Monitor Active Directory

AD DS is one of the most important features of Windows Server 2008 and plays a very important role in the Windows network environment. Most organizations heavily depend on AD DS for communication and user management. The monitoring helps you to identify potential performance bottlenecks and ensure that all network servers are getting directory replication updates in a timely manner. It is therefore is very important to ensure the AD DS performance monitoring is meeting your business and networking goals.

Windows Server 2008 provides many monitoring tools such as Server Manager snap-in, Reliability and Performance Monitor snap-in, Microsoft Operations Manager or System Center Operations Manager, and command line tools such as repadmin.exe and Dcdiag.exe that are used to monitor AD replication.

By using a combination of the available tools, you can monitor many activities in Active Directory. The Reliability and Performance Monitor is a combination of reliability monitor and performance monitor. It allows you to monitor server performance in real time and determine how fast the server accomplishes the given tasks. Besides, it allows you to monitor hardware and application performance and create threshold alerts and performance reports.

It allows you to view the real-time hardware information such as CPU, Disk, Network, and Memory usage can be quickly viewed on the server. You can add counters such as the percent processor time. The Real-time counters allows you to find out how each of the resources is affected by demand on the server from things such as user access, processes running on the server, and resources served to users. Many of these counters can be used to determine current workloads. The AD performance indicators and statistics are useful in determining AD’s workload capacity.

Window Server 2008 have also introduced Data Collector Sets in the performance monitor, which allows you to a create data set containing performance counters. The custom data set you can configure alert activities when the performance counters reach threshold values.

The Reliability monitor allows you to measure of how often the server performs exactly the way you expect it to perform in relation to its configuration. It allows you to find out the performance of the server in terms of both hardware and software. It provides a System Stability chart that allows you to quickly view specific information about hardware, application, and Windows failures. It mainly relates to the server configuration rather than hardware configuration

You can click on the CPU, Disk, Network, and Memory containers to find out how much resources each individual process is consuming. You can see an example of this in Figure 6-5:

Figure 6-5

As mentioned above, the AD DS monitoring also include monitoring AD DS replication performance. The AD DS replication monitoring allows you to troubleshoot problems, optimize replication, and provide ongoing support. The replication monitoring requires the monitoring of various variables related to replication such as: Intrasite versus Intersite replication, the compression used, available bandwidth, and inbound versus outbound replication traffic.

The performance counters available for AD replication monitoring are located within the Directory Services object and are prefixed with DRA (Directory Replication Agent). The two tools that can be used for the reporting and the replication are Replication Diagnostic tool (Repadmin.exe) and Directory Server Diagnosis tool (Dcdiag.exe).

The Repadmin allows you to diagnose Active Directory replication problems between the Windows domain controllers, display replication partners for a domain controller, display connection objects for a domain controller, and display metadata about an object, its attributes, and replication. This tool can be used to create and view the replication topology. It also allows you to monitor the relative health of an AD DS forest.

The repadmin command can be run from an elevated command prompt. The syntax for repadmin is:

repadmin <cmd> <args> [/u:{domain\user}] [/pw:{password | *}]
[/retry[:<retries>][:<delay>]] [/csv]

The Dcdiag.exe performs a number of tests and reports on the overall health of replication and security for AD DS.