Active Directory Management Pack Operations

  • Article

To maintain the general health of your Active Directory environment, triage all Active Directory Management Pack alerts on a daily basis. In addition, perform other operations on a regular basis, depending on your environment.

There are minor issues that can occur in an Active Directory environment that do not generate an alert; however, they still require periodic attention. The Active Directory Management Pack generates reports that display data over time and present patterns that indicate problems. Review these reports often to resolve issues before they generate alerts.

You can perform daily, weekly, and monthly operations as specified in this section. However, it is recommended that you adjust the frequency of these operations to meet the needs of your particular environment.

On This Page

Daily Operations
Weekly Operations
Monthly Operations
Other Common Active Directory Management Pack Operations

Daily Operations

On a daily basis, perform the following operations:

  • Review all open alerts.

  • Verify that all domain controllers are communicating with the MOM console.

Reviewing All Open Alerts

Triage all new alerts in the following order of priority:

  • Critical Errors

  • Alerts with a source name that begins with “AD,” such as AD Op Master Response, AD Essential Services, and AD Replication Monitoring

  • Errors, Warnings

  • Informational alerts (optional)

Not all problems can be repaired in one day or less. Commonly, parts must be ordered or computers must be scheduled for reboot, and so forth. It is important that you follow up on these open alerts to make sure that they are addressed in a timely manner.

To review open alerts

  1. Open the Microsoft Operations Manager 2005 Operator console, and then view all alerts that have been generated in the last 24 hours.

  2. Address alerts in their order of severity (Critical Errors, Errors, Warnings, and Informational alerts). Each alert includes knowledge that provides additional information to help you resolve the alert.

Verifying That All Domain Controllers Are Communicating with the MOM Console

Any communication failure between the domain controllers and the monitoring infrastructure prevents you from receiving alerts so that you can examine and resolve them.

To verify that domain controllers are communicating with the MOM console

  1. Open the MOM 2005 Administrator console, double-click Administration, double-click Computers, and then click Agent-managed Computers.

  2. In the right pane, click the Last Contacted column heading.Clicking Last Contacted sorts the computers based on their last contact time. If the last contact time is greater than five minutes, investigate why the computer is not communicating with MOM. For more information about how to determine why computers are not communicating with MOM, see the MOM 2005 Deployment Guide on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=33536.

Weekly Operations

In addition to the operations that you perform daily, review the following reports weekly:

  • AD Domain Changes

  • DC Disk Space

  • AD Replication Latency Report

  • AD SAM Account Errors

Monthly Operations

In addition to the operations that you perform on a daily and weekly basis, review the reports in the following categories monthly:

  • Active Directory Reports:

    • DC Replication Bandwidth

    • AD Machine Account Authentication Failures

    • AD Domain Controllers

  • Operational Health Analysis Reports:

    • Most Common Alerts by Rule Group

    • Most Common Events by Computer

Review other reports as appropriate for your installation.

Other Common Active Directory Management Pack Operations

Managing the Active Directory Management Pack might require you to perform some operations on an as-needed basis. As they are needed, perform the following operations:

  • Clean up objects.

  • Configure alert suppression.

  • Enable the Active Directory Management Pack Client Pack.

Cleaning Up Objects

After you remove a domain controller that you no longer want to monitor from the Active Directory Management Pack, you need to clean up the object that is left behind.

To clean up objects after removing a domain controller from the Active Directory Management Pack

  1. Click Start, click Run, and then type adsiedit.msc.

  2. In ADSI Edit, double-click Domain [ computername ], and then double-click DC= domainname ,DC=com.

  3. Double-click CN=MOMLatencyMonitors, and then locate the object for the domain controller that you want to delete. (If CN=MOMLatencyMonitors does not exist, proceed to step 5).

  4. Right-click the object, and then click Delete.

  5. Double-click Configuration [ computername ], and then double-click CN=Configuration,DC= domainname ,DC=com.

  6. Double-click CN=MOMLatencyMonitors, and then locate the object for the domain controller that you want to delete. (If CN=MOMLatencyMonitors does not exist, proceed to step 8).

  7. Right-click the object, and then click Delete.

  8. If the domain controller that you deleted was a DNS server or if it held other application directory partitions, connect to the appropriate application directory partition.

  9. In the left pane, double-click the appropriate application directory partition.

  10. Double-click CN=MOMLatencyMonitors, and then locate the object for the domain controller that you want to delete.

  11. Right-click the object, and then click Delete.

  12. Repeat steps 9, 10, and 11 to delete the object in all other application directory partitions that were held by that domain controller (for Windows Server 2003 only).For more information about ADSI Edit, see Adsiedit.msc: ADSI Edit on the Microsoft Web site at https://go.microsoft.com/fwlink/?LinkId=33544.

Configuring Alert Suppression

Alert suppression runs on a MOM Server and prevents duplicate alerts from appearing in the MOM Operator console and the MOM database. To be considered a duplicate alert, one or more fields checked on the Alert Suppression tab of a rule's properties must be identical to the fields set on a previous, unresolved alert.

A rule's alert suppression policy is configured and enabled by default, but you can customize it for specific scenarios. For example, for most rules, the Computer and Domain alert fields are checked by default, which means that any alert generated by this rule is suppressed, provided that the alert was generated on the same computer. If all alert suppression fields are unchecked, but the Suppress duplicate alerts check box is selected, then only a single alert is generated no matter how many computers have generated the alert.

The following sequence of events illustrates how alert suppression works:

  1. A rule criteria match occurs on a managed node for a specific event. The rule generates an alert and the alert is sent to the MOM management server.

  2. A second rule criteria match occurs on the same managed node for the same event. The rule generates a second alert and the alert is sent to the MOM management server.

  3. The alert arrives on the MOM management server and the fields defined by the alert suppression policy are identical to those from the previous alert. The alert is suppressed and future instances of the same alert will continue to be suppressed until the original alert is resolved.

  4. The original alert is resolved.

  5. A rule criteria match occurs on a managed node for a specific event. The rule generates an alert and the alert is sent to the MOM management server. The cycle restarts.

Use the following procedure to change the suppression criteria for an alert.

To configure alert suppression

  1. In the MOM 2005 Administrator console, navigate to the rule for which you want to configure alert suppression.

  2. Right-click the rule name and then click Properties.

  3. Click the Alert Suppression tab and uncheck a field to allow a wider range of alerts to be suppressed, or check a field to narrow the range of alerts to be suppressed.

    For example, if you check the Computer field and leave the Domain field unchecked, the MOM server allows distinct alerts in instances where only one computer has experienced delayed replication, and allows unified alerts in instances where multiple computers in one domain have experienced delayed replication.

    Note

    Suppression only occurs if the alert fields selected are the same, therefore enabling more fields reduces the chances of alerts to be suppressed.

  4. Click OK.

Deploying the Active Directory Management Pack Client Pack

The Active Directory Management Pack Client Pack augments the server-side monitoring capabilities of the Active Directory Management Pack with a client-side view of Active Directory health.

To use the Client Pack, you must deploy the rules in the Active Directory Client Side Monitoring Rule Group. The rules in this rule group test the availability of Active Directory from a client perspective, for example, the availability of Active Directory from directory-enabled application servers.

Deploy this rule group manually in an environment where it is necessary (or desirable) to monitor the availability of domain controllers and Active Directory from a client perspective.

Note

Always use this rule group on or near servers running directory-enabled applications, such as Exchange 2000 Server and Exchange Server 2003, to ensure that global catalog servers and domain controllers are always available.

Each computer running the Active Directory Management Pack Client Pack can be configured to monitor only the domain controllers in which you are interested. By using the Active Directory Management Pack Client Pack, you can:

  • Monitor a specific list of domain controllers.

  • Monitor domain controllers in the client’s local site.

  • Monitor domain controllers in a list of specified sites.

  • Monitor all domain controllers in the client’s domain or in a specified list of domains.

The client computer determines whether the domain controllers are available by:

  • Pinging (using both ICMP and LDAP).

  • Performing a net use connection to the Sysvol share.

  • Performing LDAP binds.

  • Performing LDAP searches.

Thresholds can be specified for the LDAP binds and searches. If multiple consecutive failures (or binds or searches that exceed the specified thresholds) occur, an alert is generated.

In addition, the client computer also determines whether:

  • The client can contact a domain controller in its local site.

  • There are a sufficient number of global catalog servers available.

To deploy the Active Directory Management Pack Client Pack

  1. In the MOM 2005 Administrator console, double-click Management Packs, and then double-click Computer Groups.

  2. Right-click Active Directory Client Side Monitoring and then click Properties.

  3. Click the Included Computers tab, and then click Add.

  4. Select the computers on which you want to deploy the Client Pack, and then click OK.

On each computer on which you have deployed the Client Pack, configure agent proxying settings by using the following procedure.

To configure agent proxying settings

  1. In the MOM 2005 Administrator console, double-click Administration, and then double-click Computers.

  2. Click Agent-Managed Computers.

  3. Right-click the domain controller on which you want to configure agent proxying settings, and then click Properties.

  4. Click the Security tab.

  5. Clear the Use global settings check box, and then clear the check box under Agent proxying.

For more information about configuring the Active Directory Management Pack Client Pack, in the MOM 2005 Administrator console see the configuration information in the Active Directory Client Side Monitoring Rule Group description.