Active Directory Domain Services (AD DS) Best Practices Analyzer (BPA) is a server management tool that can help you implement best practices in the configuration of your Active Directory environment. AD DS BPA scans the AD DS server role as it is installed on your Windows Server 2008 R2 domain controllers, and it reports best practice violations. You can filter or exclude results from AD DS BPA reports that you do not need to see. You can also perform AD DS BPA tasks by using either the Server Manager graphical user interface (GUI) or cmdlets in the Windows PowerShell command-line interface.
The AD DS BPA service is installed automatically when AD DS is installed on a computer that is running the Windows Server 2008 R2 and that computer becomes a domain controller. This includes both writable domain controllers and read-only domain controllers (RODCs). No other preparations are required.
For more information, including detailed explanation of the AD DS BPA logic and the list of the Active Directory configuration settings that AD DS BPA scans, see What’s New in AD DS: Active Directory Best Practices Analyzer (http://go.microsoft.com/fwlink/?LinkId=141413).
This posting is provided “AS IS” with no warranties, and confers no rights.