So today I ran across a tool on posted on the forums at petri.co.il called the Microsoft IT Environment Health Scanner. Now I guess this came out back in August but it is new news to me. This tool kind of takes off from their Best Practices Analyzers and narrows it down to just your Active Dirctory topology. It will take a couple minutes, depending on the size of your Active Directory Domain, to scan your topology and check it against a set of checks which Microsoft determines, then reports back to you the results of either Good, Warning, or Error. Here is Microsoft’s official description about it:
“The Microsoft IT Environment Health Scanner is a diagnostic tool that is designed for administrators of small or medium-sized networks (recommended up to 20 servers and up to 500 client computers) who want to assess the overall health of their network infrastructure. The tool identifies common problems that can prevent your network environment from functioning properly as well as problems that can interfere with infrastructure upgrades, deployments, and migration.
When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:
- Configuration of sites and subnets in Active Directory
- Replication of Active Directory, the file system, and SYSVOL shared folders
- Name resolution by the Domain Name System (DNS)
- Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
- Health of the domain controllers
- Configuration of the Network Time Protocol (NTP) for all domain controllers
If a problem is found, the tool describes the problem, indicates the severity, and links you to guidance at the Microsoft Web site (such as a Knowledge Base article) to help you resolve the problem. You can save or print a report for later review. The tool does not change anything on your computer or your network. ”
Now this is where I found this useful. Two weekends ago we closed down one of our remote offices. That office had an Active Directory Domain Controller and DNS server. Even though we properly demoted the server and removed it from the domain, we found that we had a 3rd DNS server configured on 4 of our other domain controllers at a few other sites pointing to this server, something which can easily be overlooked. It was nice that we were able to figure this out today rather than have something happen and wonder why we are seeing requests for an old server still running around the network.