Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Issues reviewed in this section
Configure all DNS zones only to allow zone transfers to specified ip addresses
Configure the Active Directory Web Services (ADWS) to start automatically on all servers
Configure the Root PDC with an Authoritative Time Source and Avoid Widespread Time Skew
Consider removing orphaned group policy containers from Active Directory
Turn off or remove the DHCP Server service installed on any domain controllers
Turn off the AllowNT4Crypto setting on all affected domain controllers
Ensure the Windows Firewall service is started and configured for auto start
Investigate a serious error in the disk subsystem
Investigate File Replication Service (FRS) journal wrap conditions on domain controllers
Migrate SYSVOL to DFS Replication
Prevent Degraded Performance by Defining Missing Subnets
Prevent storage of LAN Manager password hashes
Regularly check for and remove inactive user accounts in Active Directory
Remove all members from the Schema Admins group unless you are actively changing the schema
Remove the highly insecure DES encryption from User accounts
Review and reduce the number of accounts in highly privileged administrative groups
Review the removal of default members from the Denied RODC Password Replication Group
Upgrade computers running an unsupported operating system
Set the account lockout threshold to the recommended value
Review accounts whose attribute "pwdlastset" has a zero value
Turn off the AllowNT4Crypto setting on all affected domain controllers
Already a Microsoft Unified Support or Microsoft Premier customer?
To unlock the benefits of On-Demand Assessments, sign in to the Services Hub. For more information about Services Hub and Microsoft Support Offerings, see Support Solutions. To find out more, contact your local Microsoft representative.