RE: [ActiveDir] AD/DNS BPA?
Huh. That doesn't appear to be _US_ I wonder if the Engineering Services group knows that a third party (Partner at that) is advertising these services. Honestly, I didn't think that we farmed those services out Checking. Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Saturday, October 15, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] AD/DNS BPA? Microsoft AD Health Check: http://www.systems-group.net/En/Consultancy+Services/Solutions/Microsoft+AD+ Health+Check.htm Looks like it's talked about here too Dean Wells wrote: Ooops ... my apologies :O( -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, October 14, 2005 10:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Boo, hiss. It's Engineering Services that offers it, not MCS. ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 11:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ## ## # This communication, including any attachments, is confidential. If you are not the intended recipient
RE: [ActiveDir] AD/DNS BPA?
Yes, they (we) do. I'll check into them and give you an overview of what they do If I can, to be more correct. Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 9:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. # List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/DNS BPA?
That isn't necessarily the same check. I have seen several companies who have offered an AD Healthcheck. Occasionally they even know something about AD. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Sunday, October 16, 2005 8:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Huh. That doesn't appear to be _US_ I wonder if the Engineering Services group knows that a third party (Partner at that) is advertising these services. Honestly, I didn't think that we farmed those services out Checking. Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Saturday, October 15, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] AD/DNS BPA? Microsoft AD Health Check: http://www.systems-group.net/En/Consultancy+Services/Solutions/Microsoft+AD+ Health+Check.htm Looks like it's talked about here too Dean Wells wrote: Ooops ... my apologies :O( -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, October 14, 2005 10:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Boo, hiss. It's Engineering Services that offers it, not MCS. ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 11:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir
RE: [ActiveDir] AD/DNS BPA?
Correct, that's a 3rd party's offering that has no relation to MS's workshop. There are multiple companies who offer Active Directory Health Checks like aren't part of MS's workshop. I don't believe the term is copyrighted. :) Essentially, if it wasn't arranged via a company's Premier support contract then it's pretty much guaranteed to be a 3rd party company, not MS. I've never sat through another company's health check so I can't offer a comparison. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Sunday, October 16, 2005 7:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Huh. That doesn't appear to be _US_ I wonder if the Engineering Services group knows that a third party (Partner at that) is advertising these services. Honestly, I didn't think that we farmed those services out Checking. Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Saturday, October 15, 2005 1:32 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] AD/DNS BPA? Microsoft AD Health Check: http://www.systems-group.net/En/Consultancy+Services/Solutions /Microsoft+AD+ Health+Check.htm Looks like it's talked about here too Dean Wells wrote: Ooops ... my apologies :O( -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, October 14, 2005 10:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Boo, hiss. It's Engineering Services that offers it, not MCS. ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 11:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA
RE: [ActiveDir] AD/DNS BPA?
To the original poster, if you have a TAM that would be the best avenue to obtain further information. They can get you a document that details what the Active Directory Health Check involves. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Sunday, October 16, 2005 7:11 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Yes, they (we) do. I'll check into them and give you an overview of what they do If I can, to be more correct. Rick [msft] -- Posting is provided AS IS, and confers no rights or warranties ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 9:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ## ## # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. ## ## # List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/DNS BPA?
Ooops ... my apologies :O( -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, October 14, 2005 10:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Boo, hiss. It's Engineering Services that offers it, not MCS. ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 11:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ## ## # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. ## ## # List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com
Re: [ActiveDir] AD/DNS BPA?
Microsoft AD Health Check: http://www.systems-group.net/En/Consultancy+Services/Solutions/Microsoft+AD+Health+Check.htm Looks like it's talked about here too Dean Wells wrote: Ooops ... my apologies :O( -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner Sent: Friday, October 14, 2005 10:44 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? Boo, hiss. It's Engineering Services that offers it, not MCS. ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 11:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ## ## # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. ## ## # List info : http://www.activedir.org/List.aspx List FAQ: http
RE: [ActiveDir] AD/DNS BPA?
Boo, hiss. It's Engineering Services that offers it, not MCS. ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 11:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ## ## # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. ## ## # List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org
RE: [ActiveDir] AD/DNS BPA?
The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. # List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/DNS BPA?
We had one last year and it was a rather extraordinary experience IMHO. We learned a lot and picked up a lot of tips and tools from the MCS guys (Well they were ROSS guys actually) They also did an Exchange Health Check. One of the things they leave behind in the tool set besides all the other goodies is the ADHC website material so you can have your own up and running all the time. I *think* we had some extra incidents/resources left over from our premier pool and that's what paid for it Highly recommended even if you don't think you have any problems just for the information/knowledge transfer alone. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, October 13, 2005 9:22 AM To: Send - AD mailing list Subject: RE: [ActiveDir] AD/DNS BPA? The tool I spoke about in confidence with Tony (just teasing ;o) is an offering from MCS known as the ADHC or AD Health Check ... it is a nicely shrink-wrapped series of powerful interrogation scripts/tools that, when compiled by someone sufficiently trained, produces a very detailed configuration breakdown, useful recommendations and/or general mis-configurations. As I understand it, it is available exclusively via an MCS engagement. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Tuesday, October 11, 2005 7:45 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. # List info : http://www.activedir.org/List.aspx List FAQ: http
RE: [ActiveDir] AD/DNS BPA?
I can see a need for a BPA for AD but also a tool which can go out and discover an AD and report back on all of its nuances in detail (maybe this would be one utility, offering both of the above features). I'm still waiting for a good AD/DC stress test tool to emerge too... neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: 12 October 2005 02:34 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/DNS BPA?
The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD/DNS BPA?
If find DNSlint to be pretty good, but obviously limited in scope. I think Dean mentioned to me recently that PSS have a tool that provides BPA-like functionality. It sounded like the output might be a little too complicated to make it publicly available. Perhaps Dean has more info on this (assuming it's not under NDA)? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, 12 October 2005 2:58 p.m. To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] AD/DNS BPA? The tools are there, but the interpretation is sometimes lacking G I've been told that several companies are currently offering health checks, but I haven't tested any of them. As for Microsoft tools, I'm a fan of using dcdiag and netdiag right after scanning the event logs. That'll give me an idea of where to focus more effort if needed. Most of what I want to know is going to show up there without having to do too much waving of the magic wand. There are some additional tools, but they get used after these two steps in my normal approach. That'll indicate whether or not I have to dig deeper. Some other tools such as repadmin are useful as well. And there was a tool, SPA that could be helpful in some situations depending on what you want to know. I haven't seen an AD BPA though. Be interesting to see one. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, October 11, 2005 9:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/DNS BPA? lurk mode off Stupid question... okay we have Exchange Best practices analyzer right? http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx I know you guys don't like GUI...but besides DNSlint, dnsdiag, Sysinternals, Joeware stuff and such things... is there currently enough tools in your bag'o'tricks to ensure DNS/AD is set up right? Do you guys have a tool that you consider 'the' DNS/AD BPA and if so what is it? Or is AD/DNS health review like security log reviews/dump files where it's an art and not a science? And feel free to lob 'SBS could run on ipx/spx' comments my way as well. ;-) lurk mode back on -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ # This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank You. Please note that this communication does not designate an information system for the purposes of the NZ Electronic Transactions Act 2002. This email has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i. # List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/