Summary: Bryan Zink, a Senior Microsoft Premier Field Engineer based in the US, continues his exploration into RAP as a Service for Active Directory, the exciting new toolset and offering from Microsoft Services, and provides us details on the data collection and submission process. This is the second of a three part series from Bryan, so there’s more great stuff forthcoming. Enjoy!
Bryan here, this is part 2 of 3 in the series. We’re about to explore the Data Collection and Submission processes. The steps discussed in this post all must occur before a Microsoft Engineer is able to finalize the analysis, complete the reporting and deliver recommendations back to you for action.
Downloading and Installing the RAP as a Service Client are fairly trivial tasks so we won’t capture those steps here. Instead, we’ll move straight to the Data Collection phase.
The collection process really involves two phases, Discovery and Collection.
Step 1: Launching the RAP as a Service Client. Double click the RAP as a Service Client icon from your desktop and click Next at the Welcome screen. This brings you to the Choose your assessment page. Since this is your first time, you’ll be selecting Start New. Then you navigate to the folder containing your EXECPKG file, select it and click Open. Then you’ll choose Next to Confirm the license agreement and begin the Assessment.
Step 2: Starting Discovery. Discovery is the process of identifying all of the necessary components for the specific assessment. So for Active Directory this means items such as the Forest root, Domains, Sites, Domain Controller computer accounts, NTDS Settings Objects, all of the Naming Contexts etc. Click the Discover My Environment button to start the process. On the Targets tab you can see what has been discovered. The Directory Services tab will show any errors or warnings that may have been encountered. Click Next to continue.
Step 3: Data Collection. From here, aside from going back and re-performing Discovery, all you can do is exit the client or start collections. Clicking the Collect Data button starts the collection process. Data collection is a fairly serialized process in that once you start it, it needs to run to completion. At the moment, none of these steps are configurable. For most environments, assuming you’ve verified all DCs are online and reachable, data collection will take about 90 minutes (on average). RPC Latency, network interruptions or servers being unresponsive can extend the data collection time. The Performance collector will run for about an hour by itself. Either way, there’s nothing more to do until the process completes. Again, the Targets tab shows you which AD related targets are being collected from. The Collectors tab provides a view of any issues encountered during the data collection process.
Clicking the Status link for any failed collectors can yield additional information. Specific issues may also be linked back to the Online Services portal for additional information.
Once all of the data is collected, you need to get it up into the Azure Cloud for expert analysis. To do this, you’ll use the Submit button. In order to submit data, you’ll need to visit the Online Services portal to retrieve your Submission Key. Once you have the Submission Key, choose the Submit button, enter your key and click OK.
Now it’s time to move on to completing the Operational Survey.
Submitting from an alternate location
As mentioned in part 1 of the series, there may be some AD environments that do not have Internet connectivity. In that scenario, you’ll need to install the RAP as a Service Client onto a machine that does have Internet access. This is what we call submitting from an alternate location. Referenced above are the steps to complete Data Submission. Instead of Submitting, you’ll use the Export button. You also need the Submission Key for this process.
Launch the RAP as a Service Client and choose the Import Existing button. This process creates the necessary local file/folder structure from the previously Exported package and prepares it for submission from the new machine.
Now you’ll choose the Submit button to get the data into the Azure Cloud for expert analysis.
The Operational Survey
This survey will cover several aspects of your Active Directory environment and the operational practices of your organization. Most of these items are not able to be gathered programmatically. Log in to the Online Services portal and choose the “take the survey” link.
There are 11 areas of questions intended to span the Operational aspects of your Active Directory environment. You can move through these questions at your own pace being certain to involve anyone from within your organization who may be the best source of information for each functional area. The more accurately you answer these questions, the better Microsoft is able to provide the most focused and actionable recommendations based on all of the factors being evaluated.
Finally, there is a Review & Submit tab where you can ensure all questions are answered. From here, you can also Submit the Operational Survey results to form a completed data collection for analysis.
Next, in part three of this series, I'll share some guidance on making the most of RAP as a Service AD after you receive the results and recommendations from Microsoft.