How to check ISA Server’s health

When did you run ISA best practice analyzer last time or you do not run at all? If both answer “negative” then its time to run run ISA best practice analyzer (BPA) in ISA server. It is always good to check health of ISA server whether it is running great or not. you can rectify any issues before get worse.

You can download ISA BPA from this link 

Install ISA BPA in ISA server and run as follows. select all tasks.

 bestpractice bestpractice1 bestpractice2


read the report carefully. You might have configured rules that necessary for you but ISA BPA might show warning. Don’t worry about it. For example, I configured ISA using single NIC scenario but BPA gives me warning. Its ok to ignore this warning. Look for other issues and verify with your policies you have configured.

Note: don’t jump to modify ISA server after reading BPA report.

Active Directory health check

Events View

Check event log in all DCs to find everything ok specifically DNS, system and Application events.


This is a must and will always tell you if there is trouble with DCs and/or services associated with it


This will let me know if there are issues with the networking portion on the DC.

Netsh dhcp show server

This command identify DHCP in in AD infrastructure.

Repadmin /showreps

This shows all replication among DCs.

repadmin /replsum /errorsonly

reapadmin /syncall /AdeP

This will identify any issues with replication among DCs.

Active Directory DNS Check

Dnslint /ad domain_controller_ip_address /s dns_server_ip_address

third-party tools

Manage Engine AD Manager Plus, Wise Soft Bulk user Admin, Solarwinds Engineer’s toolset, Active Directory Cleaner are very handy tools to monitor and manage Active Directory.

These are little things that give me peace of mind. I reckon “assume nothing, believe nothing, check everything…..” is the best way to prevent disaster.