Home > Monitoring Solutions : Active Directory

EMAIL

PRINT


 

Monitor Microsoft Active Directory for higher performance and availability with WildMetrix™

Maximize Active Directory performance, availability, and reliability with WildMetrix Active Directory monitoring solutions. 
With WildMetrix for Active Directory, administrators can easily view and diagnose issues within an organization’s Active Directory. Pre-configured dashboards, data help, and problem resolution enable administrators to detect, diagnose, and resolve problems with Active Directory before they impact clients.

 Benefits of Monitoring Microsoft Active Directory with WildMetrix

  • Helps administrators detect problems in their Active Directory architecture
  • Quickly diagnose exactly where and what the problems are
  • Resolves the problems from a single easy-to-use interface
  • Gain understanding of entire Domain Controller system inside and out

Request a Demo or Get Evaluation Software
 
Monitoring
Monitoring Active Directory complexity requires continually looking at all elements involved to know and understand if health and performance is optimal. Each Active Directory aspect is important including:
  • AD Store
  • Process Utilization
  • Services states and events
  • Eventlog Errors, Warnings, and Informational Events
  • Dependent Infrastructure Performance
Customizable Microsoft Active Directory Dashboards
Live performance dashboards give you the performance metrics,  and events of Microsoft Active Directory in a single view with quick link access to powerful analytical charting. Dashboards include:
  • Active Directory Server Diagnostics
  • DHCP Server Diagnostics
  • DNS Server Diagnostics
Powerful Analytics

  		The tools make the difference when finding the root-cause of performance bottlenecks, application faults, and performing trend analysis. Analytical Charting features include:
  • Correlation of Live or Historical Data
  • Drill-Down, Zoom, and Statistic Lines
  • OpenGL 3D Surface Analysis
  • Live, Second, Minute, Hourly, and Monthly Data Periods
Powerful Monitoring Solutions
Deployment of pre-built monitoring solutions is as simple as Drag-n-Drop. Policies are customizable by adding performance counters and setting your desired collection and retention intervals as well as alerting rules.
The monitoring policy includes:
(click nodes to drill down)  
WildMetrix Monitoring Policies
  Microsoft Active Directory
  Database
  \Database()\Database Cache % Hit
 
  Database Cache % Hit is the percentage of database file page requests that were fulfilled by the database cache without causing a file operation. If this percentage is too low, the database cache size may be too small.
  \Database()\Database Cache Size
 
  Database Cache Size is the amount of system memory used by the database cache manager to hold commonly used information from the database file(s) to prevent file operations. If the database cache size seems to be too small for optimal performance and there is very little available memory on the system (see Memory/Available Bytes), adding more memory to the system may increase performance. If there is a lot of available memory on the system and the database cache size is not growing beyond a certain point, the database cache size may be capped at an artificially low limit. Increasing this limit may increase performance.
  \Database()\Database Page Faults/sec
 
  Database Page Faults/sec is the rate that database file page requests require the database cache manager to allocate a new page from the database cache.
  \Database()\I/O Database Reads/sec
 
  I/O Database Reads/sec is the rate of database read operations completed.
  \Database()\I/O Database Writes/sec
 
  I/O Database Writes/sec is the rate of database write operations completed.
  \Database()\I/O Log Reads/sec
 
  I/O Log Reads/sec is the rate of logfile read operations completed.
  \Database()\I/O Log Writes/sec
 
  I/O Log Writes/sec is the rate of logfile write operations completed.
  \Database()\Log Record Stalls/sec
 
  Log Record Stalls/sec is the number of log records that cannot be added to the log buffers per second because they are full. If this counter is non-zero most of the time, the log buffer size may be a bottleneck.
  \Database()\Log Threads Waiting
 
  Log Threads Waiting is the number of threads waiting for their data to be written to the log in order to complete an update of the database. If this number is too high, the log may be a bottleneck.
  DHCP Server
  \DHCP Server\Acks/sec
 
  Rate of DHCP Acks sent by the DHCP server. The number of DHCP acknowledgment messages (DHCPACKs) sent per second by the DHCP server to clients. A sudden or unusual increase in this number indicates that a large number of clients are being renewed by the DHCP server. This might indicate that scope lease durations are too short.
  \DHCP Server\Active Queue Length
 
  The Number of packets in the processing queue of the DHCP server. The current length of the internal message queue of the DHCP server. This number equals the number of unprocessed messages received by the server. A large number might indicate heavy server traffic.
  \DHCP Server\Conflict Check Queue Length
 
  The Number of packets in the DHCP server queue waiting on conflict detection (ping). The current length of the conflict check queue for the DHCP server. This queue holds messages without responses while the DHCP server performs address conflict detection. A large value here might indicate that Conflict Detection Attempts has been set too high or that there is unusually heavy lease traffic at the server.
  \DHCP Server\Declines/sec
 
  Rate of DHCP Declines received by the DHCP server. The number of DHCP decline messages (DHCPDECLINEs) received per second by the DHCP server from clients. A high value indicates that several clients have found their address to be in conflict, possibly indicating network trouble. In this situation, it can help to enable conflict detection on the DHCP server. This should only be used temporarily. Once the situation returns to normal, it should be turned off.
  \DHCP Server\Discovers/sec
 
  Rate of DHCP Discovers received by the DHCP server. The number of DHCP discover messages (DHCPDISCOVERs) received per second by the server. These messages are sent by clients when they start on the network and obtain a new address lease. A sudden or unusual increase indicates a large number of clients are attempting to initialize and obtain an IP address lease from the server, such as when a number of client computers are started at any given time.
  \DHCP Server\Duplicates Dropped/sec
 
  Duplicates Dropped/sec is the rate at which the DHCP server received duplicate packets. The number of duplicated packets per second dropped by the DHCP server. This number can be affected by multiple DHCP relay agents or network interfaces forwarding the same packet to the server. A large number here indicates that either clients are probably timing out too fast or the server is not responding fast enough.
  \DHCP Server\Informs/sec
 
  Rate of DHCP Informs received by the DHCP server. The number of DHCP information messages (DHCPINFORMs) received per second by the DHCP server. DHCP inform messages are used when the DHCP server queries for the directory service for the enterprise root and when dynamic updates are being done on behalf of clients by the server.
  \DHCP Server\Milliseconds per packet (Avg).
 
  The average time per packet taken by the DHCP server to send a response. The average time in milliseconds used by the DHCP server to process each packet it receives. This number can vary depending on the server hardware and its I/O subsystem. A sudden or unusual increase might indicate a problem, either with the I/O subsystem becoming slower or because of an intrinsic processing overhead on the server computer.
  \DHCP Server\Nacks/sec
 
  Rate of DHCP Nacks sent by the DHCP server. The number of DHCP negative acknowledgment messages (DHCPNAKs) sent per second by the DHCP server to clients. A very high value might indicate potential network trouble in the form of misconfiguration of either the server or clients. When servers are misconfigured, one possible cause is a deactivated scope. For clients, a very high value could be caused by computers moving between subnets, such as laptop portables or other mobile devices.
  \DHCP Server\Offers/sec
 
  Rate of DHCP Offers sent out by the DHCP server. The number of DHCP offer messages (DHCPOFFERs) sent per second by the DHCP server to clients. A sudden or unusual increase in this number indicates heavy traffic on the server.
  \DHCP Server\Packets Expired/sec
 
  Packets Expired/sec is the rate at which packets get expired in the DHCP server message queue. The number of packets per second that expire and are dropped by the DHCP server. When a DHCP-related message packet is internally queued for 30 seconds or more, it is determined to be stale and expired by the server. A large number here indicates that the server is either taking too long to process some packets while other packets are queued and becoming stale, or traffic on the network is too high for the server to manage.
  \DHCP Server\Packets Received/sec
 
  Packets Received/sec is the rate at which packets are received by the DHCP server. The number of message packets received per second by the DHCP server. A large number indicates heavy DHCP-related message traffic to the server.
  \DHCP Server\Releases/sec
 
  Rate of DHCP Releases received by the DHCP server. The number of DHCP release messages (DHCPRELEASEs) received per second by the DHCP server from clients. This number only exists if a DHCP client sends a release to the server. This can occur manually, such as when the ipconfig command is used at the client computer. Release messages can also be sent by the client if it is configured with the "Release DHCP lease on shutdown" option. Because clients rarely release their address, the value of this counter remains low for many DHCP network configurations.
  \DHCP Server\Requests/sec
 
  Rate of DHCP Requests received by the DHCP server. The number of DHCP request messages (DHCPREQUESTs) received per second by the DHCP server from clients. A sudden or unusual increase in this number indicates a large number of clients trying to renew their leases with the DHCP server. This might indicate that scope lease durations are too short.
  \Extended:Server\EventLog
 
  The EventLog extended counter is a real-time provider of event log data. The counter captures all events from the event logs.
 
  Notify when a DHCP client fails to obtain an IP lease from a DHCP server
 
  Notify when a DHCP client fails to renew its lease from a DHCP server
 
  Notify when a DHCP server runs out of available IP addresses
  \Extended:Server\ServiceLog
 
  The ServiceLog extended counter is a query to check for status changes of registered services. Status changes include Running, Stopping, Stopped, and Starting.
 
  DHCP Server Service Started
 
  DHCP Server Service Stopped
  \Process(tcpsvcs)\% Processor Time
 
  % Processor Time is the percentage of elapsed time that all of the threads of this process used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count. On Multi-processor machines the maximum value of the counter is 100 % times the number of processors.
  \Process(tcpsvcs)\Handle Count
 
  The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
  \Process(tcpsvcs)\IO Read Bytes/sec
 
  The rate at which the process is reading bytes from I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(tcpsvcs)\IO Write Bytes/sec
 
  The rate at which the process is writing bytes to I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(tcpsvcs)\Page Faults/sec
 
  Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
  \Process(tcpsvcs)\Private Bytes
 
  Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
  \Process(tcpsvcs)\Thread Count
 
  The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
  \Process(tcpsvcs)\Virtual Bytes
 
  Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
  \Process(tcpsvcs)\Working Set
 
  Working Set is the current number of bytes in the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before they leave main memory.
  DNS Server
  \DNS\Dynamic Update Queued
 
  Dynamic Update Queued is the total number of dynamic updates queued by the DNS server.
  \DNS\Dynamic Update Rejected
 
  Dynamic Update Rejected is the total number of dynamic updates rejected by the DNS server.
  \DNS\Dynamic Update Written to Database/sec
 
  Dynamic Update Written to Database/sec is the average number of dynamic updates written to the database by the DNS server in each second.
  \DNS\Notify Received
 
  Notify Received is the total number of notifies received by the secondary DNS server.
  \DNS\Notify Sent
 
  Notify Sent is the total number of notifies sent by the master DNS server.
  \DNS\Recursive Queries
 
  Recursive Queries is the total number of recursive queries received by DNS server.
  \DNS\Recursive Query Failure
 
  Recursive Query Failure is the total number of recursive query failures.
  \DNS\Recursive Query Failure/sec
 
  Recursive Query Failure/sec is the average number of recursive query failures in each second.
  \DNS\Recursive TimeOut/sec
 
  Recursive TimeOut/sec is the average number of recursive query sending timeouts in each second.
  \DNS\Total Query Received/sec
 
  Total Query Received/sec is the average number of queries received by DNS server in each second.
  \DNS\Total Response Sent/sec
 
  Total Response Sent/sec is the average number of reponses sent by DNS server in each second.
  \DNS\Zone Transfer Failure
 
  Zone Transfer Failure is the total number of failed zone transfers of the master DNS server.
  \Extended:Server\EventLog
 
  The EventLog extended counter is a real-time provider of event log data. The counter captures all events from the event logs.
 
  Bad DNS Zone Transfer
 
  DNS Boot File Problems
 
  DNS Database File Parsing Problems
 
  DNS Directive Problems
 
  DNS Domain Name Problems
 
  DNS File Loading Problems
 
  DNS General Database Load Problems
 
  DNS Registry Boot Problems
 
  DNS Resource Record Problems
 
  DNS RPC Initialization
 
  DNS Server has shutdown
 
  DNS Server has started
 
  DNS Server has timed out
 
  DNS Server is being updated
 
  DNS WINS + NBSTAT
 
  DNS Winsock/Interface Initialization
 
  DNS Zone has been shut down
  \Extended:Server\ServiceLog
 
  The ServiceLog extended counter is a query to check for status changes of registered services. Status changes include Running, Stopping, Stopped, and Starting.
 
  DNS Server has Started
 
  DNS Server has Stopped
  \Process(dns)\% Processor Time
 
  % Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
  \Process(dns)\Handle Count
 
  The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
  \Process(dns)\IO Read Bytes/sec
 
  The rate at which the process is reading bytes from I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(dns)\IO Write Bytes/sec
 
  The rate at which the process is writing bytes to I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(dns)\Page Faults/sec
 
  Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
  \Process(dns)\Private Bytes
 
  Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
  \Process(dns)\Thread Count
 
  The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
  \Process(dns)\Virtual Bytes
 
  Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
  \Process(dns)\Working Set
 
  Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.
  Logging
  \Extended:Server\EventLog
 
  The EventLog extended counter is a real-time provider of event log data. The counter captures all events from the event logs.
 
  Notify when Active Directory is started
 
  Notify when Active Directory is stopped
 
  Notify when NTDS database engine is started
 
  Notify when NTDS database engine is stopped
 
  Notify when NTDS Defragmentation is complete
 
  Notify when NTDS Defragmentation is started
  \Extended:Server\ServiceLog
 
  The ServiceLog extended counter is a query to check for status changes of registered services. Status changes include Running, Stopping, Stopped, and Starting.
 
  File Replication Service has Started
 
  File Replication Service has Stopped
 
  Kerberos Key Distribution Center has Started
 
  Kerberos Key Distribution Center has Stopped
  NTDS
  \NTDS\AB Client Sessions
 
  AB Client Sessions is the number of connected Address Book client sessions.
  \NTDS\DRA Highest USN Committed (High part)
 
  High-order 32 bits of the highest USN Issued on the DSA
 
  Highest USN Committed (High part)
  \NTDS\DRA Inbound Bytes Total/sec
 
  Number of DSA (Directory Service Agent) inbound bytes/sec
 
  High Number of DSA (Directory Service Agent) inbound bytes/sec
  \NTDS\DRA Inbound Object Updates Remaining in Packet
 
  Number of Active Directory Inbound Object Updates Remaining in Packet
 
  High Number of Active Directory Inbound Object Updates Remaining in Packet
  \NTDS\DRA Outbound Bytes Total/sec
 
  Number of DSA (Directory Service Agent) outbound bytes/sec.
 
  High Number of DSA (Directory Service Agent) outbound bytes
  \NTDS\DRA Pending Replication Synchronizations
 
  Number of Active Directory Pending Replications.
 
  High Number of Active Directory Pending Replications
  \NTDS\KDC AS Requests
 
  Number of AS requests serviced by the KDC per second. AS requests are used by client to obtain a ticket granting ticket.
 
  High Number of KDC AS Requests
  \NTDS\KDC TGS Requests
 
  Number of TGS requests serviced by the KDC per second. TGS requests are used by the client to obtain a ticket to a resource.
 
  High Number of KDC TGS Requests
  \NTDS\Kerberos Authentications
 
  Number of times per second that clients use a ticket to this DC to authenticate to this DC
 
  High Number of Kerberos Authentications
  \NTDS\LDAP Bind Time
 
  Time (in milliseconds) taken for last successful LDAP bind.
  \NTDS\LDAP Client Sessions
 
  Number of connected LDAP client sessions
 
  High Number of connected LDAP client sessions
  \NTDS\LDAP Searches/sec
 
  LDAP Searches/sec is the rate at which LDAP clients perform search operations.
  \NTDS\NTLM Authentications
 
  Number of NTLM authentications per second serviced by a DC.
 
  High Number of NTLM authentications
  Processes
  \Process(lsass)\% Processor Time
 
  % Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
  \Process(lsass)\Handle Count
 
  The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
  \Process(lsass)\IO Read Bytes/sec
 
  The rate at which the process is reading bytes from I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(lsass)\IO Write Bytes/sec
 
  The rate at which the process is writing bytes to I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(lsass)\Page Faults/sec
 
  Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
  \Process(lsass)\Private Bytes
 
  Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
  \Process(lsass)\Thread Count
 
  The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
  \Process(lsass)\Virtual Bytes
 
  Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
  \Process(lsass)\Working Set
 
  Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.
  \Process(ntfrs)\% Processor Time
 
  % Processor Time is the percentage of elapsed time that all of process threads used the processor to execution instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count.
  \Process(ntfrs)\Handle Count
 
  The total number of handles currently open by this process. This number is equal to the sum of the handles currently open by each thread in this process.
  \Process(ntfrs)\IO Read Bytes/sec
 
  The rate at which the process is reading bytes from I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(ntfrs)\IO Write Bytes/sec
 
  The rate at which the process is writing bytes to I/O operations. This counter counts all I/O activity generated by the process to include file, network and device I/Os.
  \Process(ntfrs)\Page Faults/sec
 
  Page Faults/sec is the rate at which page faults by the threads executing in this process are occurring. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This may not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared.
  \Process(ntfrs)\Private Bytes
 
  Private Bytes is the current size, in bytes, of memory that this process has allocated that cannot be shared with other processes.
  \Process(ntfrs)\Thread Count
 
  The number of threads currently active in this process. An instruction is the basic unit of execution in a processor, and a thread is the object that executes instructions. Every running process has at least one thread.
  \Process(ntfrs)\Virtual Bytes
 
  Virtual Bytes is the current size, in bytes, of the virtual address space the process is using. Use of virtual address space does not necessarily imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.
  \Process(ntfrs)\Working Set
 
  Working Set is the current size, in bytes, of the Working Set of this process. The Working Set is the set of memory pages touched recently by the threads in the process. If free memory in the computer is above a threshold, pages are left in the Working Set of a process even if they are not in use. When free memory falls below a threshold, pages are trimmed from Working Sets. If they are needed they will then be soft-faulted back into the Working Set before leaving main memory.

Monitoring Active Directory  |  Monitoring ASP.NET  |  Monitoring SQLMonitoring ExchangeMonitoring IIS  |  Monitoring Windows
 Monitoring Network Devices  |  Drilldown Network Mapping  |  SNMP Expressions  |  Web Application Analyzer
Baseline Management  |  Strategic Planning Software  |  Capacity Planning  |  Trend Reporting  |  Custom Dashboarding