Active Directory Assessment Flow

Contents
Background ............................................................................................................................................. 2
Executive Summary ................................................................................................................................. 2
Cost factor ............................................................................................................................................... 3
Active Directory Assessment Flow .......................................................................................................... 4
Data Collection ........................................................................................................................................ 5
Questionnaire ................................................................................................................................. 5
Individual Discussion ....................................................................................................................... 5
Workshop ........................................................................................................................................ 5
Discovery ................................................................................................................................................. 6
Gathering Document: ..................................................................................................................... 6
Blueprint of Active Directory Design............................................................................................... 6
Dependency .................................................................................................................................... 6
Expending Tool ........................................................................................................................................ 7
Check the Pre-requisite ................................................................................................................... 7
Installation & Verify ........................................................................................................................ 7
Execute the Tool ............................................................................................................................. 7
Assessment Summary/ Report................................................................................................................ 8
Executive Summary Report ............................................................................................................. 8
Technical Findings Report ............................................................................................................... 8
Remediation Plan .................................................................................................................................... 9

Active Directory Assessment Flow Page 1

Background

Migrating or consolidating Active Directory one of the challenge for any of the project team, before
planning to migration we have to do the existing Active Directory environment assessment plan. The
Active Directory assessment is a project includes documentation of the current design, operation,
and management of Active Directory. This includes documenting the following:

• Overall strategic design goals for each major Active Directory component and element.
• Security of Active Directory physical and logical components and elements.
• Current Active Directory physical infrastructure, including domain controller configuration
and placement, domain controller security, and network support for domain operations.
• Documenting the logical Active Directory architecture, including Organization Unit structure
and Site structure.
• Overall operation of current AD support and management.
• Gap analysis comparing current state to Microsoft best practices and customers Objectives

Executive Summary
Lot of organization still using the Active Directory 2003, as we already know Microsoft already
removed the support for Windows Server 2003. Everyone know Microsoft Active Directory is the
critical backbone to support in enterprises information structure. A poor functioning of Active
Directory environment affects security boundaries, replication, and delegation, causing significant
impact to the business. The Risk and Health Assessment Program for Active Directory is the one of
the best way for proactively diagnose and troubleshoot potential issues, and also prepare the plan to
address existing issues and prevent future problem.

Also if you are using Active Directory 2008 R2 and having heterogenic environment and you want to
consolidate on single forest or single domain, assessment also require.

Active Directory Assessment Flow Page 2

Cost factor
One of the main factor to consolidate/restructuring the your Active Directory is the potential cost
involved, such as for administration for multiple domain is big task now to get simplify the Active
Directory with in organization by consolidate multiple domain to single domain or multi forest
environment to single forest

There are pro and cons to consolidate/restructure domain/forest or upgrade Active Directory,
following are the disruptive in many way to your organization’s daily IT operations such as:

• Administration of users, groups, computers, and printers

• Client computer deployment, management and maintenance
• Authentication, authorization and access to shared folders, shared printers, and other
network resources
• Authentication, authorization and access to server applications and services
• Delegation of authority to perform Active Directory administration
• The amount of WAN traffic used for Active Directory replication between sites in the same
domain
• Many other factors

Of course, consolidate/restructure domain/forest or upgrade Active Directory has its own list of
compelling cost benefits including:

• More centralized management and monitoring of Active Directory and server applications
• Fewer domain controllers to manage and maintain in your environment
• Easier troubleshooting of Active Directory replication problems and trust issues
• Fewer problems with inconsistencies in how Group Policy is configured and applied
• Simplified implementation and management of bring your own device (BYOD)
• Simplified authentication and access control when provisioning and using cloud services
• Easier to integrate on-premises infrastructure with public or hosted clouds to form hybrid
cloud solutions
• Simpler auditing and compliance to meet industry sector or governmental requirements
• Easier forest/domain consolidation going forward should corporate mergers or acquisitions
occur.

Active Directory Assessment Flow Page 3

Active Directory Assessment Flow
Assessment of the Active Directory provides an in-depth analysis of an organization and provide the
collective data for identify areas for remediation.

Individual
Data Collection Questionnaire Discussion Workshop

Gathering Blueprint of
Discovery Active Directory Dependency
Document
Design

Expending Tool Check the Pre- Installation & Execute the

requisite Verify Tool

Assessment Executive Technical

Summary/ Summary Report Findings Report Remediation Plan
Report

Active Directory Assessment Flow Page 4

Data Collection

Questionnaire
Project Team prepared an Assessment Questionnaire customized for the customer requirements. This
questionnaire was sent to the respective stakeholders prior to the meeting.

Individual Discussion
Project Team identified and met the Stakeholders individually. The Data was gathered with the help
of questionnaire and follow-up meetings on the same. Project team engaged the stakeholders in a
follow-up meeting, if there was any pending information, which could not be completed within the
stipulated time. This follow-up meeting was also required, to gather additional information.

The gathered information was then sent back to the Stakeholder, for verification of the data. The
stakeholder was expected to validate the Data Document, and resend the document to Project Team,
giving his consent, or suggesting modifications. Project Team would then measure the data from the
various stakeholders, and validate for a single solution.

Workshop
The objective of this workshop was to validate ascertain the Data from various sources, and iron out
any discrepancy in Project Team’s understanding of the gathered data.

Active Directory Assessment Flow Page 5

Discovery

Gathering Document:
The Active Directory assessment is the includes documentation of the current design, operation, and
management of Active Directory. This includes documenting the following:

• Overall strategic design goals for each major Active Directory component and element.
• Security of Active Directory physical and logical components and elements.
• Current Active Directory physical infrastructure, including domain controller configuration
and placement, domain controller security, and network support for domain operations.
• Documenting the logical Active Directory architecture, including Organization Unit structure
and Site structure.
• Overall operation of current AD support and management.
• Gap analysis comparing current state to Microsoft best practices and Organization
Objectives.

Blueprint of Active Directory Design

Assessment of the Active Directory includes a detailed blueprint of Active Directory design and
operations based on the available features in Windows Server 200x Active Directory. The goal is to
produce a set of recommendations and a migration plan that allows meets the long term business
goals with a focus on the following.

1. Security

2. Reduction in total cost of ownership of AD infrastructure

3. Efficiency gains

4. Administration improvements

4. Legal factors

4. Scalability for future growth.

Dependency
One of the most complicate part is the assessment is dependency of Active Directory. Firstly we
need to gather all the information of the dependency services/application. How the
services/application is integrated with the Active Directory and what is the impact.

Active Directory Assessment Flow Page 6

Expending Tool

Microsoft ADRAP provides critical insight into the health of your directory services. It helps
proactively diagnose and trouble-shoot potential issues, and also create a plan to address current
issues and prevent future problems.

Check the Pre-requisite

To installation of the Assessment tool in the Active Directory forest, the following is required:
• Enterprise administration access.
• High-end workstation or server-class computer.
• Windows Server 2003 or later, depending on the version of the domain controllers in the
forest.
• Microsoft Office Visio 2007 or later.
• Full RPC access to all forest domain controllers.
• English version of the operating system and English locale in the regional settings.

Installation & Verify

Verify the log and events after installation; it will give the immense information whether tool is
installed successfully or not. For assessment of the Active Directory tool must be installed without
warning/error.

Execute the Tool

After verify the installation, we are ready to execute the Assessment tool and provide the require
information.

Active Directory Assessment Flow Page 7

Assessment Summary/ Report

Data collection is the key component of a successful engagement. Designed to take advantage of
Windows Management Instrumentation (WMI), the Risk Assessment and Diagnostic Tool for Active
Directory integrates directly with the core Operating System Management interface.

Executive Summary Report

This report contains an in-depth description of all issues identified in customer environment. The
following scorecard is a consolidated view of the risk assessment, based on the collected data and
the answers provided during the operational interview.
Using a scale of High, Medium, and Low, the scorecard illustrates the likelihood of encountering
issues in a specific category.

Low: Indicates that no significant issues were found in this area that posed a future risk
to service.
Medium: Indicates that issues were identified that should be addressed in the near-term to
prevent future disruptions in service.
High: Indicates that critical issues exist that must be addressed immediately to prevent
significant disruptions in service.

Additionally, overall risk levels for each major category are determined based on the cumulative
results of its sub categories. Categories containing at least one high-risk issue will be presented as
High risk. Categories containing Medium or Low risk issues will be presented as such unless the
cumulative values of the identified issues indicate a high-risk level. Subsequent to the consolidated
scorecard, the High, Medium, and Low scorecards are presented to show you the specific issues
within the major and minor categories that were identified in each of these risk areas.

Technical Findings Report

This report contains in-depth technical details of all issues identified in Active Directory
environment, below are the Key Focus Areas:

Active Directory Replication

Assessment report contains Active Directory Replication Site Topology details, Replication Status and
Convergence, Forest and Domain Information and Subnet Information.

SYSVOL / Group Policy

Report will contain Sysvol information which includes SYSVOL Configuration and Content Analysis,
FRS/DFSR Configuration and Convergence and Group Policy Information of the entire Active
Directory environment.

Active Directory Assessment Flow Page 8

Name Resolution

Assessment report give you details of the Name resolution which is includes DNS Server and Zone
Configuration, DNS Record Analysis, IP Configuration and WINS Record Analysis of the Active
Directory Forest.

Domain Controller Health

Report also contains Domain Controller Health with DC Configuration, Performance Statistics, Time
Configuration, OS Information, Event Logs and Security Updates of the Forest.

Active Directory Database

Assessment report gathers Active Directory database information such as Database Information and
AD Object Analysis of the Active Directory environment.

Account Information

Assessment report give the all information of the Active Directory Account Information includes
Password/Lockout Policies, Token Size Analysis, User/Computer Account Info and Stale Accounts
information.

Operational Excellence

Assessment report gather operational Excellence report also such as Monitoring, DR, and Backup,
Change, Configuration, and Release Management, Service Level Management, Environmental
Dependencies and Microsoft Online Services for Active Directory environment.

AD Integrated Services

Assessment report also provides all the details of the critical application which are integrated with
Active Directory such as Basic Exchange Active Directory Configuration and Basic Certificate Services
Configuration.

Virtualization

One of the best parts of the assessment report will give you all the details of the virtualization
environment as Hyper-V Host, and Guest Configuration and Performance.

Remediation Plan

After accumulate the assessment reports, team will plan for remediation aligned to business drivers
and priorities. The planning phase also includes key business decision makers, technical resource, and
Technical Manager, to review the results and make recommendations to resolve issues and mitigate
risks.

Active Directory Assessment Flow Page 9

Based on the Assessment result you can start planning and designing the you Active Directory
consolidate/restructure domain/forest or upgrade Active Directory.

Thank you!

Active Directory Assessment Flow Page 10