1

I am doing system admin for a small domain on the corporate network. We have our own DNS, AD, DHCP servers etc and use both HyperV and ESX.

What exactly do I need to document for this sort of setup? For example, I have documented all the passwords (I prefer to use a form of password safe but others in my company don't agree, well I use a password safe locally anyway). I have also documented the scope and lease period of the DHCP server. What else would be documented?

Thanks

GurdeepS
  • 1,626
  • 5
  • 26
  • 33
  • 4
    Have a look here: http://serverfault.com/questions/12378/how-do-you-document-a-network – GregD Aug 13 '10 at 19:22
  • 1
    And here: http://serverfault.com/questions/99131/how-to-document-mail-setup-after-hand-over – GregD Aug 13 '10 at 19:23

5 Answers5

9

What to document? "EVERYTHING!".
As a sysadmin you must assume that one day you will be run over in the parking lot by a user who is upset you wouldn't let them download porn on the work network. Your successor should be able to pick up your documentation, read it, and take your place with virtually no questions/problems (at least in the ideal fantasy world).

As many others have said, ANYTHING that differs from defaults should be documented.
I'd also add that you should have documentaiton on:

  • Network Structure (Google Images: "Network Diagrams" - Find a format you like and steal it)
    • This should cover everything under your control up to the parent network.
  • AD Structure (groups, roles, OUs, etc.)
    • Again, everything you control up to the parent domain
  • Machine Roles
    • What does "the machine called Wanda" do?
  • Backup Procedures (You have them right?)
    • Restore procedures (you have those too right??)
    • Backup/Restore testing schedule (so you know it works!)
  • Hyper-V / ESXi configuration details
    • Network stuff goes on your network structure diagram
    • Machine-specific configurations that differ from defaults get documented
  • Policies
    • Password Life
    • Group Policy directives like screensaver auto-lock
  • Important Passwords (sounds like you have this one already)
  • Monitoring system information
    • What is monitored?
    • How is it monitored?
    • Who gets alerts?
    • What do you DO about each type of alert?
user9517
  • 114,104
  • 20
  • 206
  • 289
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • 1
    Do you kiss your mother with that mouth? I suppose I'm OK with it as long as you're not kissing **my** mother with that mouth. Oh ya, also, good answer. – MDMarra Oct 26 '11 at 20:00
  • 1
    @MarkM: What if *I* kiss your mother with my mouth? – Scott Pack Oct 26 '11 at 20:04
  • 1
    I'll allow it. It's also much less funny and relevant since @Iain cleaned up the post :( – MDMarra Oct 26 '11 at 20:06
  • 1
    eh, I'm OK with the cleanup I guess - though I always use the french when I explain it to junior admins. (usually punctuated by my pointing at the section of the documentation where something is missing) – voretaq7 Oct 26 '11 at 20:09
6

Simple really, everything that is not an "out of the box" installation or configuration should be documented. What may appear obvious to you really isn't at all obvious to someone else. The only assumption you should ever make is that the next person will not think the same way you do.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
3

When documenting, I imagine that the building went up in flames. We have a new building, servers bought with insurance money, and my docs. Go! ;)

Or, a server died, the restore failed, and all we have are the docs. Can that server be recreated in such a way that all its interconnecting parts don't notice or throw errors?

Kara Marfia
  • 7,892
  • 5
  • 32
  • 56
1

My general recommendation would be to document all those things where you have deviated from the defaults. Document why you have chosen the IP address range for the DHCP that you have chosen. Document any special add-ons to your AD, if there are any. Write about your internal zone setup. And so on and on.

It's generally also useful to have an overview page (I do this sort of thing in a wiki) where you describe the overall network layout and what is where, followed by a list of either servers or services (or both), pointing to pages with more detail.

wolfgangsz
  • 8,767
  • 3
  • 29
  • 34
1

I've had good luck with SYDI, which is an open source set of VBS scripts... Documents Servers very well. Check out SYDI, they may have updated their scripts to dump the DHCP scopes and AD.

http://sydiproject.com/download/

I would dump AD from a command line with something like JoeWare's ADFind - which is an awesome command line tool for windows.

Matt
  • 1,903
  • 13
  • 12