Posts Tagged ‘Maintenance’

Active Directory

1) Review User Accounts and remove retired accounts.

2) Run Microsoft’s Domain Controller Diagnostics – From a command prompt, run dcdiag.exe (on DC only). If the commands are unrecognized, install Windows Support Tools.

3) Verify that approved password policy is being enforced.

4) Review the domain controller disk space reports.

5) Check your backups – AD backup includes capturing system state, information related to AD database, logs, registry, boot files, SYSVOL and other system files.

6) Check to make sure that AD replication is working correctly. To check, you can run the following command:
repadmin /showrepl

7) Check event logs for persistent errors.

8) Perform defragmentation to increase performance as large directories running for long time can get large and fragmented.

9) Verify integrity of AD DS database files with respect to AD semantics using NTDSUTIL.


1) Review DNS Records for obsolete static entries.

2) Ensure DNS Scavenging is configured.

3) Clean up forwarders

4) Remove stale zones

5) Remove WINS dependencies (DNS is fully capable of providing all long and short name resolution services)

6) Security Aspects
– Allow only secure dynamic updates for all DNS zones. This ensures that only authenticated users can submit DNS updates using a secure method, which helps prevent the IP addresses of trusted hosts from being hijacked by an attacker.
– If the server running the DNS Server service is a domain controller, use AD ACLs to secure access control of the DNS Server service.


1) As always, check logs for critical DHCP related events. It would be recommended to implement a proactive monitoring solution for real-time data.

2) Frequent maintenance of the DHCP database is needed to keep it functioning properly and to recover whitespace. While DHCP is configured to do online maintenance to the database by default when there are no client requests; for busy DHCP servers, which possibly doesn’t have downtime, it is recommended to run offline maintenance against the dhcp.mdb file on a quarterly or half-yearly basis.
On a DHCP server computer, open a command prompt (Administrative access)
Use the Jetpack.exe tool to perform offline compaction.
Syntax: jetpack database_name temporary_database_name

cd WINDOWS\system32\dhcp
net stop dhcpserver
jetpack dhcp.mdb tmp.mdb
net start dhcpserver

This should work for both Windows Server 2003 and Windows Server 2008

1) Check server for latest available service packs and updates

2) Confirm file format (NTFS)

3) Check end-user disk quota availability and restrictions

4) Check File/Folder share permissions

5) Check and verify AV signatures. Ensure that AV scans for file server are scheduled for after-hours. Also make sure that AV auto-protection is ON

6) Check and verify that data drive (usually the non-OS) has at least 10% free disk space (may vary depending on your requirements)

7) Use any of the following paid/free tools (to name a few) for directory/folder size reporting so that you are able to determine what is hogging space on your data drive:

8) Perform disk cleanup. Manually delete temporary files or use one the following third party tools

9) Check and confirm that successful backup of the data has been taking place

10) Review security related vulnerabilities; check event logs – security

11) Review data (files/folders) on the server

  • Old and useless data can be purged
  • Old but required data can be moved to portable storage (external HDD, DVDs) and stored in fire-proof cabinet

12) Age of Files for archival purpose can be estimated by using tool like

13) Check if shadow copy feature is enabled and that there enough storage for the shadow copies (preferably on separate volume on another disk)

14) Keep a log/report of tasks perform for comparison for next audit/maintenance