The PATROL Knowledge Module for Microsoft Windows Active Directory lets you monitor and analyze your Microsoft Windows Active Directory environments. Whether you choose to monitor and analyze one environment or many, PATROL KM for Microsoft Windows Active Directory helps you
- Detect and notify if Microsoft Windows Active Directory generates errors or performs slowly
- Monitor performance of system resources
- Plan for capacity and availability
- Monitor all domain controllers within a site
- Monitor all domain controllers between sites
- Anticipate and eliminate problems before they become apparent to users of the monitored Active Directory environments
For a brief description of product features, see the sections that follow. For information about descriptions of the application classes and parameters, see Monitor types or application classes.
Managed systems
PATROL KM for Microsoft Windows Active Directory monitors the performance of managed systems in a Microsoft Windows Active Directory environment. A PATROL KM for Microsoft Windows Active Directory managed system is a Windows domain controller onto which PATROL for Windows Servers has been installed.
A managed system provides a view of its Microsoft Windows Active Directory environment. Each managed system is responsible for monitoring Microsoft Windows Active Directory's key indicators that are required to ensure and maintain the consistency of the Directory data and the desired level of service throughout the Microsoft Windows Active Directory forest.
Replication monitoring
PATROL KM for Microsoft Windows Active Directory monitors the Microsoft Windows Active Directory replication for errors and latency (to verify that replication occurs within a reasonable time), both within a site (intrasite) and between sites (intersite) in the configuration naming context and/or the domain context of the current domain controller.
Directory replication is monitored at each managed system (domain controller). This functionality includes monitoring basic replication by creating synthetic transactions and verifying the replication of those transactions.
Intrasite replication monitoring
PATROL KM for Microsoft Windows Active Directory monitors the replication status of the domain controller upon which it is installed. It determines whether updates from each domain controller within the site have been replicated successfully and in a timely manner.
Intersite replication monitoring
Intersite replication monitoring verifies that Microsoft Windows Active Directory updates are successfully distributed between sites. Each bridgehead server in a site is checked to determine if Microsoft Windows Active Directory updates from other sites have been successfully replicated to the bridgehead server. The intersite replication interval is automatically determined at each collection; it requires no configuration. However, if you want, you can override the automatic replication interval determination, on a site-by-site basis, by configuring the configuration database (pconfig ) variable, /ActiveDirectory/Configuration/ <site>/IntersiteReplicationSchedule.
Replication collisions monitoring
PATROL KM for Microsoft Windows Active Directory enables users to configure the Active Directory object types that should be monitored for replication collisions. The AD_AD_CNF application class monitors replication collisions that occur during replication when an object with the same Relative Distinguished name is created in the same container on two or more different domain controllers.
Replication health monitoring
PATROL KM for Microsoft Windows Active Directory monitors the performance of Active Directory replication for the local server. The AD_AD_REPLICATION application class monitors this activity.
FSMO monitoring
PATROL KM for Microsoft Windows Active Directory monitors the availability of the forest-wide and domain-wide flexible single master operations (FSMO) roles.
FSMO role connectivity monitoring
PATROL KM for Microsoft Windows Active Directory monitors the connectivity status of each of the five FSMO role holders from a domain controller. The AD_AD_FSMO_ROLE_CONNECTIVITY application class monitors the domain controllers ability to locate and establish an LDAP connection with the FSMO role holder.
FSMO role placement monitoring
PATROL KM for Microsoft Windows Active Directory monitors the placement of Active Directory FSMO roles in the domain and forest. The AD_AD_FSMO_ROLE_PLACEMENT application class monitors the placement of these roles.
LDAP monitoring
PATROL KM for Microsoft Windows Active Directory monitors Lightweight Directory Access Protocol (LDAP) locally at each monitored system for connection availability and response time. The AD_AD_LDAP application class monitors the performance of these LDAP requests.
SAM monitoring
PATROL KM for Microsoft Windows Active Directory monitors the Security Account Manager (SAM). SAM provides legacy NT authentication support. The AD_AD_SAM application class monitors these security requests. By default, SAM monitoring is inactive.
Address book monitoring
PATROL KM for Microsoft Windows Active Directory monitors the performance of Address Book requests made against the Microsoft Windows Active Directory server. The AD_AD_ADDRESS_BOOK application class monitors these requests. By default, Address book monitoring is inactive.
Authentication monitoring
PATROL KM for Microsoft Windows Active Directory monitors Kerberos and NTLM authentication requests made against the Microsoft Windows Active Directory server. The AD_AD_AUTHENTICATION application class monitors these requests.
Domain Naming Service monitoring
PATROL KM for Microsoft Windows Active Directory verifies and monitors various DNS record data for the Microsoft Windows Active Directory server. The AD_AD_DNS application class monitors the DNS specific information.
File Replication Service monitoring
PATROL KM for Microsoft Windows Active Directory monitors various aspects of file replication service health. The AD_AD_FRS application class monitors the FRS specific information.
Group policy monitoring
PATROL KM for Microsoft Windows Active Directory detects when a user account in one or more Group Policy Objects (GPO) cannot be resolved to a security identifier (SID). The AD_AD_GPO application class reports this condition.
Lost and found objects monitoring
PATROL KM for Microsoft Windows Active Directory monitors for the presence of objects in the LostAndFound container in the domain naming context of the domain controller. The AD_AD_LOST_AND_FOUND_OBJECTS application class monitors for lost and found objects.
Event monitoring
To measure the overall health of the domain controllers, PATROL KM for Microsoft Windows Active Directory configures the PATROL KM for Microsoft Windows OS to monitor various events pertaining to
- DNS name registration
- Core Active Directory service
- File replication service and group policy
- Time synchronization service
- Kerberos
- Netlogon
Events monitored by parameters
Some parameters now monitor specific Active Directory events. See the Help for the PATROL KM for Window Active Directory for information about these parameters.
Events monitored for specific areas of failure
The following tables contain event information that is classified by specific areas of failure.
DNS name registration
To identify failures with the DNS name registration, PATROL KM for Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information, as shown in the following table:
Monitored events - DNS name registration
Event Log | Source | Event | Significance |
|---|---|---|---|
System | DNSAPI | 11154, 11166 | domain controller does not have rights to perform a secure dynamic update. |
System | DNSAPI | 11150, 11162 | DNS server timed out |
System | DNSAPI | 11152, 11153, 11164, 11165 | Zone or currently-connected DNS server does not support dynamic update. |
System | DNSAPI | 11151,11155, 11163, 11167 | A resource record for the domain controller is not registered in DNS. |
System | NETLOGON | 5773 | DNS locator record is not registered because the primary DNS server does not support dynamic update. |
System | NETLOGON | 5774 | A DNS domain controller locator record is not registered. |
Core Active Directory service
To identify failures with the core Active Directory service, PATROL KM for Microsoft Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information, as shown in the following table:
Core Active Directory service monitored events
Event Log | Source | Event | Significance |
|---|---|---|---|
Directory Service | all sources | Severity = error | primary error events for Active Directory |
System | LSASS | Severity = error | Local security authority is the core security subsystem for Active Directory. |
File replication service and group policy
To identify failures with the file replication service and group policy, PATROL KM for Microsoft Windows Active Directory configures PATROL KM for Microsoft Windows OS to obtain event information, as shown in the following table:
File replication service/group policy monitored events
Event log | Source | Event | Significance |
|---|---|---|---|
FRS | all sources | Severity = error | Synchronizes policy between all domain controllers in the forest. |
Application | USERENV | Severity = error User = System | Applies group policy and profiles on domain controllers. |
Application | SCECLI | Severity = error | Security Configuration Engine error messages |
Time synchronization service
To identify events that might indicate problems maintaining uniform time in the Active Directory forest, PATROL KM for Microsoft Windows Active Directory monitors the events shown in the following table:
Time synchronization service monitored events
Event log | Source | Event | Significance |
|---|---|---|---|
System | W32TIME | Severity = error Severity = warning | Problem maintaining uniform time throughout the Microsoft Windows Active Directory forest |
Kerberos
To identify events that many indicate problems with Kerberos, the default authentication protocol, PATROL KM for Microsoft Windows Active Directory monitors the event shown in the following table:
Kerberos monitored events
Event Log | Source | Event | Significance |
|---|---|---|---|
System | KDC | Severity = error | Critical Kerberos Distribution Center service error messages |
Net Logon
To identify events that might indicate problems with Net Logon service and protocol, which is required for proper domain controller functionality, PATROL KM for Microsoft Windows Active Directory monitors the events shown in the following table:
Netlogon monitored events
Event log | Source | Event | Significance |
|---|---|---|---|
System | NETLOGON | Severity = error 5705, 5723 | Critical NETLOGON service errors |
Overview
Content Tools
Apps
Reporter Replacement
com.bmc.atlassian.bmc-util-plugin-2.section.label
Tasks