One of the things all IT folks will agree is good, that is needed, and yet is extremely painful to create and not likely to be up to date, is documentation. Documentation? We don’t need no stinkin’ documentation! Yes, I am afraid that we do. While it’s a great help to have, it’s also something that most geeks plan to ‘get around to’ but never do. I’m just as guilty of this as anyone, so I look for every opportunity to stick a subordinate with this///I mean, delegate this to a junior admin to help them learn more about the environment. Of course, that doesn’t always work out so well, so I also keep an eye out for tips and tricks to automate as much of this as possible.
Microsoft has some great freebies hiding out on their website, if you just know where to look. When it comes to documenting Active Directory, you could spend hours trying to draw out your servers, replication connections, OU structures, etc. or you can let a little known tool do the heavy lifting for you. Just try to pretend that it took you hours to do, since very few folks I have met know anything about this.
This time, the magick comes in two parts…first you need Visio, and second you need a free download from Microsoft called the the Microsoft Active Directory Topology Diagrammer. With these, you can rapidly turn out some pretty good looking Visios of your AD infrastructure. Here’s how you do it.
- Have Visio 2007 installed and working.
- Make sure you have the .NET Framework 2.0 installed.
- Download and install the Microsoft Active Directory Topology Diagrammer. Watch out for the UAC prompt hiding in the background. The install creates everything in C:\Program Files\Microsoft Active Directory Topology Diagrammer but does not create a menu folder, just a single menu item.
- Make sure you are logged on as an Enterprise Admin so you can get all information about Sites, replication connections, application partitions, et al.
- Launch the Microsoft Active Directory Topology Diagrammer from your All Programs menu.
- This brings up the GUI
- Enter the FQDN of your closest GC for the server.
- Pick your options for Domains, OUs, Sites, Exchange, Applications, and Servers. You’ll want to play around with these to find the options that give you exactly what you want, and you may not even use the Exchange or Applications tabs if you aren’t using either in your environment. Note also that on the Domains, Sites, and Exchange tabs that you can update existing drawings. Myself, I prefer to generate new ones each time, as I spend less effort dressing up new diagrams than in trying to do the same for existing ones, but YMMV.
- Click Discover
If you get a prompt to Authenticate, like this, you probably have a typo in your servername, or you aren’t logged on as an Enterprise Admin. 
Once discovery is done, click Draw! This will launch Visio, and create your diagrams automagickally. In a single domain forest without trusts, you will get at least three diagrams; your OU structure, your site structure, and your servers list. The servers list displays all your domain controllers, and can show name, version, and whether or not they are a GC. You can manually edit this to show FSMO role-holders, which I recommend doing. The easiest way to get this is from an Administrative Command prompt.
netdom query fsmo [enter]
You’ll get each diagram as a separate Visio, but you can combine these if you wish, or do any other custom work you want. Once drawn, they are just standard Visio documents, so you can do backgrounds, layers, change colours or text, or anything else you want. Your OU structure might turn our to be more fun to work with than you really want…it just depends on how distributed a structure you happen to have. And your Sites and replication data will be arranged vertically, so you will probably want to move stuff around to make an easier to view image. You are limited only by your Visio-fu. As mine is weak, I tend to just arrange the sites and servers so you can see the replication connections on one page, add FSMO descriptors, size things up enough to make them look consistent, and call it a day.
If you recognised the movie quote (poetic license invoked) in the lead-in, you’ll no doubt remember one of Mel Brooks’ greatest works. And if you have no idea what I’m talking about, check the clip below, and then add it to your Netflix queue.
direct link for RSS and email subscribers…http://www.youtube.com/watch?v=-lj056ao6GE
Do you have any tips or tricks on documentation you’d like to share?
You might also enjoy:
