Friday, December 4, 2009

How to scan your IT Environment Health and fix problems before they happen

There are many times when we run into a problem and we wish we would have got some clue of this issue and would have fixed it or taken steps to resolve it before it became a big menace and caused downtime and triggered a chain of events. As it is said, "Precaution is better than Cure", and if you did not took precaution i.e. didn't followed best practices while implement your IT environment then "Early diagnosis is better than Late". It is always good to have tools handy which let you diagnose your IT environment. Microsoft has recently released a very handy tool based on their system essentials platform which can be combined with other tools for early diagnosois and resolution of the issue.

The Microsoft IT Environment Health Scanner is a diagnostic tool that is designed for administrators of small or medium-sized networks (recommended up to 20 servers and up to 500 client computers) who want to assess the overall health of their network infrastructure. The tool identifies common problems that can prevent your network environment from functioning properly as well as problems that can interfere with infrastructure upgrades, deployments, and migration. When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:

Configuration of sites and subnets in Active Directory

Replication of Active Directory, the file system, and SYSVOL shared folders

Name resolution by the Domain Name System (DNS)

Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server

Health of the domain controllers

Configuration of the Network Time Protocol (NTP) for all domain controllers


If a problem is found, the tool describes the problem, indicates the severity, and links you to guidance at the Microsoft Web site (such as a Knowledge Base article) to help you resolve the problem. You can save or print a report for later review. The tool does not change anything on your computer or your network. The tool supports Windows Server 2003 Service Pack 2; Windows Server 2008; Windows Vista Service Pack 1; Windows XP Service Pack 2 but not server 2008 R2 yet.

After running this tool if you want more information from a particular server you may like to run Microsoft MPS reports on server/servers to get more information and log files depending on the issue you get as seen here Few other Interesting tools that do similar job and comes handy are given below:

Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using ActiveX Data Objects (ADO), and then automatically generates a Visio diagram of your Active Directory and /or your Exchange 200x Server topology. The diagramms include domains, sites, servers, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.

FRSDiag provides a graphical interface to help troubleshoot and diagnose problems with the File Replication Service (FRS). FRS is used to replicate files and folders in the SYSVOL file share on domain controllers and files in Distributed File System (DFS) targets. FRSDiag helps to gather snap-shot information about the service, perform automated tests against that data, and compile an overview of possible problems that may exist in the environment.

Group Policy Inventory (GPInventory.exe) allows administrators to collect Group Policy and other information from any number of computers in their network by running multiple Resultant Set of User Policy (RSOP) or Windows Management Instrumentation (WMI) queries. The query results can be exported to either an XML or a text file, and can be analyzed in Excel. It can be used to find computers that have not downloaded and applied new GPOs

ISA Server Best Practices Analyzer (BPA) is a diagnostic tool that automatically performs specific tests on configuration data collected on the local ISA Server computer from the ISA Server hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings.

BPA2Visio generates a Microsoft Office Visio 2003 or Visio 2007 diagram of your network topology as seen from an ISA Server computer or any Windows computer based on output from the ISA Server Best Practices Analyzer Tool.

SQL Server 2005 Best Practices Analyzer (BPA) gathers data from Microsoft Windows and SQL Server configuration settings. BPA uses a predefined list of SQL Server 2005 recommendations and best practices to determine if there are potential issues in the database environment. In windows server 2008 R2 there are in built Best practices analyzers for following roles:

Active Directory Certificate Services

Active Directory Domain Services

DNS Server

Web Server (IIS)

Remote Desktop Services

Failover clustering
These utilities enable administrators reduce best practice violations by scanning one or more roles that are installed on their servers, and reporting best practice violations to the administrator and introduce change management for those. If you have a Topology diagram of your active directory or your IT environment it always helps in understanding the problem and design changes required. so if you have not yet created a Topology diagram this is the time to do it and dont forget to baseline your servers with above mentioned utilities. Thanks once again for your time and sticking with the blog. Hope you find this helpful.



  1. Thanks a lot. I really appreciate the input. I will definitely keep all of this in mind.

  2. Nice articles.
    I am also business student. i have also some articles about Important Techniques/Methods, Process, and Definition of Environmental Scanning should be followed for Effective Analysis. please visit once and give me some feedback. Thank You.
    Process of Environmental Scanning