Good Day
Today I am sharing with you the procedure to run best practice analyzer BPA for Activedirectory directory services (BPA for AADS). Starting with Windows 2008 R2, Microsoft introduced BPA for Active Directory that is included as part of the operating system. The tool analyzes many of the most common issues that we typically run into while administering active directory environments.
To access BPA, go to server manager, click on ADDS node, scroll down the panel.
Windows Best Practices Analyzer for Active Directory
To run a BPA scan click Task -> Start BPA Scan on the right. You can select one or more domain controller then start scan.
You can monitor the progress from the below notification window.
Once the scan completes, you’ll see the results. Each result gives you the server having the issue, a severity level, the name of the issue and an overall category.
When you select an issue, a description of the issue is shown below with a link to more information and remediation steps from Microsoft.
How to run BPA with PowerShell:
First get the available BPA models. Use the cmdlet Get-BpaModel
Get-BpaModel
Now you can run the BPA on one of the model ID. Use the Invoke-BPAModel cmdlet. For instance to run BPA on Directory services execute the cmdlet
Invoke-BPAModel “Microsoft/Windows/DirectoryServices”
To run BPA on all roles execute the cmdlet
Get-BPAModel | Invoke-BPAModel
How to run BPA remotely:
Connect to remote server using
Enter-PSSession Computername –Credential Username
Then run the Invoke-BPAModel
Retrieve results from BPA:
Use the cmdlet Get-BPAResult
Get-BpaResult “Microsoft/Windows/DirectoryServices”
You can also filter the results
Get-BpaResult “Microsoft/Windows/DirectoryServices” | where severity –eq Warning
thats all folks.
Hope this helps you.
Regards.
Hisham Mezher
Hisham Mezher 