I agree with your ideals and wish the folks responsible for these things did, too, and would do something about it. I'd say, though, most do not today for whatever reason. I base this on empirical data of visiting a couple hundred different customers for various AD issues. Some customers look at me like I'm crazy when I talk about what happens when a DC is unreachable for greater than the tombstone lifetime interval while too many look embarrassed and describe how it's already happened to them. And I'm not talking about instances where the customer was actually aware of this happening until it was too late.
As for the tool being free, I don't have any internal knowledge of pricing or future plans, but I would suspect that's a direction the tool is moving towards. The ExBPA is freely downloadable and the same internal group (different factions, perhaps, but the same overall group) are responsible for these engagements and tools. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, June 01, 2006 10:17 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] AD Snapshot Tool (ADST) - how useful is it? > > I see your points and think they are more of an argument to > find and get the good dedicated knowledgeable people or farm > out support to a company who has good knowledgeable people > versus get a one time or even once per year consult. That one > time consult does nothing to protect the infrastructure over > the long term. If companies still to this point, do not > understand the importance and criticality of Active Directory > to them and it is truly is important and critical, IMO, they > deserve anything that happens to them. > > Too many places, again IMO, run in a state where they assume > everything will be running fine and don't get themselves into > a position with knowledge and understanding and dedicated > resources to handle issues that crop up and so issues that > should be small issues or non-issues end up blowing up into > disasters. I am aware of one company that took a non-issue > that had it been handled by a solid knowledgeable crew would > not have been but a blip on a monitor station and turned it > into a week long outage. No part of it could have been > prevented or probably even hinted at from a "swing on by and > try to point out issues" but could easily have been handled > by having empowered knowledgeable dedicated resources. Every > company needs to ask themselves exactly how long can they go > with being 100% down for various resources. > Most places would be in extremely bad shape if something > critical were out for a week. > > Finally, a tool that looks at an infrastructure and gathers > the info together and tells you where the holes are probably > shouldn't be an item that costs money from the company > producing the infrastructure software... I would expect it to > come with the infrastructure components or be a download. > It isn't like if this were free the support teams at MSFT > wouldn't have anything to do... > > joe > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Adner > Sent: Thursday, June 01, 2006 12:50 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] AD Snapshot Tool (ADST) - how useful is it? > > The quality of AD admins in even very large orgs varies more > than the engineers delivering the RAPs. I've seen "AD > administrators" that literally had no clue what DSRM was, how > data is transferred between DCs (doesn't FRS replicate users, > too? Or, AD replication is broken so SYSVOL isn't > replicating), the difference between seizing or transferring > a FSMO role, etc. Those aren't even the worse examples of > things I've seen. The information shared during the ADRAP > is, in my opinion, among the best available today. I not > saying it's the greatest thing since sliced bread, has > nothing that can be improved, never includes bad/wrong info, > or that you couldn't come up with something better. I am > saying if you compare it to MOC classes, 3rd party training, > etc, you'd be hard pressed to find anything better (besides > Dean's class, of course). Most people administering AD > environments do not focus on it as their sole job, lack the > fundamental understanding of most of the core components that > make up AD, and definitely benefit from workshops like the > ADRAP. The real world, for whatever reason, typically either > doesn't seem to be able to find all those highly qualified AD > admins you think they should invest in or has decided to not > make those investments. Now you, and several others in this > listserv, would definitely be yawning through most of the > delivery. However, I'd also say the people I'm referring to > are well above average in their AD knowledge. > > As to the challenges of contradicting or silo type mentality > when comparing the ADRAP and ExRAP I agree with you and > effort should definitely be to stop it. However I wouldn't > say those are good reasons to avoid the engagements. > Although your experiences may differ from mine, I don't see > so many instances of dramatic contradictions between the two > engagements where Exchange is blaming AD for massive issues > and vice versa. Resolving the differences, although a pain > and something that shouldn't be necessary, doesn't > significantly de-value the engagements. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of joe > > Sent: Wednesday, May 31, 2006 8:00 PM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] AD Snapshot Tool (ADST) - how useful is it? > > > > I.E. This is easy money for the company, please don't > distribute the > > tool that collects the data as that is really the whole > ADRAP for the > > most part unless the people getting it really haven't a > clue what they > > are doing with AD at all at which point you should be looking at > > spending money on getting admins who have a clue versus bringing in > > MSFT for a one shot peek. > > > > Until Microsoft puts together a AD and Exchange RAP that > looks at both > > together and tries to determine the causes of issues from > each other I > > see the whole RAP thing as having very limited use in Orgs > that use AD > > and Exchange. If you just use AD then it is pretty decent. > However if > > you have both, the Exchange RAP tends to point at AD saying that it > > has massive issues and the AD RAP tends to say things are pretty > > decent. Or at least that is the results I have seen in every single > > case where both RAPs have been performed. > > Certainly the analysis was nothing to write home about. > > However I expect that entirely depends on who you happen to > get in the > > drawing of who does your analysis, the skill levels vary > greatly as I > > have seen some pretty intelligent things in the analysis and I have > > seen some absolutely stinkeroo completely incorrect things > where you > > wonder if the analyzer had actually every been introduced to AD. > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > > Fleischman > > Sent: Tuesday, May 09, 2006 12:11 PM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] AD Snapshot Tool (ADST) - how useful is it? > > > > The tool is not the property of anyone on this list. As > such, making > > it available on the list would be inappropriate. > > > > The goal of this tool has never been to be a stand-alone AD > monitoring > > tool, nor even a snapshot tool. Rather, it was built specifically > > around the field offering of an AD risk assessment. As > such, outside > > of that, the tool likely has little context, and may or may > not be at > > all helpful. > > That said, it is available in this context only, to the best of my > > knowledge. > > > > ~Eric > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. > > Long > > Sent: Tuesday, May 09, 2006 8:20 AM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] AD Snapshot Tool (ADST) - how useful is it? > > > > I missed if anyone was making this tool available to the list? :) > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
