SlideShare a Scribd company logo

Monitoring active-directory

Prince JabaKumar
Prince JabaKumar

Active Directory is critical Windows infrastructure that allows users to access network resources and authenticate. It is important to monitor Active Directory to prevent outages that can block all users. OpManager monitors Active Directory by checking the availability and performance of services, resources, processes, and event logs to detect and alert on issues before they seriously impact users. It monitors over 50 Active Directory parameters and provides dashboards and alerts to help administrators address problems promptly.

1 of 8
Download to read offline
Monitoring Active Directory Using OpManager Active Directory is Microsoft’s implementation of LDAP directory services for Windows environments. It allows administrators to implement company wide policies on access to resources and services by the users. Active Directory is usually installed in Windows 2003 or 2000 server and together they are called the Domain Controllers. If active directory fails, it would affect the entire user base, as they won’t be able to logon to their systems, access critical information from other servers, or send/receive emails. In this section lets see how a Network Monitoring Tool such as OpManager can help administrators prevent Active Directory nightmares!
A Sample Active Directory Nightmare Imagine a scenario where your CEO logs into his laptop and it says access denied. Probably he just forgot to release the CAPS LOCK key (you are saved) or the Kerberos Key Distribution Center Service that plays a vital role in user authentication has stopped functioning and is forcing every Windows user from logging into the domain (you are in trouble). There is no way your CEO could imagine that a simple service running at a server in an isolated room could stop him from working. All that everybody wants is uninterrupted network access. Most of the IT helpdesk tickets originate from issues spawning from users trying to access resources outside one’s computer. Active directory forms the crux of this ever-active access system. For instance common operations such as user authentication, exchange mail routing, depend on Active Directory. This makes continuous monitoring of Active Directory and related services very important – so that you may also stay away from nasty nightmare! What should you monitor in active directory? There are a little over half-a-dozen Active Directory components that can cause an access problem to a user. Few important factors that you need to monitor on AD are: • System Resources Availability • Responsiveness of LDAP • Availability of DNS Client Service • Availability of Kerberos Key Distribution Center Service • Availability of Net Log On Service • Health of File Replication Service (FRS) System Resources Availability: Hardware failures, insufficient disk space etc., are common problems causing a server to crash. Requests to the Active Directory need to be served fast. This requires the CPU, Memory, and Disk Space of the server that hosts Active Directory to be running at optimal levels and monitored 24*7. Responsiveness of LDAP: LDAP is the client used to retrieve directory information. Monitoring LDAP parameters like LDAP Bind Time, number of Active Connections, LDAP Searches, and LDAP Writes is a proactive step in ensuring its availability. Availability of DNS Client Service: DNS lookup failure can cause problems. The Domain Controller might not have been able to register DNS records, which actually vouches for the Domain Controllers availability. This results in the other Domain Controllers, users, and computers in the domain in not locating this DC which again might lead to replication failure. Refer this article for troubleshooting AD related DNS problems. Availability of Kerberos Key Distribution Center Service: Active Directory depends on this service for authentication. Failure of this service leads to log-on failures. Refer this article to know how this service works. Availability of Net Log On Service: Request to authenticate users is served by this service. Failure of this service also makes the log-on impossible. The Domain Controller will not be able
to accept log-on requests if this service is not available. Health of File Replication Service (FRS): FRS service replicates the objects in Active Directory among all the Domain Controllers in a network (if you have more than one domain controller). This is done to ensure round-the-clock accessibility to the information on the AD. This can be across the LAN or the WAN. When the FRS fails, the objects are not replicated on the other Domain Controllers. In the event of the primary DC failing, when the secondary (the slave) takes over the request, it will not have the user account replicated. This will cause the log-on failure. The replication failure can also occur because of incorrect DNS configuration. Miscellaneous: There can be other reasons like no network connectivity, too many applications accessing the DC at a time etc. Active Directory monitoring with OpManager OpManager monitors all the services and resources on which Active Directory relies for proper functioning. You can configure thresholds and get instantly notified if something is crossing safe limits. Monitor domain controller’s availability OpManager offers a dashboard view of your domain controller’s availability with options to see availability statistics for the past week, month etc. Monitor domain controller’s health System resources usage gives you real-time status of the health of your domain controller. Details such as CPU utilization, Memory utilization, and disc utilization can be viewed from here.
Monitor the performance counters Active directory performance counters such as directory reads, directory writes, Kerberos authentications etc can be viewed from here. Monitor the Active Directory services Key active directory services such as Windows Time Service, DNS Client Service, File Replication Service, Inter-site Messaging Service, Kerberos Key Distribution Center Service, Security Accounts Manager Service, Server Service Workstation Service, RPC Service, and Net Logon Service.
Complete list of active directory parameters monitored by OpManager Here’s a tree view of the entire set of parameters monitored by OpManager to ensure that your Active Directory doesn’t popup unlikely surprises. • Availability o Availability o Response time o Packet loss • Resources o CPU o Memory o Disc • AD services o Windows Time Service o DNS Client Service o File Replication Service o Intersite Messaging Service o Kerberos Key Distribution Center Service o Security Accounts Manager Service o Server Service o Workstation Service o RPC Service o Net Logon Service • AD Network parameters o AB Client Sessions
o DS Notify Queue Size o LDAP Active Threads o LDAP Bind Time o LDAP Client Sessions o Number of Clients • AD Database parameters o Database Free Space o Database Size o Database Total Size o Replication Objects Applied o Replication Objects Remaining • AD Process Monitors o LSASS / NTFRS CPU Usage o LSASS / NTFRS Handle Count o LSASS / NTFRS Process File Reads o LSASS / NTFRS Process File Writes o LSASS / NTFRS Process Memory • AD performance counters o DS Client Binds o DS Server Binds o Directory Reads o Directory Writes o Kerberos Authentications o LDAP Searches o LDAP UDP Operations o LDAP Writes o NTLM Authentications o Replication (Total) Objects In o Replication (Total) Objects Out o Replication Traffic In o Replication Traffic Out Monitoring active directory using event logs Active Directory writes detailed event logs during failure. You can view event logs from your Windows Event Viewer (start - settings - control panel- administrative tools - event viewer). Each active directory component failure has a pre-defined event ID with a detailed message for the failure event. OpManager allows monitoring these windows event logs using pre-defined event log rules. OpManager monitors the event logs and based on the rule it generates OpManager alarms. Event Logs Monitoring for the Domain Controllers is configured as follows: • Click 'Event Log Rules' on the right in the DC's snapshot page • Scroll down to 'File Replication Service' and 'Directory Service' sections and select the rules for the failures for which you want to be notified. The selected rules will be associated to the devices. Besides receiving alarms for the default rules, you can configure new rules for the required Windows Event IDs.
Here are some IDs for which you might want OpManager to raise an alarm. (Please note that this is only a subset of a whole lot of Windows Event Logs for various services and parameters related to Active Directory.) Service Event ID Net Logon Service 5774, 5775, 5781, 5783, 5805 FRS Service 13508, 13509, 13511, 13522, 13526 Windows Time Service 13,14, 52 to 56, 60 to 64 LDAP related 40960, 40961 LSASS related 1000, 1015 Kerberos related 675, 676, 1002, 1005, 9004 (last three are related to Exchange server) NTLM authentication 680, 681 Instant notification from OpManager Besides monitoring the Active Directory components, OpManager raises alarms when a service is unavailable. Configuring response time or resource utilization thresholds for the critical services and parameters alerts you much ahead of the actual problem. OpManager allows you to create and assign notification profiles to Domain Controllers. When any of the monitors fail, an email or SMS alert is sent to the pre-configured Ids. Active Directory Down. Hurry up. Look busy. Also post resume on DICE Summary OpManager offers excellent Active Directory monitoring capabilities and helps you stay away from Active Directory nightmares. To test drive active directory monitoring download the latest OpManager build from www.opmanager.com.
Monitoring active-directory

Recommended

200308 Active Directory Security
200308 Active Directory Security200308 Active Directory Security
200308 Active Directory Security
Armando Leon
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
HDFS Selective Wire Encryption
HDFS Selective Wire EncryptionHDFS Selective Wire Encryption
HDFS Selective Wire Encryption
Konstantin V. Shvachko
 
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
Concentrated Technology
 
Ctive directory interview question and answers
Ctive directory interview question and answersCtive directory interview question and answers
Ctive directory interview question and answers
sankar palla
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guidewebhostingguy
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoS
APNIC
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 

Recommended

200308 Active Directory Security
200308 Active Directory Security200308 Active Directory Security
200308 Active Directory Security
Armando Leon
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
HDFS Selective Wire Encryption
HDFS Selective Wire EncryptionHDFS Selective Wire Encryption
HDFS Selective Wire Encryption
Konstantin V. Shvachko
 
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
WinConnections Spring, 2011 - How to Securely Connect Remote Desktop Services...
Concentrated Technology
 
Ctive directory interview question and answers
Ctive directory interview question and answersCtive directory interview question and answers
Ctive directory interview question and answers
sankar palla
 
Windows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory GuideWindows Server 2008 Active Directory Guide
Windows Server 2008 Active Directory Guidewebhostingguy
 
Thoughts about DNS for DDoS
Thoughts about DNS for DDoSThoughts about DNS for DDoS
Thoughts about DNS for DDoS
APNIC
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
Nishad Sukumaran
 
NoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RATNoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RAT
HenryBowers
 
Final domain control policy
Final domain control policy Final domain control policy
Final domain control policy
BhagyashriJadhav16
 
Network and System Administration chapter 2
Network and System Administration chapter 2Network and System Administration chapter 2
Network and System Administration chapter 2
IgguuMuude
 
Active directory migration from windows server 2003 to windows server 2012
Active directory migration from windows server 2003 to windows server 2012Active directory migration from windows server 2003 to windows server 2012
Active directory migration from windows server 2003 to windows server 2012Ravi Kumar Lanke
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]
sourav nanda
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
Kashif Khan
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 ppt
Raj Solanki
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewAlexander Schek
 
Oracle cloud environment architecture orientation
Oracle cloud environment architecture orientationOracle cloud environment architecture orientation
Oracle cloud environment architecture orientation
Osama Abdullah
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
Amazon Web Services
 
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache ServiceRedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
Redis Labs
 
Mcse 2012
Mcse 2012Mcse 2012
Mcse 2012
Mohammed Zainul Abiddin
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
Amazon Web Services
 
1225 case study
1225 case study1225 case study
1225 case study
Michael Brown
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
202066
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
 
Server 2012 r2 remote desktop services
Server 2012 r2 remote desktop servicesServer 2012 r2 remote desktop services
Server 2012 r2 remote desktop services
Nihat ALTINMAKAS
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 
Active directoryfinal
Active directoryfinalActive directoryfinal
Active directoryfinalRafał Kucharski
 
High volume real time contiguous etl and audit
High volume real time contiguous etl and auditHigh volume real time contiguous etl and audit
High volume real time contiguous etl and audit
Remus Rusanu
 

More Related Content

What's hot

NoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RATNoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RAT
HenryBowers
 
Final domain control policy
Final domain control policy Final domain control policy
Final domain control policy
BhagyashriJadhav16
 
Network and System Administration chapter 2
Network and System Administration chapter 2Network and System Administration chapter 2
Network and System Administration chapter 2
IgguuMuude
 
Active directory migration from windows server 2003 to windows server 2012
Active directory migration from windows server 2003 to windows server 2012Active directory migration from windows server 2003 to windows server 2012
Active directory migration from windows server 2003 to windows server 2012Ravi Kumar Lanke
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]
sourav nanda
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
Kashif Khan
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 ppt
Raj Solanki
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewAlexander Schek
 
Oracle cloud environment architecture orientation
Oracle cloud environment architecture orientationOracle cloud environment architecture orientation
Oracle cloud environment architecture orientation
Osama Abdullah
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
Amazon Web Services
 
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache ServiceRedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
Redis Labs
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
Amazon Web Services
 
1225 case study
1225 case study1225 case study
1225 case study
Michael Brown
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
202066
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
 
Server 2012 r2 remote desktop services
Server 2012 r2 remote desktop servicesServer 2012 r2 remote desktop services
Server 2012 r2 remote desktop services
Nihat ALTINMAKAS
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 

What's hot (20)

NoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RATNoCOUG Presentation on Oracle RAT
NoCOUG Presentation on Oracle RAT
 
Final domain control policy
Final domain control policy Final domain control policy
Final domain control policy
 
Network and System Administration chapter 2
Network and System Administration chapter 2Network and System Administration chapter 2
Network and System Administration chapter 2
 
Active directory migration from windows server 2003 to windows server 2012
Active directory migration from windows server 2003 to windows server 2012Active directory migration from windows server 2003 to windows server 2012
Active directory migration from windows server 2003 to windows server 2012
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 ppt
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 Overview
 
Oracle cloud environment architecture orientation
Oracle cloud environment architecture orientationOracle cloud environment architecture orientation
Oracle cloud environment architecture orientation
 
Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache ServiceRedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
RedisConf18 - Open Source Built for Scale: Redis in Amazon ElastiCache Service
 
Mcse 2012
Mcse 2012Mcse 2012
Mcse 2012
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
 
1225 case study
1225 case study1225 case study
1225 case study
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
 
Server 2012 r2 remote desktop services
Server 2012 r2 remote desktop servicesServer 2012 r2 remote desktop services
Server 2012 r2 remote desktop services
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
 

Similar to Monitoring active-directory

High volume real time contiguous etl and audit
High volume real time contiguous etl and auditHigh volume real time contiguous etl and audit
High volume real time contiguous etl and audit
Remus Rusanu
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsLDAPCon
 
MYSQL
MYSQLMYSQL
MYSQL
gilashikwa
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerLDAPCon
 
Microsoft Infrastructure Monitoring using OpManager
Microsoft Infrastructure Monitoring using OpManagerMicrosoft Infrastructure Monitoring using OpManager
Microsoft Infrastructure Monitoring using OpManager
ManageEngine
 
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux OverviewNordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Travis Wright
 
BIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedBIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To Advanced
Mustafa Golam
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
Amazon Web Services
 
SQL Explore 2012: P&T Part 1
SQL Explore 2012: P&T Part 1SQL Explore 2012: P&T Part 1
SQL Explore 2012: P&T Part 1sqlserver.co.il
 
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Redis Labs
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical ServicesJani Sabtriady
 
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and... DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
PROIDEA
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentationwebhostingguy
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentationwebhostingguy
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
Amazon Web Services
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
Null talk
Null talkNull talk
Null talk
Agam Jain
 

Similar to Monitoring active-directory (20)

Active directoryfinal
Active directoryfinalActive directoryfinal
Active directoryfinal
 
High volume real time contiguous etl and audit
High volume real time contiguous etl and auditHigh volume real time contiguous etl and audit
High volume real time contiguous etl and audit
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clients
 
MYSQL
MYSQLMYSQL
MYSQL
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory Server
 
Microsoft Infrastructure Monitoring using OpManager
Microsoft Infrastructure Monitoring using OpManagerMicrosoft Infrastructure Monitoring using OpManager
Microsoft Infrastructure Monitoring using OpManager
 
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux OverviewNordic infrastructure Conference 2017 - SQL Server on Linux Overview
Nordic infrastructure Conference 2017 - SQL Server on Linux Overview
 
BIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To AdvancedBIND DNS IPWorks Introduction To Advanced
BIND DNS IPWorks Introduction To Advanced
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
SQL Explore 2012: P&T Part 1
SQL Explore 2012: P&T Part 1SQL Explore 2012: P&T Part 1
SQL Explore 2012: P&T Part 1
 
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
 
Domain Controller Critical Services
Domain Controller Critical ServicesDomain Controller Critical Services
Domain Controller Critical Services
 
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and... DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
Null talk
Null talkNull talk
Null talk
 
10135 b 11
10135 b 1110135 b 11
10135 b 11
 

Recently uploaded

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 

Recently uploaded (20)

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 

Monitoring active-directory

  • 1. Monitoring Active Directory Using OpManager Active Directory is Microsoft’s implementation of LDAP directory services for Windows environments. It allows administrators to implement company wide policies on access to resources and services by the users. Active Directory is usually installed in Windows 2003 or 2000 server and together they are called the Domain Controllers. If active directory fails, it would affect the entire user base, as they won’t be able to logon to their systems, access critical information from other servers, or send/receive emails. In this section lets see how a Network Monitoring Tool such as OpManager can help administrators prevent Active Directory nightmares!
  • 2. A Sample Active Directory Nightmare Imagine a scenario where your CEO logs into his laptop and it says access denied. Probably he just forgot to release the CAPS LOCK key (you are saved) or the Kerberos Key Distribution Center Service that plays a vital role in user authentication has stopped functioning and is forcing every Windows user from logging into the domain (you are in trouble). There is no way your CEO could imagine that a simple service running at a server in an isolated room could stop him from working. All that everybody wants is uninterrupted network access. Most of the IT helpdesk tickets originate from issues spawning from users trying to access resources outside one’s computer. Active directory forms the crux of this ever-active access system. For instance common operations such as user authentication, exchange mail routing, depend on Active Directory. This makes continuous monitoring of Active Directory and related services very important – so that you may also stay away from nasty nightmare! What should you monitor in active directory? There are a little over half-a-dozen Active Directory components that can cause an access problem to a user. Few important factors that you need to monitor on AD are: • System Resources Availability • Responsiveness of LDAP • Availability of DNS Client Service • Availability of Kerberos Key Distribution Center Service • Availability of Net Log On Service • Health of File Replication Service (FRS) System Resources Availability: Hardware failures, insufficient disk space etc., are common problems causing a server to crash. Requests to the Active Directory need to be served fast. This requires the CPU, Memory, and Disk Space of the server that hosts Active Directory to be running at optimal levels and monitored 24*7. Responsiveness of LDAP: LDAP is the client used to retrieve directory information. Monitoring LDAP parameters like LDAP Bind Time, number of Active Connections, LDAP Searches, and LDAP Writes is a proactive step in ensuring its availability. Availability of DNS Client Service: DNS lookup failure can cause problems. The Domain Controller might not have been able to register DNS records, which actually vouches for the Domain Controllers availability. This results in the other Domain Controllers, users, and computers in the domain in not locating this DC which again might lead to replication failure. Refer this article for troubleshooting AD related DNS problems. Availability of Kerberos Key Distribution Center Service: Active Directory depends on this service for authentication. Failure of this service leads to log-on failures. Refer this article to know how this service works. Availability of Net Log On Service: Request to authenticate users is served by this service. Failure of this service also makes the log-on impossible. The Domain Controller will not be able
  • 3. to accept log-on requests if this service is not available. Health of File Replication Service (FRS): FRS service replicates the objects in Active Directory among all the Domain Controllers in a network (if you have more than one domain controller). This is done to ensure round-the-clock accessibility to the information on the AD. This can be across the LAN or the WAN. When the FRS fails, the objects are not replicated on the other Domain Controllers. In the event of the primary DC failing, when the secondary (the slave) takes over the request, it will not have the user account replicated. This will cause the log-on failure. The replication failure can also occur because of incorrect DNS configuration. Miscellaneous: There can be other reasons like no network connectivity, too many applications accessing the DC at a time etc. Active Directory monitoring with OpManager OpManager monitors all the services and resources on which Active Directory relies for proper functioning. You can configure thresholds and get instantly notified if something is crossing safe limits. Monitor domain controller’s availability OpManager offers a dashboard view of your domain controller’s availability with options to see availability statistics for the past week, month etc. Monitor domain controller’s health System resources usage gives you real-time status of the health of your domain controller. Details such as CPU utilization, Memory utilization, and disc utilization can be viewed from here.
  • 4. Monitor the performance counters Active directory performance counters such as directory reads, directory writes, Kerberos authentications etc can be viewed from here. Monitor the Active Directory services Key active directory services such as Windows Time Service, DNS Client Service, File Replication Service, Inter-site Messaging Service, Kerberos Key Distribution Center Service, Security Accounts Manager Service, Server Service Workstation Service, RPC Service, and Net Logon Service.
  • 5. Complete list of active directory parameters monitored by OpManager Here’s a tree view of the entire set of parameters monitored by OpManager to ensure that your Active Directory doesn’t popup unlikely surprises. • Availability o Availability o Response time o Packet loss • Resources o CPU o Memory o Disc • AD services o Windows Time Service o DNS Client Service o File Replication Service o Intersite Messaging Service o Kerberos Key Distribution Center Service o Security Accounts Manager Service o Server Service o Workstation Service o RPC Service o Net Logon Service • AD Network parameters o AB Client Sessions
  • 6. o DS Notify Queue Size o LDAP Active Threads o LDAP Bind Time o LDAP Client Sessions o Number of Clients • AD Database parameters o Database Free Space o Database Size o Database Total Size o Replication Objects Applied o Replication Objects Remaining • AD Process Monitors o LSASS / NTFRS CPU Usage o LSASS / NTFRS Handle Count o LSASS / NTFRS Process File Reads o LSASS / NTFRS Process File Writes o LSASS / NTFRS Process Memory • AD performance counters o DS Client Binds o DS Server Binds o Directory Reads o Directory Writes o Kerberos Authentications o LDAP Searches o LDAP UDP Operations o LDAP Writes o NTLM Authentications o Replication (Total) Objects In o Replication (Total) Objects Out o Replication Traffic In o Replication Traffic Out Monitoring active directory using event logs Active Directory writes detailed event logs during failure. You can view event logs from your Windows Event Viewer (start - settings - control panel- administrative tools - event viewer). Each active directory component failure has a pre-defined event ID with a detailed message for the failure event. OpManager allows monitoring these windows event logs using pre-defined event log rules. OpManager monitors the event logs and based on the rule it generates OpManager alarms. Event Logs Monitoring for the Domain Controllers is configured as follows: • Click 'Event Log Rules' on the right in the DC's snapshot page • Scroll down to 'File Replication Service' and 'Directory Service' sections and select the rules for the failures for which you want to be notified. The selected rules will be associated to the devices. Besides receiving alarms for the default rules, you can configure new rules for the required Windows Event IDs.
  • 7. Here are some IDs for which you might want OpManager to raise an alarm. (Please note that this is only a subset of a whole lot of Windows Event Logs for various services and parameters related to Active Directory.) Service Event ID Net Logon Service 5774, 5775, 5781, 5783, 5805 FRS Service 13508, 13509, 13511, 13522, 13526 Windows Time Service 13,14, 52 to 56, 60 to 64 LDAP related 40960, 40961 LSASS related 1000, 1015 Kerberos related 675, 676, 1002, 1005, 9004 (last three are related to Exchange server) NTLM authentication 680, 681 Instant notification from OpManager Besides monitoring the Active Directory components, OpManager raises alarms when a service is unavailable. Configuring response time or resource utilization thresholds for the critical services and parameters alerts you much ahead of the actual problem. OpManager allows you to create and assign notification profiles to Domain Controllers. When any of the monitors fail, an email or SMS alert is sent to the pre-configured Ids. Active Directory Down. Hurry up. Look busy. Also post resume on DICE Summary OpManager offers excellent Active Directory monitoring capabilities and helps you stay away from Active Directory nightmares. To test drive active directory monitoring download the latest OpManager build from www.opmanager.com.