Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Updated: August 31, 2012
Applies To: Windows Server 2008 R2, Windows Server 2012
The topics in this section can help you bring Active Directory Domain Services (AD DS) into compliance with configuration best practices. Content in this section is most valuable to administrators who have completed a Best Practices Analyzer scan of AD DS and who want information about how to interpret and resolve scan results that identify areas of AD DS that are noncompliant with configuration best practices.
Best Practices Analyzer and configuration rules
The Best Practices Analyzer applies configuration rules to identify settings that might require modification for AD DS to perform optimally. Configuration rules can help prevent setting conflicts that can result in error messages or prevent AD DS from carrying out its prescribed duties in an enterprise.
For more information about Best Practices Analyzer and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).
Topics in this section
AD DS: This domain controller must register its DNS host A/AAAA records with correct IP addresses
AD DS: This domain controller must register its DNS host A/AAAA records
AD DS: This server must advertise itself as a domain controller for the domain in its local site
AD DS: This server must advertise itself as a domain controller for the domain
AD DS: This domain controller must advertise as a KDC for the domain in its local site
AD DS: This domain controller must advertise as a KDC for the domain
AD DS: This global catalog server must register its host (A/AAAA) resource records for the forest
AD DS: This domain controller must advertise as the global catalog server for the forest
AD DS: This domain controller must advertise as a PDC for the domain
AD DS: This domain controller must advertise as an LDAP server for the domain in its local site
AD DS: This domain controller must advertise as an LDAP server for the domain
AD DS: This domain controller must register its DNS host (A/AAAA) resource records for the domain
AD DS: The AD DS service must be running on this domain controller
AD DS: The ADWS service must be running on this domain controller
AD DS: The AD DS BPA should be able to collect data for this element
AD DS: Strict replication consistency should be enabled on all domain controllers in this forest
AD DS: The value of MaxPosPhaseCorrection on this domain controller should be equal to 48 hours
AD DS: The value of MaxNegPhaseCorrection on this domain controller should be equal to 48 hours
AD DS: All OUs in this domain should be protected from accidental deletion
AD DS: The resultant backup lifetime in this forest should be equal to or greater than 180 days
AD DS: An account or accounts trust(s) this unregistered SPN for delegation
AD DS: This Service Principal Name is registered on multiple accounts
AD DS: User accounts and trusts in this domain should not be configured for DES only
AD DS: The Default Domain Controllers Policy in this domain should be applied to this OU