How to monitoring Active Directory

8 Settembre 2014 SnetAdmin Comments Off

How to Monitoring Microsoft Active Directory

Microsoft Active Directory is used to share user list, provide single sign on and other central features in large Microsoft based workstation and server networks. Active Directory is Microsoft’s implementation of existing business standards such as LDAP, Kerberos and DNS. The purpose of this article is describing how op5 Monitor can be used to monitor these core features of an Active Directory and make sure that notifications are sent about common errors.

Prerequisites

To be able to complete this how-to you will need the following files:

Info The scripts are not officially supported by op5 Support, but we will help you as good as we can.

This will be done

The suggested configuration components for monitoring Active Directory are:

Basic checks for each domain controller
Advanced checks for each domain controller
Service group called Active Directory that contains all services for your domain controllers.

Prepare NSClient

Copy the two files to C:\Program Files\op5\nsclient++\scripts
Add the following rows to the file C:\Program Files\op5\nsclient++\custom.ini
[NRPE Handlers]
check_ad=cscript.exe //T:30 //NoLogo scripts\check_ad.vbs
check_ad_fsmo=cscript.exe //T:30 //NoLogo scripts\pluginscheck_ad_time.vbs” example.com “$ARG1$”
Save the file
Restart the NSClient++ service

Check commands

Add the required check-commands, if they don’t already exist in your configuration, add dem via: (‘Configure’ -> ‘Check Commands’ -> ‘New command’)

Basic commands:

command_name	command_line
*check_ad_time	$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_ad_time -a $ARG1$
check_nt_service	$USER1$/check_nt -H $HOSTADDRESS$ -p 1248 -v SERVICESTATE -l “$ARG1$”
check_ad_ldap	$USER1$/check_ldap -H $HOSTADDRESS$ -b $ARG1$ -w 5 -c 45 -D $ARG2$ -P $ARG3$
check_ad_dns	$USER1$/check_dig -H $HOSTADDRESS$ -l $ARG1$ -a $ARG2$

Advanced commands:

command_name	command_line
*check_ad_dcdiag_dc	$USER1$/check_nrpe -H $HOSTADDRESS$ -c check_ad
**check_ad_kerberos_authentication	$USER1$/check_nt -H $HOSTADDRESS$ -v COUNTER -l “NTDSKerberos Authentications”,”Kerberos Authentications %d times/sec” -w $ARG1$ -c $ARG2$

Info

* Require changes to NSC.ini, see section below.

** This is just one example of performance counters you might want to monitor, for a full list we sugest you take a look at Microsoft own reference list.

Short list of counters we think is good to monitor:

“NTDSKerberos Authentications”,”Kerberos Authentications %d times/sec”
“NTDSLDAP Bind Time”,”LDAP Bind Time %.2f ms”
“NTDSLDAP Client Sessions”,”LDAP Client Sessions: %d”
“NTDSNTLM Authentications”,”NTLM Authentications %d times/sec”

Add the required services

Go to ‘Configure’ -> ‘Host: ‘ -> ‘Go’ -> ‘Services for host ‘ -> ‘Add new service’ -> ‘Go’

Add the following services (Arguments are just examples, you need to adjust them to suite your environment).

service_description	check_command	check_commands_args
AD: Domain Time	check_ad_time	0.5
AD: Services	check_nt_service	W32Time,Dnscache,IsmServ,kdc,SamSs,lanmanserver,lanmanworkstation,RpcSs,Netlogon
AD: LDAP	check_ad_ldap	dc=example,dc=com!monitoruser@example.com!mysecretpassword
AD: DNS	check_ad_dns	example.com!
AD: DCdiag dc	check_ad_dcdiag_dc	N/A
AD: DCdiag member	check_ad_dcdiag_member	N/A
AD: FSMO Roles	check_ad_fsmo	All (Valid options: All, Schema, Domain, PDC, RID, Infrastructure)
AD: Kerberos Authentications	check_ad_kerberos_authentication	3!4

Use the “Test this service” botton for the services to see if they work. Once the are correct and working as they should you may add the services to all of your domain controllers with the clone-function.

Configuring the service group

Configuring a service group is not necessary for tde monitoring to work, but it will be easier to display tde current status on tde Active Directory – for instance for help desk staff.

	From Configure, select Service Groups and add a new service group.
	Enter a service name and a description (alias) tdat is suitable for your organization.
	Hold down tde Control key and select tde services you wish to include – preferably tde services you added in tdis How-To, and some otder important services for tde domain controllers:
		CPU
		Load
		Disk usage
		Mem usage
		PING
		Swap usage
		Uptime
	Move tde selected services to tde selected list.
	Click on “Apply Changes” and tden “Save”.

How To (12)
nagios (3)
News (10)
op5 (4)
Referenze (1)
scrutinizer (2)
Senza categoria (1)
Zero Zero Toner (1)

Aprile 2024
L	M	M	G	V	S	D
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Sempre abilitato

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Durata	Descrizione
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

How to monitoring Active Directory

How to Monitoring Microsoft Active Directory

Prerequisites

This will be done

Prepare NSClient

Check commands

Add the required services

Configuring the service group

Articoli recenti

Categorie

Recent Posts

Ciao mondo!

Improving Your Technology

Apply These 5 Secret Techniques

Calendar