“Is our CMDB any good?” is one of those questions where the polite answer and the honest answer rarely match. The polite answer is the green tile on a dashboard. The honest answer takes about a week and three interviews.

Here’s the audit I actually run.

The five queries I trust more than any dashboard

  1. Stale CIs by class. Group cmdb_ci by class, count records last updated more than 90 days ago. Anything above ~20% on a class that should be discovery-fed is a red flag.
  2. Orphaned relationships. cmdb_rel_ci rows where the parent or child is retired, missing, or doesn’t match the relationship type definition. There are always more than you expect.
  3. Duplicate hosts. Same FQDN, different sys_ids, both active. Usually a discovery scope or correlation rule problem.
  4. Class drift. CIs in a parent class that should have been promoted to a more specific child by now (servers stuck as cmdb_ci_computer instead of cmdb_ci_server).
  5. Owner-less CIs. Anything missing a support group or assigned-to that’s also tied to a P1-eligible service. These show up at the worst possible moment.

The three interviews that actually move the needle

You can stare at queries forever. The audit only gets useful when you talk to:

  • The discovery owner. What’s in scope? What was scoped and quietly turned off? Why?
  • The change manager. Are CRs blocked on missing CIs? How often is the answer “just create a stub”?
  • One incident commander. Walk through the last two P1s. Did the CMDB help, or did Slack?

You’ll learn more in 90 minutes of conversation than in a week of querying.

The follow-up I always regret skipping

Schedule the next audit before you finish writing the current one up. CMDB quality decays unless someone owns it, and “we’ll check back next quarter” almost always becomes “we’ll check back when something breaks”. Put it on a calendar with a name attached.

What good looks like

A healthy CMDB doesn’t mean a complete one. It means: the CIs that matter are accurate, owned, and connected to the services they support. Everything else is noise you can prune later.

If your audit produces a report no one reads, the audit was the deliverable. If it produces three concrete tickets and a named owner, you actually moved the platform forward.