After you’ve upgraded one or more of your domain controllers to Windows Server 2003, you need to do some additional tasks to fully complete the migration. First and foremost, you need to monitor the domain controllers every step of the way and especially after they have been upgraded. You are setting yourself up for failure if you are not adequately monitoring Active Directory.
The criticality of monitoring cannot be overstated. If you are not monitoring, how can you determine whether something broke during the upgrade? Here are several things you should check after you upgrade your first domain controller in a domain, any FSMO role owner, and after all DCs have been upgraded:
- Responds to all services
Query LDAP, Kerberos, GC (if applicable), and DNS (if applicable) and be sure authentication and login requests are being processed. The dcdiag command can run many of these tests.
- Processor and Memory utilization
Trend processor and memory utilization for some period before you do the upgrade so you can compare to the numbers after the upgrade.
- DIT growth
The growth of the DIT should not be significant. You may in fact want to do an offline defrag after the upgrade to reclaim any space due to single- instance store of ACLs.
- Event logs
This is a no-brainer, but you should always check the event logs to see whether any errors are being logged.
- DC resource records registered
Ensure that all of the SRV, CNAME, and A records for the domain controllers are registered. The ...