Any large enterprise that uses a Windows environment uses Microsoft Active Directory (AD). With just a single sign-on, users can basically access their computers, group accounts, emails, VPN network, share drives, etc.

 

Now, there are issues when it comes to monitoring and managing your AD, linked to users, IT admins, hardware, and applications. Some of the most common AD issues you may encounter include:

Domain Controller: When a drive that contains the New Technology Directory Service (NTDS) files runs out of disk space, the domain controller stops working. This ultimately results in user authentication and access failure. In turn, this leads to applications failing when they are queried against AD.

Log-on: The computer may not authenticate users and services if there is a log-on failure. This restrains the domain controller from registering Domain Name System (DNS) records. It is important to maintain a secure channel between computers and the domain controllers.

Replication: User files and folders can get locked if they are not synchronized with the file servers that use file replication services. If shared folders do not replicate properly, group policy objects and other security policy objects may not be applied to the client systems.

User Account: Users can get locked out of their accounts if the Primary Domain Controller (PDC) emulator is unavailable or if several domain controllers experience a replication failure.

 

7 Metrics for AD Monitoring

To proactively detect performance issues, here are 7 key metrics you want to consider monitoring within your Active Directory domain.

1. Directory Services: Monitoring directory services are critical to ensure addresses, email, and phone contacts are always in sync.

2. Domain Controllers: Monitoring domain controllers will let you know whether the CPU usage has reached its threshold, whether a user account is locked out, or in case there is a log-on issue. Set thresholds and monitor the drive that contains NTDS files; monitoring this prevents the drive from running out of disk space and prevents the domain controller from not functioning.

3. Service Outages: All new alerts in each domain controller have to be monitored on an on-going basis to avoid any type of service outage. This could be within DNS servers and clients, servers and workstations, distributed file systems, intersite messaging, etc.

4. Lightweight Directory Access Protocol (LDAP) Client Sessions: Monitoring NTDS object counter will indicate the number of clients connected to an LDAP session. It also provides statistics on other performances such as speed and response times of particular sessions.

5. Mission Critical Processes: Monitor critical processes to check whether the system/server is able to handle all processing requests.

6. Replication: Monitoring replication shows if there is a failure on a replication link or if there is an issue with the network leading to slow replication rates between websites.

7. Reporting: Generate reports to gain visibility into critical processes in order to consistently monitor the frequent services and alerts that go down over a period of time. Reporting may also include authentication for failed log-ins, number of logged in users for a given period, etc.

 

SAM_5-0_DIRECTORY SERVER & LDAP MONITORING_Base_EN.png

 

Server management software helps you keep a close eye on directories and services in your AD. Working continuously and proactively, server management software will alert you to warnings or critical malfunctions inside AD, its servers, services, directories, and applications. Be sure your AD domain is well covered at all times, with the help of powerful server and application monitoring software.