Active Directory Monitoring

By: Phoummala Schmitt


Active directory, commonly known as AD, can be considered the heart of the IT infrastructure. It holds user account information, computers and servers, provides authentication and certificates. It even has tentacles into other application such as Exchange, Skype for Business, SharePoint and can provide SSO with Oracle. Polices within AD can even control remote access into corporate networks.

Like any application server that’s critical to your infrastructure you obviously want to monitor it and be alerted when something is wrong. If there’s an issue with active directory that means users are impacted. It can be as bad as not being able to log onto the network or not being able to get to any of the network resources such as file shares or email. A failure in AD can prevent users from logging into Skype for business or even applications that authenticate against AD. When AD is down users cannot log into the system, they can’t work, so forget about checking your email if you can’t even log into your computer.

 

Monitoring Active Directory Performance

Like Exchange Monitoring, AD Performance monitoring is vital because we need to know how the servers are performing. When the servers are slow that could impact the user experience just like an Exchange performance issue. When AD is having any bottlenecks it can impact all the tentacles that it reaches. Monitoring typical counters such as CPU, memory and disk activities is a start but you need to look at additional counters to give you more insight. There are specific counters for domain controller performance to monitor for issues. You will want to monitor the NTDS object and the database objects as well as replication.

A complete listing of all the counters to monitor can be found on TechNet’s site https://technet.microsoft.com/en-us/library/cc180912.aspx.

The following is a sample of which counters you can monitor to get a good view of the health of your Active Directory:

  • Processor\% Processor Time (_Total) – below 90% at all times –
  • System\Processor Queue Length – less than 2
  • Network Interface\Bytes Total/sec – For a 100-Mbps NIC, this counter should be below 6 MB/sec and For a 1000-Mbps NIC, this counter should be below 60 MB/sec
  • Network Interface\Packets Outbound Errors – should be 0
  • PhysicalDisk(NTDS Database Disk)\Average Disk sec/Read – below 20 ms and not above 50 ms for spikes
  • PhysicalDisk(NTDS Database Disk)\Average Disk sec/Write – below 20 ms and not above 50 ms for spikes
  • PhysicalDisk(NTDS Log Disk)\Average Disk sec/Read – below 10
  • PhysicalDisk(NTDS Log Disk)\Average Disk sec/Write – below 10 ms
  • PhysicalDisk(NTDS Database or Log Disks)\Average Disk Queue Length – The average value to be less than the number of spindles of the disk. Value can different
  • Memory\Available Mbytes (MB)- 50 MB free at all times
  • Memory\Pages/sec – below 1,000 at all times
  • DRA Inbound Bytes Total/Sec – shows total bytes received through replication per second. Low activity indicates that the network is slowing down replication.
  • Cache % Hit: This counter shows the percentage of database page requests handled by the cache. Low activity can indicate that the server has does not have enough physical memory.

You can test and monitor Active Directory replication using the following tools:

  • exe: This tool checks network connectivity and DNS consistency.
  • exe: This tool lets you view replication topology and force replication events between domain controllers.
  • exe: This tool performs several tests to check the status and health of a DC by verifying connectivity, replication, topology integrity, DC roles.
  • exe: This tool can be used to view the status and performance of directory replication, force synchronization between DCs, and view replication topology graphically.

Exchange and Active Directory

If you’re active directory is not healthy, exchange will know about it. Unhealthy AD impacts exchange. And we all know what happens when exchange is not happy.

These are specific key performance metrics on the Exchange Server to look at that can identify issues that affect exchange.

  • SMTP Server\Categorizer Queue Length – should not be greater than 10 – This shows how SMTP is processing LDAP lookups against global catalog servers. If the value is greater than 10 and is increasing this can point a slow global catalog servers. Keep in mind that this value can go slight high if large distribution lists are being expanded.
  • MSExchangeDSAccess Process\LDAP Read Time (for all processes) – This shows how long LDAP read request takes to be fulfilled. The average value is around 50ms and should not exceed 100ms.

MSExchangeDSAccess Process\LDAP Search Time (for all processes) – This counter shows LDAP search request takes to be fulfilled. Similar to the LDAP Read Time the average value is around 50ms and should not exceed 100ms.

This post was originally published on the SolarWinds IT Resource Center.