Perform your own general Active Directory health check. Bring looming problems to the surface.
Conduct an annual in-house AD enterprise health check using freely available tools to gain greater visibility into the state of the directory servers. You can start to assemble your toolkit with items such as DCDIAG - a directory services break/fix health tool that can check all of your DCs for a wide array of problems. Microsoft Baseline Security Analyzer (MBSA) can be used to evaluate the state of missing security hot fixes, service packs and application rollups along with remediation guidance if well-known vulnerabilities are present. In Windows Server 2008 R2, you can leverage the new AD Best Practices Analyzer (BPA) to scan DC roles against a large set of Microsoft best practices criteria to pinpoint possible misconfigurations that can lead to service degradations. You can also add performance data collectors for Active Directory and get a detailed view into the performance of your DCs and how resources are being utilized. Use these tools to ferret out issues in your AD infrastructure that could lead to outages or degrade directory services performance.