Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

What is the best tool to use when you want to analyse a Windows Domain Controlller

I have been asked to analyse user accounts configured on a Windows Domain Controller server. What is the best tool i can use to analyse these users. 
You must sign in to rate content.
(1 ratings)

Comments

RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

Try Domain Controller Diagnostic Tool (Dcdiag), it runs automatic series of tests. However it only reports on severe problems but gives you suggestions for potential fixes and potential consequences of the problem.

Below are some of the Domain Controller issues the a Dcdiag can report on

   Connectivity
  • Replication
  • Topology Integrity
  • Directory Partition Head Permissions
  • User Permissions
  • Locator Functionality
  • Inter-site Health
  • Trust Verification
  • Diagnose Replication Latencies
  • Replication of Trust Objects
  • File Replication Service
  • Critical Services Check .
  • Wyson027Lively at 5/2/2012 8:22:43 AM Quote
    You must sign in to rate content.
    (2 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Thanks Wyson027, will try to use the tool and see how helpful it is 
    Lusayo758Lively at 5/2/2012 9:24:33 AM Quote
    You must sign in to rate content.
    (Unrated)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    IMHO Dcdiag is too technical for auditors. System Administrator can allow sufficient access to an auditor to browse the Users & Computers portion of the Active Directory to get insight into all aspects of User Accounts for analysis.

    A. Abbas
    A. Anwer AbbasObserver at 5/26/2012 9:19:25 PM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Try the good old Microsoft Baseline Security Analyzer (MBSA)
    Vincent084Energizer at 11/30/2012 8:42:43 AM Quote
    You must sign in to rate content.
    (2 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    +1 for MBSA, gives you details about which accounts are in the Administrator group, which local accounts have weak passwords and which local accounts have non-expiry passwords. I use MBSA in conjunction with DumpSec, another free tool, which gives a bit more information. For detailed information, I would always recommend using SekChek. It gives a very detailed report about user accounts. Its only a couple of hundred £'s per report. A one off report is definitely advisable. You'll be so surprised at the results
    Haroon141Observer at 2/8/2013 8:18:00 AM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    GFL Languard is a good tool but you need to put Admin 

    Credentials to perform the scan ...

    SONU498Lively at 11/20/2013 12:52:25 AM Quote
    You must sign in to rate content.
    (3 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    powershell, easy and fast
    nooruddinEnergizer at 7/21/2014 4:29:33 AM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    1) Active Directory Best Practices Analyzer (ADBPA) tool
    2) Microsoft Product Support (MPS) Reports diagnostic script
    3) Repadmin and Replsum
    4) DCDiag /Test:DNS
    5) DNSCMD Command-Line Tool
     All these tools are useful.
    Gopichand PLively at 8/16/2014 4:46:23 AM Quote
    You must sign in to rate content.
    (Unrated)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    1) Active Directory Best Practices Analyzer (ADBPA) tool
    2) Microsoft Product Support (MPS) Reports diagnostic script
    3) Repadmin and Replsum
    4) DCDiag /Test:DNS
    5) DNSCMD Command-Line Tool
     All these tools are useful.
    Gopichand PLively at 8/16/2014 4:46:23 AM Quote
    You must sign in to rate content.
    (Unrated)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    powershell, easy and fast
    nooruddinEnergizer at 7/21/2014 4:29:33 AM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    GFL Languard is a good tool but you need to put Admin 

    Credentials to perform the scan ...

    SONU498Lively at 11/20/2013 12:52:25 AM Quote
    You must sign in to rate content.
    (3 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    +1 for MBSA, gives you details about which accounts are in the Administrator group, which local accounts have weak passwords and which local accounts have non-expiry passwords. I use MBSA in conjunction with DumpSec, another free tool, which gives a bit more information. For detailed information, I would always recommend using SekChek. It gives a very detailed report about user accounts. Its only a couple of hundred £'s per report. A one off report is definitely advisable. You'll be so surprised at the results
    Haroon141Observer at 2/8/2013 8:18:00 AM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Try the good old Microsoft Baseline Security Analyzer (MBSA)
    Vincent084Energizer at 11/30/2012 8:42:43 AM Quote
    You must sign in to rate content.
    (2 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    IMHO Dcdiag is too technical for auditors. System Administrator can allow sufficient access to an auditor to browse the Users & Computers portion of the Active Directory to get insight into all aspects of User Accounts for analysis.

    A. Abbas
    A. Anwer AbbasObserver at 5/26/2012 9:19:25 PM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Thanks Wyson027, will try to use the tool and see how helpful it is 
    Lusayo758Lively at 5/2/2012 9:24:33 AM Quote
    You must sign in to rate content.
    (Unrated)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Try Domain Controller Diagnostic Tool (Dcdiag), it runs automatic series of tests. However it only reports on severe problems but gives you suggestions for potential fixes and potential consequences of the problem.

    Below are some of the Domain Controller issues the a Dcdiag can report on

       Connectivity
  • Replication
  • Topology Integrity
  • Directory Partition Head Permissions
  • User Permissions
  • Locator Functionality
  • Inter-site Health
  • Trust Verification
  • Diagnose Replication Latencies
  • Replication of Trust Objects
  • File Replication Service
  • Critical Services Check .
  • Wyson027Lively at 5/2/2012 8:22:43 AM Quote
    You must sign in to rate content.
    (2 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    powershell, easy and fast
    nooruddinEnergizer at 7/21/2014 4:29:33 AM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    +1 for MBSA, gives you details about which accounts are in the Administrator group, which local accounts have weak passwords and which local accounts have non-expiry passwords. I use MBSA in conjunction with DumpSec, another free tool, which gives a bit more information. For detailed information, I would always recommend using SekChek. It gives a very detailed report about user accounts. Its only a couple of hundred £'s per report. A one off report is definitely advisable. You'll be so surprised at the results
    Haroon141Observer at 2/8/2013 8:18:00 AM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    GFL Languard is a good tool but you need to put Admin 

    Credentials to perform the scan ...

    SONU498Lively at 11/20/2013 12:52:25 AM Quote
    You must sign in to rate content.
    (3 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Try the good old Microsoft Baseline Security Analyzer (MBSA)
    Vincent084Energizer at 11/30/2012 8:42:43 AM Quote
    You must sign in to rate content.
    (2 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Try Domain Controller Diagnostic Tool (Dcdiag), it runs automatic series of tests. However it only reports on severe problems but gives you suggestions for potential fixes and potential consequences of the problem.

    Below are some of the Domain Controller issues the a Dcdiag can report on

       Connectivity
  • Replication
  • Topology Integrity
  • Directory Partition Head Permissions
  • User Permissions
  • Locator Functionality
  • Inter-site Health
  • Trust Verification
  • Diagnose Replication Latencies
  • Replication of Trust Objects
  • File Replication Service
  • Critical Services Check .
  • Wyson027Lively at 5/2/2012 8:22:43 AM Quote
    You must sign in to rate content.
    (2 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    IMHO Dcdiag is too technical for auditors. System Administrator can allow sufficient access to an auditor to browse the Users & Computers portion of the Active Directory to get insight into all aspects of User Accounts for analysis.

    A. Abbas
    A. Anwer AbbasObserver at 5/26/2012 9:19:25 PM Quote
    You must sign in to rate content.
    (1 ratings)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    Thanks Wyson027, will try to use the tool and see how helpful it is 
    Lusayo758Lively at 5/2/2012 9:24:33 AM Quote
    You must sign in to rate content.
    (Unrated)

    RE: What is the best tool to use when you want to analyse a Windows Domain Controlller

    1) Active Directory Best Practices Analyzer (ADBPA) tool
    2) Microsoft Product Support (MPS) Reports diagnostic script
    3) Repadmin and Replsum
    4) DCDiag /Test:DNS
    5) DNSCMD Command-Line Tool
     All these tools are useful.
    Gopichand PLively at 8/16/2014 4:46:23 AM Quote
    You must sign in to rate content.
    (Unrated)

    Leave a Comment

    * required

    You must login to leave a comment.