:45 PM
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?

 If find DNSlint to be pretty good, but obviously limited in 
 scope.  I think Dean mentioned to me recently that PSS have a 
 tool that provides BPA-like functionality.  It sounded like 
 the output might be a little too complicated to make it 
 publicly available. 

 Perhaps Dean has more info on this (assuming it's not under NDA)?

 Tony

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
 Sent: Wednesday, 12 October 2005 2:58 p.m.
 To: ActiveDir@mail.activedir.org
 Subject: RE: [ActiveDir] AD/DNS BPA?

 The tools are there, but the interpretation is sometimes 
 lacking G I've been told that several companies are 
 currently offering health checks, but I haven't tested any of them.  

 As for Microsoft tools, I'm a fan of using dcdiag and netdiag 
 right after scanning the event logs.  That'll give me an idea 
 of where to focus more effort if needed. Most of what I want 
 to know is going to show up there without having to do too 
 much waving of the magic wand.
 There are some additional tools, but they get used after 
 these two steps in my normal approach. That'll indicate 
 whether or not I have to dig deeper.
 Some other tools such as repadmin are useful as well. And 
 there was a tool, SPA that could be helpful in some 
 situations depending on what you want to know. 

 I haven't seen an AD BPA though.  Be interesting to see one. 

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
 Sent: Tuesday, October 11, 2005 9:34 PM
 To: ActiveDir@mail.activedir.org
 Subject: [ActiveDir] AD/DNS BPA?

 lurk mode off

 Stupid question... okay we have Exchange Best practices 
 analyzer right?
 http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx

 I know you guys don't like GUI...but besides DNSlint, 
 dnsdiag, Sysinternals, Joeware stuff and such things... is 
 there currently enough tools in your bag'o'tricks to ensure 
 DNS/AD is set up right?  Do you guys have a tool that you 
 consider 'the' DNS/AD BPA and if so what is it?

 Or is AD/DNS health review like security log reviews/dump 
 files where it's an art and not a science?

 And feel free to lob 'SBS could run on ipx/spx' comments my 
 way as well.

 ;-)

 lurk mode back on

 --

 Letting your vendors set your risk analysis these days?  
 http://www.threatcode.com

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive:
 http://www.mail-archive.com/activedir%40mail.activedir.org/
 ##
 ##
 #
 This communication, including any attachments, is confidential.
 If you are not the intended recipient, you should not read it 
 - please contact me immediately, destroy it, and do not copy 
 or use any part of this communication or disclose anything about it.
 Thank You.

 Please note that this communication does not designate an 
 information system for the purposes of the NZ Electronic 
 Transactions Act 2002.

 This email has been scanned for Viruses and Content and 
 cleared by NetIQ MailMarshal at Gen-i.
 ##
 ##
 #

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

 List info   : http://www.activedir.org/List.aspx
 List FAQ: http://www.activedir.org/ListFAQ.aspx
 List archive: 
 http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org

RE: [ActiveDir] AD/DNS BPA?

2005-10-13 Thread Dean Wells

The tool I spoke about in confidence with Tony (just teasing ;o) is an
offering from MCS known as the ADHC or AD Health Check ... it is a nicely
shrink-wrapped series of powerful interrogation scripts/tools that, when
compiled by someone sufficiently trained, produces a very detailed
configuration breakdown, useful recommendations and/or general
mis-configurations.  As I understand it, it is available exclusively via an
MCS engagement.

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, October 11, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

If find DNSlint to be pretty good, but obviously limited in scope.  I think
Dean mentioned to me recently that PSS have a tool that provides BPA-like
functionality.  It sounded like the output might be a little too complicated
to make it publicly available. 

Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G I've
been told that several companies are currently offering health checks, but I
haven't tested any of them.  

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after
scanning the event logs.  That'll give me an idea of where to focus more
effort if needed. Most of what I want to know is going to show up there
without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two steps in
my normal approach. That'll indicate whether or not I have to dig deeper.
Some other tools such as repadmin are useful as well. And there was a tool,
SPA that could be helpful in some situations depending on what you want to
know. 

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals,
Joeware stuff and such things... is there currently enough tools in your
bag'o'tricks to ensure DNS/AD is set up right?  Do you guys have a tool that
you consider 'the' DNS/AD BPA and if so what is it?

Or is AD/DNS health review like security log reviews/dump files where it's
an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as well.

;-)

lurk mode back on

--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

#
This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read it - please
contact me immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it.
Thank You.

Please note that this communication does not designate an information system
for the purposes of the NZ Electronic Transactions Act 2002.

This email has been scanned for Viruses and Content and cleared by NetIQ
MailMarshal at Gen-i.

#

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD/DNS BPA?

2005-10-13 Thread Free, Bob

We had one last year and it was a rather extraordinary experience IMHO.
We learned a lot and picked up a lot of tips and tools from the MCS guys
(Well they were ROSS guys actually) They also did an Exchange Health
Check.

One of the things they leave behind in the tool set besides all the
other goodies is the ADHC website material so you can have your own up
and running all the time.

I *think* we had some extra incidents/resources left over from our
premier pool and that's what paid for it

Highly recommended even if you don't think you have any problems just
for the information/knowledge transfer alone.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Thursday, October 13, 2005 9:22 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] AD/DNS BPA?

The tool I spoke about in confidence with Tony (just teasing ;o) is an
offering from MCS known as the ADHC or AD Health Check ... it is a
nicely
shrink-wrapped series of powerful interrogation scripts/tools that, when
compiled by someone sufficiently trained, produces a very detailed
configuration breakdown, useful recommendations and/or general
mis-configurations.  As I understand it, it is available exclusively via
an
MCS engagement.

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, October 11, 2005 7:45 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

If find DNSlint to be pretty good, but obviously limited in scope.  I
think
Dean mentioned to me recently that PSS have a tool that provides
BPA-like
functionality.  It sounded like the output might be a little too
complicated
to make it publicly available. 

Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G
I've
been told that several companies are currently offering health checks,
but I
haven't tested any of them.  

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right
after
scanning the event logs.  That'll give me an idea of where to focus more
effort if needed. Most of what I want to know is going to show up there
without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two steps
in
my normal approach. That'll indicate whether or not I have to dig
deeper.
Some other tools such as repadmin are useful as well. And there was a
tool,
SPA that could be helpful in some situations depending on what you want
to
know. 

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag,
Sysinternals,
Joeware stuff and such things... is there currently enough tools in your
bag'o'tricks to ensure DNS/AD is set up right?  Do you guys have a tool
that
you consider 'the' DNS/AD BPA and if so what is it?

Or is AD/DNS health review like security log reviews/dump files where
it's
an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as well.

;-)

lurk mode back on

--

Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

#
This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read it - please
contact me immediately, destroy it, and do not copy or use any part of
this
communication or disclose anything about it.
Thank You.

Please note that this communication does not designate an information
system
for the purposes of the NZ Electronic Transactions Act 2002.

This email has been scanned for Viruses and Content and cleared by NetIQ
MailMarshal at Gen-i.

#

List info   : http://www.activedir.org/List.aspx
List FAQ: http

RE: [ActiveDir] AD/DNS BPA?

2005-10-12 Thread neil.ruston

I can see a need for a BPA for AD but also a tool which can go out and
discover an AD and report back on all of its nuances in detail (maybe
this would be one utility, offering both of the above features).

I'm still waiting for a good AD/DC stress test tool to emerge too...


neil

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: 12 October 2005 02:34
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?

lurk mode off

Stupid question... okay we have Exchange Best practices analyzer right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag,
Sysinternals, Joeware stuff and such things... is there currently enough
tools in your bag'o'tricks to ensure DNS/AD is set up right?  Do you
guys have a tool that you consider 'the' DNS/AD BPA and if so what is
it?

Or is AD/DNS health review like security log reviews/dump files where
it's an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as well.

;-)

lurk mode back on

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/



PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments.  NIplc
does not provide investment services to private customers.  Authorised and
regulated by the Financial Services Authority.  Registered in England
no. 1550505 VAT No. 447 2492 35.  Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP.  A member of the Nomura group of companies.

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD/DNS BPA?

2005-10-11 Thread Al Mulnick

The tools are there, but the interpretation is sometimes lacking G  I've
been told that several companies are currently offering health checks, but I
haven't tested any of them.  

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after
scanning the event logs.  That'll give me an idea of where to focus more
effort if needed. Most of what I want to know is going to show up there
without having to do too much waving of the magic wand. There are some
additional tools, but they get used after these two steps in my normal
approach. That'll indicate whether or not I have to dig deeper.  Some other
tools such as repadmin are useful as well. And there was a tool, SPA that
could be helpful in some situations depending on what you want to know. 

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag, 
Sysinternals, Joeware stuff and such things... is there currently enough 
tools in your bag'o'tricks to ensure DNS/AD is set up right?  Do you 
guys have a tool that you consider 'the' DNS/AD BPA and if so what is it?

Or is AD/DNS health review like security log reviews/dump files where 
it's an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as well.

;-)

lurk mode back on

-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD/DNS BPA?

2005-10-11 Thread Tony Murray

If find DNSlint to be pretty good, but obviously limited in scope.  I
think Dean mentioned to me recently that PSS have a tool that provides
BPA-like functionality.  It sounded like the output might be a little
too complicated to make it publicly available. 

Perhaps Dean has more info on this (assuming it's not under NDA)?

Tony

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, 12 October 2005 2:58 p.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD/DNS BPA?

The tools are there, but the interpretation is sometimes lacking G
I've been told that several companies are currently offering health
checks, but I haven't tested any of them.  

As for Microsoft tools, I'm a fan of using dcdiag and netdiag right
after scanning the event logs.  That'll give me an idea of where to
focus more effort if needed. Most of what I want to know is going to
show up there without having to do too much waving of the magic wand.
There are some additional tools, but they get used after these two steps
in my normal approach. That'll indicate whether or not I have to dig
deeper.  Some other tools such as repadmin are useful as well. And there
was a tool, SPA that could be helpful in some situations depending on
what you want to know. 

I haven't seen an AD BPA though.  Be interesting to see one. 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Sent: Tuesday, October 11, 2005 9:34 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD/DNS BPA?


lurk mode off

Stupid question... okay we have Exchange Best practices analyzer right?
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
 
I know you guys don't like GUI...but besides DNSlint, dnsdiag,
Sysinternals, Joeware stuff and such things... is there currently enough
tools in your bag'o'tricks to ensure DNS/AD is set up right?  Do you
guys have a tool that you consider 'the' DNS/AD BPA and if so what is
it?

Or is AD/DNS health review like security log reviews/dump files where
it's an art and not a science?

And feel free to lob 'SBS could run on ipx/spx' comments my way as well.

;-)

lurk mode back on

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

#
This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read it - please
contact me immediately, destroy it, and do not copy or use any part of
this communication or disclose anything about it.
Thank You.

Please note that this communication does not designate an information
system for the purposes of the NZ Electronic Transactions Act 2002.

This email has been scanned for Viruses and Content and cleared by NetIQ
MailMarshal at Gen-i.

#

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

Re: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

RE: [ActiveDir] AD/DNS BPA?

13 matches

Site Navigation

Mail list logo

Footer information