Overview of the Active Directory Management Pack
The Active Directory Management Pack for Microsoft Operations Manager (MOM) 2005 provides a predefined, ready-to-run set of processing rules, monitoring scripts, and reports that are designed specifically to monitor the performance and availability of the Active Directory® directory service. This Management Pack monitors events that are placed in the Application, System, and Directory Service event logs by various Active Directory components and subsystems. It also monitors the overall health of Active Directory and alerts you to critical performance issues.
This guide provides information about the most common Active Directory monitoring scenarios, state monitoring definitions, tasks, reports, and views. This guide also includes instructions for deploying and operating the Active Directory Management Pack.
The Active Directory Management Pack provides a complete Active Directory monitoring solution by:
Monitoring all aspects of Active Directory health.
Monitoring the health of vital processes that Active Directory depends on, including replication, Lightweight Directory Access Protocol (LDAP), DC Locator, trusts, Net Logon service, File Replication service (FRS), Intersite Messaging service, Windows Time service, and Key Distribution Center (KDC).
Monitoring service availability.
Collecting key performance data.
Providing comprehensive reports, including reports on service availability and service health and reports that can be useful for capacity planning.
By detecting and creating alerts for critical events, the Active Directory Management Pack helps to indicate, correct, and prevent possible Active Directory service outages.
This guide was developed using the Active Directory Management Pack for MOM 2005. To ensure that you are using the most recent version of the Active Directory Management Pack, see Microsoft Operations Manager Management Packs on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=33752.
On This Page
What’s New in the Active Directory Management Pack for MOM 2005
Monitoring Scenarios
State Monitoring Definitions
Tasks
Reports
Views
Agentless Monitoring Support
What’s New in the Active Directory Management Pack for MOM 2005
The Active Directory Management Pack for MOM 2005 provides the following improvements and additions:
Improved alert suppression.
Improved and updated knowledge for all alerts.
Global catalog availability tests, which are added to the Client Pack.
State level monitoring for key Active Directory components.
Topological views representing site links and connection objects.
Monitoring Scenarios
The Active Directory Management Pack is designed to provide valuable monitoring information for most implementations of Active Directory.
Note
The Active Directory Management Pack does not support monitoring multiple-forest Active Directory configurations. To monitor multiple forests using the Active Directory Management Pack, configure a separate MOM Management Group for each forest. For more information about how to configure MOM management groups, see Microsoft Operations Manager 2005 Help that is installed with Microsoft Operations Manager (MOM).
Table 1 describes the most common Active Directory Management Pack monitoring scenarios.
Table 1 Active Directory Management Pack Monitoring Scenarios
Scenario |
Description |
---|---|
Client Side Monitoring |
Tests the availability of Active Directory components from directory-enabled applications, for example, Microsoft® Exchange 2000 Server and Exchange Server 2003. Clients determine availability by:
|
Active Directory Trust Relationships |
Monitors trust relationship issues and detects problems with trusts between Active Directory domains and forests. |
Account and Authentication Issues |
Monitors Active Directory user authentication and account issues between domain controllers, including the following:
|
Net Logon service |
Monitors the health of the Net Logon service, including the following:
|
Universal Group Membership Caching |
Monitors issues with universal group membership caching, a new feature in Microsoft Windows Server™ 2003 that enables a domain controller to process user logon requests when a global catalog server is unavailable. |
Dependent Services |
Monitors issues related to the availability of services that are critical to Active Directory operations, including the following:
|
Active Directory Availability |
Monitors various aspects of Active Directory health that affect availability, including the following:
|
Replication |
Monitors replication issues or failures, including the following:
|
Performance Monitoring |
Collects various aspects of domain controller performance, including the following:
|
State Monitoring Definitions
The Active Directory Management Pack provides state monitoring based on the definitions in Table 2.
Note
The Active Directory Management Pack collects service discovery data every 30 minutes by default. Therefore, Active Directory–specific discovery data might not appear in the MOM Operator console until up to 30 minutes after the Management Pack is deployed.
Table 2 Active Directory Management Pack State Monitoring Definitions
State Indicator |
Description |
---|---|
Service Health |
Indicates the current health of the Active Directory directory service, focusing on the availability and responsiveness of the service. The following are monitored to determine service health:
|
Server Health |
Indicates the current health of the components and services that are operating on a domain controller. Includes checks to ensure that all essential services are available, analyzes LSASS and NTDSA for performance, and confirms that the domain controller is discoverable by itself using DC Locator. The following are also monitored:
|
Replication Health |
Indicates the overall health of Active Directory replication by monitoring the health of connection objects that are used for Active Directory replication between domain controllers and by monitoring the speed at which replication occurs between replication partners. |
Client View |
Indicates Active Directory health from the view of the Client Pack for any computer on which the Client Pack is installed. The Client Pack monitors global catalog and PDC emulator availability, as well as interface availability and performance from the client’s perspective. |
Tasks
Active Directory Management Pack tasks provide increased manageability by enabling you to manage Active Directory directly from the MOM console. The Active Directory Management Pack tasks that can be performed from the MOM console are described in Table 3.
Table 3 Active Directory Management Pack Tasks
Task |
Description |
---|---|
Replication Summary Snapshot |
Collects a snapshot of the current replication status from the perspective of the target computer by using the REPADMIN /replsum command. |
Service Principal Name Health |
Confirms service principal name (SPN) health on the target domain controllers. This task is useful for diagnosing replication authentication errors that are caused by nonexistent, manipulated, or duplicate SPN registrations, Kerberos ticket refresh, admin tool startup, user and computer logon authorization, and service startup. |
Enumerate Trusts |
Enumerates the trust relationships between Active Directory domains. |
Table 4 Active Directory Management Pack Advanced Tasks
Task |
Description |
---|---|
Active Directory Users and Computers Snap-in |
Opens the Active Directory Users and Computers snap-in on the local computer. |
ADSI Edit |
Opens ADSIEdit.mmc on the local computer. |
DCDiag |
Runs DCDiag.exe on a remote domain controller using parameters that are specified by the user. |
LDP |
Opens LDP.exe on the local computer. |
NETDIAG |
Runs Netdiag.exe on a remote domain controller using parameters that are specified by the user. |
NETDOM |
Runs Netdom.exe on a remote domain controller using parameters that are specified by the user. |
NLTEST |
Runs Nltest.exe on a remote domain controller using parameters that are specified by the user. |
REPADMIN |
Runs Repadmin.exe on a remote domain controller using parameters that are specified by the user. |
SETSPN |
Runs Setspn.exe on a remote domain controller using parameters that are specified by the user. |
Note
Many tasks that are listed in this table require the use of support tools. Support tools are located in the Support Tools directory on the Microsoft Windows® 2000 Server and Windows Server 2003 operating system CDs.
Reports
Active Directory Management Pack reports provide important information in the areas of trending, user account problems, configuration, and service level availability.
Data collection for the AD Replication Monitoring report is disabled by default. A MOM administrator must enable data collection for this report to run properly. For information about how to enable this report, see the Configuration information in the Active Directory Replication Latency Performance Data Collection — Sources (and Targets) Rule Group descriptions.
Table 5 describes reports that display Active Directory configuration information.
Table 5 Active Directory Configuration Reports
Report |
Description |
---|---|
AD Domain Controllers |
Lists all domain controllers in the selected domain, along with their Internet Protocol (IP) addresses and sites. |
AD Role Holders |
Lists which computers are holding one or more operations master roles or are global catalog servers. |
AD Replication Connection Objects |
Summarizes the Active Directory replication topology by providing a list of connection objects. Indicates the source domain controllers and target domain controllers and their respective sites, the transport types, and whether the connection objects are manually configured. |
AD Replication Site Links |
Summarizes the current replication site link configuration for Active Directory. |
Table 6 describes the report that displays disk space information for Active Directory.
Table 6 Active Directory Disk Space Report
Report |
Description |
---|---|
AD DC Disk Space |
Summarizes Active Directory disk space usage and free space for the database and log volumes. It is critical that adequate free space be available for Active Directory. Use this report to trend and predict the size of volumes that you will need, given your current growth rate. |
Table 7 describes reports that display Active Directory operations information.
Table 7 Active Directory Operations Reports
Report |
Description |
---|---|
AD Domain Changes |
Summarizes significant changes to the domain, such as movement of the PDC emulator operations master and the addition or removal of domain controllers. |
AD Machine Account Authentication Failures |
Summarizes which workstations (that are joined to the domain) are unable to authenticate. This failure can prevent Group Policy updates and software distribution to the computer. |
AD SAM Account Errors |
Summarizes events that indicate that the SAM has detected an error. Corrective guidance is provided where applicable. |
Table 8 describes reports that display Active Directory replication information.
Table 8 Active Directory Replication Reports
Report |
Description |
---|---|
AD Replication Bandwidth |
Summarizes the replication bandwidth (compressed and uncompressed) over the selected period. This report is useful for trending and capacity planning for replication bandwidth requirements. |
AD Replication Latency |
Summarizes the minimum, average, and maximum replication latency per naming context, per domain controller. This report is extremely useful in verifying any service level agreement (SLA) that you have for changes to replicate within the domain or forest. |
Views
Active Directory Management Pack views provide a way for administrators to scope the information that has been reported to MOM.
Tables 9, 10, 11, 12, 13, and 14 briefly describe the default public views that are provided with the Active Directory Management Pack.
Table 9 Active Directory Event Views
Category |
View |
---|---|
Client Side Monitoring |
Client Side Events |
Health Monitoring |
|
Table 10 Active Directory Performance Views
Category |
View |
---|---|
Discovery |
Number of Client Sessions |
Health Monitoring |
|
Replication Monitoring |
|
Table 11 Active Directory Alert Views
Category |
View |
---|---|
Health Monitoring |
|
Table 12 Active Directory Task Status Views
Category |
View |
---|---|
Task Status |
|
Table 13 Active Directory Computer Group Views
Category |
View |
---|---|
Discovery |
Domain Controllers by OS Version |
Table 14 Active Directory Diagram Views
Category |
View |
---|---|
Replication Topology |
|
Note
The Active Directory Management Pack collects service discovery data every 30 minutes by default. Therefore, Active Directory–specific discovery data might not appear in the MOM Operator console until up to 30 minutes after the Management Pack is deployed..
Agentless Monitoring Support
The Active Directory Management Pack for MOM 2005 does not support agentless monitoring.