PATROL KM for Microsoft Windows Active Directory Remote Monitoring

The PATROL Knowledge Module (KM) for Microsoft Windows Active Directory Remote Monitoring product provides remote enterprise monitoring of Active Directory objects. The Active Directory is the core feature of distributed systems in Microsoft Windows Servers.

The primary focus of PATROL KM for Microsoft Windows AD Remote Monitoring is to monitor remote sites, domain controllers in those sites, and FSMO roles from member servers of a domain in the network.

For a brief description of product features, see the sections that follow. For information about descriptions of the application classes and parameters, see Monitor types and attributes.


FSMO monitoring

PATROL KM for Microsoft Windows AD Remote Monitoring monitors both the forest-wide and domain-wide Flexible Single Master Operation (FSMO) roles.

Active Directory supports multi-master replication of the directory data between all domain controllers in the domain. This model takes domain configuration changes made at any domain controller in the domain and automatically propagates those changes to each of the domain controllers in the domain.

However, some changes do not lend themselves to a multi-master environment. One domain controller, the operations master, accepts requests for such changes. The operations master roles can be moved between domain controllers within the domain and are referred to as Flexible Single Master Operation (FSMO) roles. In any Active Directory forest, there are five FSMO roles that are assigned to one or more domain controller. Some FSMO roles must appear in every forest, while other roles must appear in every domain within the forest.

The following operations master roles must appear in every forest:

  • Schema master
  • Domain naming master

The following operations master roles must appear in every domain:

  • Relative ID master
  • Infrastructure master
  • Primary domain controller (PDC) emulator

Note

Domain controllers and the client must be able to locate and establish an LDAP connection with the FSMO role holders.

LDAP monitoring

Lightweight Directory Access Protocol (LDAP) is monitored locally at the managed node. LDAP response time is measured as the amount of time required to establish an LDAP connection to a domain controller. Longerconnecttimes might indicate a heavily loaded domain controller. To eliminate network latency, the response time for performing an LDAP bind operation is measured on the domain controller being tested.

DNS name registration

This product monitors the Domain Name System (DNS) for the following records:

  • A DNS address record (A record) that matches the IP address of the domain controller and is registered with the DNS server.
  • A DNS LDAP service location (SRV) record that matches the host name of the domain controller and is registered with the DNS server.
    To obtain information about this record, the KM sends the following query to the default DNS server: ldap._tcp.dc._msdcs. _fullyQualifiedDomainName.
  • A global catalog LDAP SRV record that matches the host name of the global catalog for the domain controller and is registered with the domain controller.
    To obtain information about this record, the KM sends the following query to the default DNS server: ldap._tcp.dc._msdcs. _fullyQualifiedForestRootDomainName.

Sites and domain controller

This product monitors sites and domain controllers from a member server machine of the domain in which it resides. It monitors all the sites of the domain or any specific site in the global catalog for the site. It also monitors values of site domain controllers. The domain controller monitoring checks the connectivity and the response time to the server using LDAP bind.