A SysAdmin has an almost endless list of tasks they must complete on a regular basis. Some are so routine that they can be done while multitasking, others require careful attention to detail and a laser-like focus to ensure that things are done well and completely. While many admins may look at most of the tasks on this list as run of the mill, they frequently present a challenge to others. In this list we’re going to provide some tips on how to approach them.

1. Split DNS

Maintaining the same DNS namespace across two or more zones tends to drive most admins a little bit nuts. There’s a reason why it has been dubbed a “split-brain” DNS. The key to this task is to perform both the internal and the external updates at the same time. If you have two monitors, run one admin console (or BIND file update) on each monitor, keeping the internal on the left screen and the external on the right one. Get into the habit of also keeping an NSLOOKUP cmd running on the left, and a DIG cmd running on the right, to force that separation while still ensuring that you do both zones at the same time.

2. Group Policy

GPO creation and edits can be very complicated, and if done wrong, can have significant impact on the entire domain. Here are some simple tricks to help make these easier and safer:

• Don’t add anything into the Default Domain and the Default Domain Controller’s policy. Use them to configure security settings only.

• Keep an OU for testing, and put a couple of test user accounts and a couple of test machine accounts in that OU. When you create a GPO, link it first to that OU so you can test the results. You can then link it to the production OU or domain as appropriate.

• Remember that many GPO settings tattoo machines. Deleting a GPO will not reverse those settings. Use that test OU to confirm any reversals you want to make.

• Document GPO settings and make sure other admins, and the Help Desk, know when a new GPO setting is about to be applied.

3. Intraforest Migrations

Moving users from one domain to another within a forest is usually straight-forward, but remember that any domain group memberships will be lost when you move a user. Document those memberships before you begin to ensure that you can add a migrated user back into required global groups.

4. Interforest Migrations

Interforest migrations can result in complete loss of access to required resources. Use SID History to ensure that a user can still access resources in their source domain after they have been migrated. Make sure you disable SID History Filtering to keep users productive.

5. Migrating user profiles

Whether from one domain to another, or simply from one machine to another, keeping a user’s profile intact can be the difference between a happy user, and an angry bear. Use the User State Migration Tool to move a user’s settings from one machine to another.

6. Patching

Patching is a critical part of systems administration, and can also be a huge pain point for many admins. The key to making patching easy is to follow these three main steps:

1. Test your patches

2. Use a patch management application

3. Verify that patches have been applied to all systems.

You want to ensure that you test patches before you deploy them, but if you are patching manually, you are doing it wrong. Automation is critical, and a good patch management application will help you handle this task with ease. Ensuring 100% compliance also ensures you don’t have any surprises down the road.

7. Clusters

The secret to clustering involves keeping systems identical. Use only the same hardware (physical or virtual), if you make any changes to configuration settings on one, do the other members of the cluster at the same time, and keep the patching identical on all cluster members as well. Anything on one that is not exactly the same as the other(s) can make the difference between a cluster that works flawlessly, and one that you spend far too much time troubleshooting.

8. Network Load Balancing

Don’t believe the hype that NLB lets you use different hardware. All nodes in an NLB group should be kept as close to the same spec as in a cluster. An external load balancer reduces the configuration challenges that can come with a cluster, but the devil is in the details, and nodes that don’t match will bite you eventually.

9. IP Address Management

Get an IP Address Management application. Period, hard stop. If you are not managing your IP space, you need to be, and if you are using Excel spreadsheets to do it, you’re just causing yourself more work than you should. There are many free and commercial IPAM solutions on the market, and it’s a built-in feature of the upcoming release of Windows Server 2012.

10. Spam filtering

Keeping the junk out of users’ inboxes is a never-ending task and is not something you can handle with a single solution, like spam filtering agents in Exchange or your client antivirus program. Spam filtering, and the related tasks of blocking phishing and malware, require a layered defence that will include spam filtering (either in the cloud or at the edge), the best components of Exchange, junk mail filtering in Outlook and user education.

11. Security scanning

Scan early, scan often and investigate any alerts or anomalies. Attackers are probing your network at this very moment, and getting the same view of the landscape they have is the first step towards securing your systems. However, don’t limit yourself to only scanning from the outside. Many hacks are inside jobs, and often malware takes advantage of the same vulnerabilities, and can spread from one infected machine on the inside to all the rest quickly. Scan all your systems from the inside just as diligently, and deal with any findings quickly and completely.

12. Editing config files

Whether you are using Windows, Macs or Linux, at some point as a SysAdmin you are going to edit configuration files. Trust me on this one – use a text editor that automatically saves a backup before you begin. You will mess something up, and trying to undo changes can be extremely painful. Finding a pristine version of the original file may prove to be impossible. Simply restoring a copy of the original file can take a disaster and make things all better just like that.

13. Maintaining documentation

No admin maintains good docs. We just don’t. It’s a chronic shortcoming almost all of us share. However, maintaining documentation is one of those tasks we all know we need to do. Whether you use Visio or a whiteboard and markers, start making it a point to draw out what you are doing, and saving drawings and configs files for every system you maintain. Use SharePoint or a Wiki, and get anything you can into folders by system, to help with the documentation. A cell phone camera picture of a white board sketch is still better than no documentation at all, and maintaining documentation is one of those tasks that you just have to do. Waiting until the end to go back and document it all out later is doomed to fail, so don’t even pretend you are going to succeed with that approach.

14. Maintaining inventory

Hardware and software inventories are critical so that you can keep track of what you have in the environment. Whether you are planning for the next round of workstation upgrades for users, or just need to know if you have enough capacity in your VM farm to spin up a test machine, keeping good inventories will make your job easier. Look for systems management applications that can query systems both for their hardware capabilities and installed software, and update physical server and workstation entries with the service tags from the manufacturer, purchase or lease dates, and warranty information.

15. Licensing compliance

Here’s another task that is very little fun, but is also absolutely critical. Getting out of compliance with your licensing can lead to large fines and legal action, and the unplanned need to buy extra licenses of some software app that everyone installed from that open share can crush your budget. Use that same software inventory to make sure you have enough licenses for all the applications installed on your systems.

16. Repetitive Tasks

Repetitive tasks should be scripted as much as possible, both to save time and to eventually automate as many of these as you can. Start a text file or a OneNote notebook now, and save any and all command line tid-bits you either create on your own, or find online, to build up your own repository of “scriptlets”. Share these with other admins on your team, and if you have enough and the infrastructure, consider saving them to an internal Wiki or SharePoint site. The more you use (and reuse) these, the quicker you will find your scripting skills growing.

17. Change Management

A Wiki or SharePoint site is also a great place to keep your change management information. I don’t mean the forms you have to fill out for management approval; I mean the running change log you and your fellow admins should maintain through each day about any changes you make to systems, users, or groups, so that all the admins can quickly and easily see what has recently changed. Remember one of the first steps in troubleshooting is to determine what has changed, and having a simple running log of those changes can help everyone quickly fix any issues that come up.

18. Knowledge Base

Wikis and SharePoint sites can also be a great help in creating and maintaining an internal knowledge base of troubleshooting tips and tricks, as well as how-to documents relevant to your environment. Focus more on content than format, as the idea here is to make it simple to maintain, not necessarily pretty. As each admin or service desk user adds to the content, you can start to work on format and keywords, but both Wikis and SharePoint have great search capabilities, so you can quickly find content that can help you resolve issues.

19. Email influx

Email can be overwhelming, and a distraction that makes it nearly impossible to get other tasks done during your normal day. Here’s what works well for me:

• Spend the first half hour of your day responding to urgent emails, sorting informative emails you want to keep, and deleting the ones you either don’t need or won’t read.

• Disable the new email notification when you are working on complex or critical tasks. Just like the DND button on your phone, consider setting your email to work offline, or completely close it, when you need to focus.

• Set your smartphone to only check emails hourly, or manually, so that constant little buzz doesn’t break your routing.

• Reserve the last half hour of your day to go through the emails that have accumulated and that you don’t want to make wait until tomorrow.

20. Training

IT is the only career field out there that basically requires you to relearn major aspects of your job every three to five years. Do not short change your learning. If your company does have a training program, take advantage of it. If there’s no budget for it, look for free online training resources, blogs, wikis, how-to posts and anything else you can use to keep your knowledge up-to-date and your skills sharp. If you take lunch at your desk, make sure you spend at least two of those breaks each week learning a new skill or improving an existing one, and never stop making sure your management know that training is a critical part of your job. Spending regular time on developing your own skills helps to keep you relevant, and is also a big part of what makes most IT admins love their jobs.


Any time you can, take something difficult and make it routine – you can make your day just that much easier. Having a tried and true approach to any complicated SysAdmin task is the best way to get started with things, and getting started is the first step to completing them. The more you perform a tricky task, the sooner it will become routine, and we hope the tricks we provided above will help you move some of these from the challenging column to the easy column on your daily task list. And if you know of any other good methods to approach any of these tasks, or would like to share any other task we left out, leave us a comment below.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.