Microsoft Active Directory Documentation Script Update Version 2.19

April 5, 2018

Active Directory, PowerShell

I do a lot of Active Directory (AD) Health Checks for my employer, Choice Solutions. Every time I do an AD Health Check, I find something else I need to add to the various documentation scripts. For this current AD Health Check, I found out the customer was using a very large Security Event Log. Most people don’t know that the Security Event Log is memory mapped. What does this mean? It means if you are using a multi-gigabyte Security Event Log, your (in this example) domain controller has just lost RAM equal to the size of the Security Event Log. For example, if your domain controller has 8GB of RAM and your Security Event Log is configured for 4GB of RAM, your domain controller has only 4GB of RAM for the rest of its operations. Most people also don’t know but a domain controller also caches the Global Catalog and DNS in RAM. Add those two plus an overly large Security Event Log, and you could wind up with a domain controller thrashing itself to death as it swaps stuff out of memory onto a slow hard drive.

In the Citrix world, I have seen customers whose company security policy mandates a very large Security Event Log and the XenApp server has only 8GB of RAM. Take a XenApp server with 8GB of RAM (but who in their right mind would do that to a XenApp server???), a 4GB Security Event Log, the overhead of Remote Desktop Services, the overhead of the Windows Server Operating System, and the overhead of XenApp and you have a XenApp server starving to death and user experience will go down the toilet. The customer will then wonder why they can get so few users on a XenApp server.

#Version 2.19 released 5-Apr-2018

  • Added Event Log information to each domain controller and an appendix
    • If the script is run from an elevated PowerShell session by a user with Domain Admin rights
  • Added Operating System information to Functions GetComputerWMIInfo and OutputComputerItem
  • Code clean-up for most recommendations made by Visual Studio Code
Figure 1

Figure 1

Figure 2

Figure 2

You can always find the most current script by going to http://carlwebster.com/where-to-get-copies-of-the-documentation-scripts/

Thanks

Webster

About Carl Webster

Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

View all posts by Carl Webster

2 Responses to “Microsoft Active Directory Documentation Script Update Version 2.19”

  1. Tony Says:

    Hi Carl,

    I am trying to download your latest version (2.19) of ADHealthCheck. The site indicates that you published 2.19 yesterday but when I downloaded your scripts from sharefile the latest version is still 2.03.

    I am looking to run the script on a companies domain controller and require the ability to run the script on the DC without MSWord or PDF. Perhaps as an HTML. Our customer will not be up to installing MSWord on a DC.

    Is there any way your script will run from a domain admin account from a windows desktop meeting all the requirements or does it need to be run from a DC itself?

    Regards
    Tony

    Reply

    • Carl Webster Says:

      There are two scripts you mention. The AD Documentation Script is at V2.19. The AD Health Check script is at V2.03. Two different scripts that do two different things.

      The original author of the AD Health Check script never added the ability to output to HTML.

      You should be able to run the script from any domain-joined computer with RSAT and Word installed.

      Webster

      Reply

Leave a Reply