In the last post Permanent Link to Active Directory Health Check part 1 I wrote about the reasons companies commonly want to perform an Active Directory Health Check, if I’ve overlooked any common reason you think should be included please shoot me an email: dan.brinkmann@webactivedirectory.com

To review, the major components we’ll be covering in our Active Directory Health Check:

• Replication
• Domain controller health
• Directory objects
• Network services health

So, lets start with part 2 of the Active Directory Health check series and the first bullet item on the list… Replication.

When I refer to replication I am referring to these items:

• File Replication Service
• Active Directory Replication
• Group Policy Object Replication

I think Group Policy Object replication could probably be included as part of File Replication but I’ve broken it out separately as I think it’s a very important portion of this Active Directory Health Check.

So what are we looking for?  Well with the File Replication Service we’re checking the consistency of the objects being replicated across domain controllers using tools like FRSDiag, Sonar, and Ultrasound.  What do we need FRS do in an Active Directory environment you ask?  FRS is the mechanism Active Directory uses to replicate directory information, Group Policy objects, and SYSVOL.

In diagnosing Active Directory replication issues repadmin is your friend, albeit one you only seem to call when things are bad.  Repadmin will give you a look into the replication status and queues between domain controllers.

Group Policy Object Replication is something I have had trouble placing into a particular category and maybe after typing this Active Directory Health Check Series I’ll change my mind again and move it.  Either way, the goal here is to use GPOTool and ensure that the information in SYSVOL is consistent with the GPO information in the directory.  It also validates that GPO’s are consistent between domain controllers. I can personally tell you I have MANY TIMES seen information between Active Directory and SYSVOL not consistent.

That’s all for tonight, For more information contact us.

Want to learn more about tools to help manage Active Directory, visit us at http://www.webactivedirectory.com