Prerequisites for monitoring Active Directory metrics: Click here
Using the REST API to add a new Active Directory monitor: Click here
To create a new Active Directory monitor, follow the steps given below:
Go to the Monitors Category View by clicking the Monitors tab. Click on the Active Directory instance available in the Services section. Displayed is the Active Directory monitor's bulk configuration view distributed into three tabs:
Active Directory Monitor connects to the Active Directory server and checks its availability. Active Directory Counters that are monitored by Applications Manager are given below:
Parameters | Description |
---|---|
Time Synchronization * | |
Primary DC | Name of the Primary Domain Controller in the domain. |
Time Offset from Primary DC | Offset time from the Primary Domain Controller. |
Network Monitors | |
AB Client Sessions | AB Client Sessions is the number of connected Address Book client sessions. |
DS Notify Queue Size | The number of pending update notifications that have been queued, but not yet transmitted to clients |
Database Monitors | |
Database Disk Free Space | Shows the total usable space on the selected logical disk drive that was free (in MB). |
Database File Size | Shows the Database File Size (in MB). |
Database Disk Total Size | Shows the Total Size of the disk drive (in MB). |
NTFRS Process Monitors | |
NTFRS CPU Usage | Percentage of elapsed time that all of the threads of NTFRS process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions is included in this count. |
NTFRS Handle Count | Total number of handles the NTFRS process has open. This number is the sum of the handles currently open by each thread in the process. |
NTFRS Process File Reads | Rate at which the NTFRS process is reading bytes from I/O operations. This property counts all I/O activity generated by the NTFRS process to include file, network, and device I/Os. |
NTFRS Process File Writes | Rate at which the NTFRS process is writing bytes to I/O operations. This property counts all I/O activity generated by the NTFRS process to include file, network, and device I/Os |
NTFRS Process Memory | Amount of memory in bytes that a NTFRS process needs to execute efficiently—for an operating system that uses page-based memory management. If the system does not have enough memory (less than the working set size), thrashing occurs. If the size of the working set is not known, use NULL or 0 (zero). |
DFSR Process Monitors | |
DFSR CPU Usage | Percentage of elapsed time that all of the threads of DFSR process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions is included in this count. |
DFSR Handle Count | Total number of handles the DFSR process has open. This number is the sum of the handles currently open by each thread in the process. |
DFSR Process File Reads | Rate at which the DRSR process is reading bytes from I/O operations. This property counts all I/O activity generated by the DRSR process to include file, network, and device I/Os. |
DFSR Process File Writes | Rate at which the DFSR process is writing bytes to I/O operations. This property counts all I/O activity generated by the DFSR process to include file, network, and device I/Os. |
DFSR Process Memory | Amount of memory in bytes that a DFSR process needs to execute efficiently—for an operating system that uses page-based memory management. If the system does not have enough memory (less than the working set size), thrashing occurs. If the size of the working set is not known, use NULL or 0. |
System Monitors | |
CPU Utilization | Percentage of time that the processor is executing a non-idle thread. This property was designed as a primary indicator of processor activity. It is calculated by measuring the time that the processor spends executing the thread of the idle process in each sample interval and subtracting that value from 100%. |
Disk Utilization | It is calculted as follows ((size-freesize)/size)*100
where size - It is the total Size of the disk drive on Logical Disk freesize - Space, in bytes, available on the logical disk |
Memory Utilization | It is calculated as follows
((TotalVisibleMemorySize- FreePhysicalMemory)/TotalVisibleMemorySize)*100 where TotalVisibleMemorySize - Total amount, in kilobytes, of physical memory available to the operating system. This value does not necessarily indicate the true amount of physical memory, but what is reported to the operating system as available to it. FreePhysicalMemory - Number, in kilobytes, of physical memory currently unused and available. |
Number of Processes | Number of process contexts currently loaded or running on the operating system. |
OS Processor Queue Length | Number of threads in the processor queue. There is a single queue for processor time even on computers with multiple processors. Unlike the disk counters, this property counts ready threads only, not threads that are running. |
Performance Counter Monitors | |
DS Client Binds | Shows the number of Ntdsapi.dll binds per second serviced by this domain controller. |
DS Server Binds Per Sec | Shows the number of domain controller–to–domain controller binds per second that are serviced by this domain controller. |
Directory Reads Per Sec | Shows the number of directory reads per second. |
Directory Writes Per Sec | Shows the number of directory writes per second. |
NTLM Authentications | Shows the number of NTLM authentications per second serviced by this domain controller. |
Kerberos Authentications | Shows the number of times per second that clients use a ticket to this domain controller to authenticate to this domain controller. |
LSASS Process Monitors | |
LSASS CPU Usage | Percentage of elapsed time that all of the threads of LSASS process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions is included in this count. |
LSASS Handle Count | Total number of handles the LSASS process has open. This number is the sum of the handles currently open by each thread in the LSASS process. |
LSASS Process File Reads | Rate at which the LSASS process is reading bytes from I/O operations. This property counts all I/O activity generated by the LSASS process to include file, network, and device I/Os. |
LSASS Process File Writes | Rate at which the LSASS process is writing bytes to I/O operations. This property counts all I/O activity generated by the LSASS process to include file, network, and device I/Os |
LSASS Process Memory | Amount of memory in bytes that a LSASS process needs to execute efficiently—for an operating system that uses page-based memory management. If the system does not have enough memory (less than the working set size), thrashing occurs. If the size of the working set is not known, use NULL or 0 (zero). |
LDAP Stats | |
LDAP Active Threads | Shows the current number of threads in use by the LDAP subsystem of the local directory service. |
LDAP Bind Time | Shows the time, in milliseconds, taken for the last successful LDAP bind. |
LDAP Client Sessions | Shows the number of currently connected LDAP client sessions |
LDAP Searches Per Sec | Shows the rate at which LDAP clients perform search operations |
LDAP UDP operations Per Sec | Shows the number of User Datagram Protocol (UDP) operations that the LDAP server is processing per second. |
LDAP Writes Per Sec | Shows the rate at which LDAP clients perform write operations. |
Replication Stats | |
Replication Objects Applied Per Sec | Shows the rate at which replication updates received from replication partners are applied by the local directory service. This counter excludes changes that are received but not applied |
Replication Objects Remaining | Shows the number of object updates received in the current directory replication update packet that have not yet been applied to the local server. |
Total Replication Objects In /Sec | Shows the number of objects received from neighbors through inbound replication. A neighbor is a domain controller from which the local domain controller replicates locally. |
Total Replication Objects Out /Sec | Shows the number of objects replicated out. |
Replication Traffic In | Shows the total number of bytes replicated in. This counter is the sum of the number of uncompressed bytes (never compressed) and the number of compressed bytes (after compression). |
Replication Traffic Out | Shows the total number of bytes replicated out. This counter is the sum of the number of uncompressed bytes (never compressed) and the number of compressed bytes (after compression) |
Active Directory Services | |
Kerberos Key Distribution Center Service | The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS). . |
Server Service | This service enables the computer to connect to other computers on the network based on the SMB protocol |
Net Logon Service | This service supports pass-through authentication of account logon events for computers in a domain |
Workstation Service | This service enables the computer to connect to other computers on the network based on the SMB protocol. |
Remote Procedure Call (RPC) Service | This service provides the name services for RPC clients. |
Security Accounts Manager Service | This service signals other services that the Security Accounts Manager subsystem is ready to accept requests. |
File Replication Service | This service maintains file synchronization of file directory contents among multiple servers |
DNS Client Service | This service resolves and caches (Domain Name Server) DNS names. |
Intersite Messaging Service | This service is used for mail-based replication between sites. Active Directory includes support for replication between sites by using SMTP over IP transport. |
Windows Time service | The service synchronizes the time between domain controllers, which prevents time skews from occurring. |
Active Directory Domain Services | Service of the Active Directory Domain Controller. |
Active Directory Web Services | Service that provides Web Service interface to instances of the directory service (AD DS and AD LDS) that are running locally on the server. |
* Time Synchronization data is available only if the monitored AD server is a Secondary Domain Controller. These metrics are mapped under Settings → Performance Polling → Optimize Data Collection → Monitor Type → Active Directory
Replication is the process of sending update information for data that has changed in the directory to other domain controllers. It is important to have a firm understanding of replication and how it takes place, both within the domain and in multiple-site environments.
Monitoring for Active Directory Replication - If there are two or more domain controllers,that are replicating changes to each other, the replication statistics information will be displayed in the Replication Statistics tab. In a Single-Domain-controller setup,no replication stats will be shown.
Parameters | Description |
---|---|
Domain Controller | |
Domain Controller Site | The Site that the host domain controller resides in. |
Is Global Catalog Server | Provides a value of true / false. True,if the domain controller is a global catalog server. |
Percent of RIDs Left | The percentage of Relative Identifiers left in RID Pool. |
Pending Replication Operations | The count of Pending Replication Operations. |
Replication Partners | |
Partition Name | DN of the Naming Context(Partition) for which the partners replicate. |
Source DC | CN of directory system agent (DSA) that represents the source domain controller (DC). |
Source DC Domain | The canonical name of the domain of the replicated NC. |
Source DC Site | The site that contains the source DC. |
Time of Last Sync Attempt | The timestamp for the last replication attempt. |
Time of Last Sync Success | The timestamp for the last successful replication attempt. |
Consecutive Failure Count | The number of consecutive failed replication attempts. |
Last Sync Result | Values can be Success or Failed. |
Pending Replications | |
Partition Name | The X.500 path of the naming context (NC) that is associated with this operation. |
Source DC | CN of directory system agent (DSA) that represents the source domain controller (DC). |
Time Enqueued | The time at which this operation was added to the queue. |
Operation Start Time | The time when the operation was started.NULL if operation is still in Queue. |
Position in Queue | The position of this operation in the queue. |
Parameters | Description |
---|---|
Port Connectivity * | |
Port Name | The name of the port monitored. |
Port Number | The port number specified for that port. |
Connectivity Status | Specifies if the connection is UP / DOWN. |
Response Time(ms) | The time taken to check the connectivity status in milliseconds. |
Network Interface | |
Name | The display name of the network connector |
Speed (Mbps) | The interface's current bandwidth in megabits per second (Mbps). |
Input Traffic (MBps) | The rate at which bytes are received on the interface, including framing characters. |
Output Traffic (MBps) | The rate at which bytes are sent on the interface, including framing characters. |
* Metrics for Port Connectivity are mapped under Settings → Performance Polling → Optimize Data Collection → Monitor Type → Active Directory
"<portname>:<portnumber>" Example: "DNS:53"
Example: # "DNS:53"
* Metrics for Diagnostic Tests are mapped under Settings → Performance Polling → Optimize Data Collection → Monitor Type → Active Directory. Default polling interval is 60 minutes.