Microsoft IT (AD) Health Scanner

Reading Time: 2 minutes

Take a lot of work, add 7 week old son and serious flue (which strikes 2 days after You got back from travel which incorporates transfer on some heavy used airports – first thought – pork πŸ˜‰ ) and you will get some silence on a blog. I hope that while my son will get older silence periods will get shorter and shorter :). To day just quick download announcement.

In my MS Downloads feed I came across a new tool called Microsoft IT Health Scanner released by Essential Business Server team.  Later I found also blog entry on this tool on ESB team blog. I called it AD not IT in blog entry title as right now this is tool which is focused on running AD and AD related infrastructure tests for most common problems, as ESB team says based on most common issues solved by Microsoft support. Maybe in future it will run more tests as this tool has update mechanism included.

IT Health scanner runs around 100 tests including (quoting ESB blog):


  • Configuration of sites and subnets in Active Directory
  • Replication of Active Directory, the file system, and SYSVOL shared folders
  • Name resolution by the Domain Name System (DNS)
  • Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
  • Health of the domain controllers
  • Configuration of the Network Time Protocol (NTP) for all domain controllers



Definitely looks interesting and my quick scan through result list (I will explain later why this was really quick scan) shows that these are really most common causes of problems in AD environments.  This tool is intended to let you find these problems and provide links to article which will allow these problems to be resolved. As tool description states it is targeted for small to medium networks (which of course is different in definition across the world):

(…) recommended up to 20 servers and up to 500 client computers (…)

(I think that mostly because it runs with WMI and this might be a bit expensive for larger networks) but it still might be very useful for many environments.

Why my first touch with this tool was very quick … well as it states in its description it doesn’t support W2008R2 yet and all my virtual labs at this moment runs in full W2008R2 mode. Because of that my first approach to test it ended in discovery phase. But definitely I will build different lab and I will try to use it to analyze healthy AD and also directory with some issues.

Anyway … worth to remember … worth to have it in a toolbox.

PS. As it is a case in many automated scanning tools report should be read with understanding and caution πŸ˜‰ .