Active Directory Server Domain Member (Monitoring)

Microsoft.Windows.Server.AD.DomainMemberMonitoring :: 10.0.2.1 (Management Pack)

Active Directory Management Pack for Microsoft Windows (Domain Member Monitoring)

Summary

AD Domain Member Monitoring Management Pack

The purpose of the Active Directory Domain Member Monitoring MP is to augment the server-side monitoring capabilities of the Active Directory Management Pack with a domain member view of the health of the Active Directory® directory service.

The rules that are contained in this rule group are used to test the availability of Active Directory from a client perspective, for example, the availability of Active Directory from directory-enabled application servers.

This MP should be deployed manually into an environment where it is necessary (or desirable) to actively monitor the availability of domain controllers and Active Directory.

AD Monitoring Domain Members should always be enabled on or near Microsoft Exchange servers to ensure that global catalog servers and domain controllers are always available to Microsoft Exchange.

Features

Each Windows computer (a computer that is not a domain controller) can be configured to monitor only the domain controllers of interest. You can:

The domain member computer determines whether the domain controllers are available by:

Thresholds can be specified for the LDAP bind and search. If multiple consecutive failures (or binds or searches that exceed the specified thresholds) occur, an alert is generated.

In addition, the domain member computer also determines whether:

Configuration

To deploy this rule group to domain member computers, override the AD Domain Member Perspective Discovery Rule.

To monitor Active Directory from the domain member’s perspective, tests are run from a domain member that is targeted at servers in which the domain member is interested. There are four modes of operation:

The configuration for these modes can be performed globally through the console. If individual configurations are required, they can be specified through a configuration file on the domain member computer. Any parameters that are specified at the Console can be overridden by writing specified values in the registry on individual domain member computers.

In the Full, Local Site, and Specific Site modes, discovery of domain controllers is performed once per day, by default.

It is possible to configure both a list of specific domain controllers and a list of sites to target. In this case, the union of the list of domain controllers and the domain controllers in each of the sites will be targeted.

Registry Configuration Format

The configuration in the registry is contained under the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Management\AD Management Pack\Domain Member Monitoring

There are two keys under this base:

Configuration

Tests

Configuration Key

Under the Configuration key, there are also three entries:

Domain Controllers: a string specifying (comma-delimited) domain controller names.

Sites: a string specifying (comma-delimited) sites.

Domains: a string specifying (comma-delimited) domains.

The settings are overrides in the AD Domain Member Update DCs rule.

The AD Domain Member Update DCs rule is run periodically and can be changed as needed. The purpose of this script is to discover the domain controllers for a domain member computer. Discovery of the domain controllers to be tested occurs as follows:

If there are domain controllers specified in the configuration on the domain member computer, these domain controllers are stored in the DCTargets collection.

If the DCTargets collection is empty, the domain controllers that are specified in the Domain Controllers script parameter for the AD Domain Member Update DCs script in MOM are added to the DCTargets collection.

If there are sites specified in the configuration on the domain member computer, the domain controllers in each of the sites that are specified are added to the DCTargets collection.

If the discovery mode is Specific Site, the domain controllers in the sites specified (as the Sites parameter to the AD Domain Member Update DCs script in MOM) are added to the DCTargets collection.

If the discovery mode is Local Site, the domain controllers in the local site are added to the DCTargets collection.

If the discovery mode is Full and the DCTargets collection is empty, the domain controllers for the specified domains (or if no domains are specified, the domain that the domain member is joined to) are added to the DCTargets collection.

The test suite is run against all the domain controllers in the DCTargets collection.

Management Pack Elements

DataSource Modules (10)

 DisplayNameIDIsolationAccessibility
Microsoft.Windows.AD.DomainMemberPerspective.Availability.DomainControllerHealth.DataSourceDomain Controller Health Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.DomainControllerHealth.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Availability.GlobalCatalog.DataSourceGlobal Catalog Availability Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.GlobalCatalog.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Availability.GroupPolicy.DataSourceGroup Policy Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.GroupPolicy.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Availability.Gtimeserver.DataSourceReliable Time Server Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.Gtimeserver.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Bind.DataSourcePDC LDAP Bind Availability Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Bind.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Ping.DataSourcePDC Ping Availability Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Ping.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Availability.SecureChannel.DataSourceSecure Channel Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Availability.SecureChannel.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.DataSourceGlobal Catalog Response Performance Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.DataSourcePDC Response Performance Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.DataSourceAnyInternal
Microsoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.DataSourceKRBTGT Password Last Set Script Data sourceMicrosoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.DataSourceAnyInternal

Unit Monitor Types (10)

 DisplayNameIDAccessibilitySupport Monitor Recalculate
Microsoft.Windows.AD.DomainMemberPerspective.Availability.DomainControllerHealth.MonitortypeDomain Controller Health Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.DomainControllerHealth.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Availability.GlobalCatalog.MonitortypeAD Domain Member Global Catalog Availability Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.GlobalCatalog.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Availability.GroupPolicy.MonitortypeGroup Policy Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.GroupPolicy.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Availability.Gtimeserver.MonitortypeReliable Time Server Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.Gtimeserver.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Bind.MonitortypePDC LDAP Bind Availability Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Bind.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Ping.MonitortypePDC Ping Availability Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Ping.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Availability.SecureChannel.MonitortypeSecure Channel Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Availability.SecureChannel.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.MonitortypeGlobal Catalog Response Performance Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.MonitortypePDC Response Performance Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.MonitortypeInternalFalse
Microsoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.MonitortypeKRBTGT Password Last Set Monitor typeMicrosoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.MonitortypeInternalFalse

Discoveries (2)

 DisplayNameIDTargetEnabled
Microsoft.AD.DomainMemberPerspective.DiscoveryAD Domain Member Monitoring DiscoveryMicrosoft.AD.DomainMemberPerspective.DiscoveryMicrosoft.Windows.ComputerFalse
Microsoft.Windows.Server.AD.DomainMemberComputerGroup.ComputerGroupDiscoveryPopulate AD Domain Member Monitoring GroupMicrosoft.Windows.Server.AD.DomainMemberComputerGroup.ComputerGroupDiscoveryMicrosoft.Windows.Server.AD.DomainMemberComputerGroupTrue

Unit Monitors (11)

 DisplayNameIDTargetCategoryEnabledAlert GenerateAccessibility
Microsoft.Windows.AD.DomainMemberPerspective.Availability.DomainControllerHealth.MonitorDomain Controller Health MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.DomainControllerHealth.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Availability.GlobalCatalog.MonitorGlobal Catalog Availability MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.GlobalCatalog.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveAvailabilityHealthTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Availability.GroupPolicy.MonitorGroup Policy Update MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.GroupPolicy.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Availability.Gtimeserver.MonitorReliable Time Server MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.Gtimeserver.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Bind.MonitorPDC LDAP Bind Availability MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Bind.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveAvailabilityHealthTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Ping.MonitorPDC Ping Availability MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.PDC.Ping.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveAvailabilityHealthTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Availability.SecureChannel.MonitorSecure Channel MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Availability.SecureChannel.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.MonitorGlobal Catalog Performance MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Bind.MonitorPDC Bind Performance MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Bind.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Ping.MonitorPDC Ping Performance MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Ping.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic
Microsoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.MonitorKRBTGT Password Last Set MonitorMicrosoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.MonitorMicrosoft.Windows.Server.AD.DomainMemberPerspectiveCustomTrueTruePublic

Rules (3)

 DisplayNameIDTargetCategoryEnabledAlert Generate
Microsoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.PerformanceCollectionGlobal Catalog Performance CollectionMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.PerformanceCollectionMicrosoft.Windows.Server.AD.DomainMemberPerspectivePerformanceCollectionTrueFalse
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Bind.PerformanceCollectionPDC Bind Performance CollectionMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Bind.PerformanceCollectionMicrosoft.Windows.Server.AD.DomainMemberPerspectivePerformanceCollectionTrueFalse
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Ping.PerformanceCollectionPDC Ping Performance CollectionMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.Ping.PerformanceCollectionMicrosoft.Windows.Server.AD.DomainMemberPerspectivePerformanceCollectionTrueFalse

Folder Items (5)

 DisplayNameIDFolderNameElementID
Microsoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.ViewGlobal Catalog Response TimeMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.ViewMicrosoft.Windows.Server.AD.DomainMemberMonFolderMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.View
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.ViewPDC Response TimesMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.ViewMicrosoft.Windows.Server.AD.DomainMemberMonFolderMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.View
Microsoft.Windows.Server.AD.DomainMemberAlerts7dDomain Member AlertsMicrosoft.Windows.Server.AD.DomainMemberAlerts7dMicrosoft.Windows.Server.AD.DomainMemberMonFolderMicrosoft.Windows.Server.AD.DomainMemberAlerts7d
Microsoft.Windows.Server.AD.DomainMemberPerfDashDomain Member Performance OverviewMicrosoft.Windows.Server.AD.DomainMemberPerfDashMicrosoft.Windows.Server.AD.DomainMemberMonFolderMicrosoft.Windows.Server.AD.DomainMemberPerfDash
Microsoft.Windows.Server.AD.DomainMemberStateDomain Member StateMicrosoft.Windows.Server.AD.DomainMemberStateMicrosoft.Windows.Server.AD.DomainMemberMonFolderMicrosoft.Windows.Server.AD.DomainMemberState

Folders (1)

 DisplayNameIDParentFolderAccessibility
Microsoft.Windows.Server.AD.DomainMemberMonFolderDomain Member MonitoringMicrosoft.Windows.Server.AD.DomainMemberMonFolderMicrosoft.Windows.Server.AD.ViewFolderPublic

Views (5)

 DisplayNameIDTargetTypeAccessibilityVisible
Microsoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.ViewGlobal Catalog Response TimeMicrosoft.Windows.AD.DomainMemberPerspective.Performance.GlobalCatalog.ViewMicrosoft.Windows.Server.AD.DomainMemberPerspectiveMicrosoft.SystemCenter.PerformanceViewTypePublicTrue
Microsoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.ViewPDC Response TimesMicrosoft.Windows.AD.DomainMemberPerspective.Performance.PdcResponse.ViewMicrosoft.Windows.Server.AD.DomainMemberPerspectiveMicrosoft.SystemCenter.PerformanceViewTypePublicTrue
Microsoft.Windows.Server.AD.DomainMemberAlerts7dDomain Member AlertsMicrosoft.Windows.Server.AD.DomainMemberAlerts7dMicrosoft.Windows.Server.AD.DomainMemberPerspectiveMicrosoft.SystemCenter.AlertViewTypePublicTrue
Microsoft.Windows.Server.AD.DomainMemberPerfDashDomain Member Performance OverviewMicrosoft.Windows.Server.AD.DomainMemberPerfDashMicrosoft.Windows.Server.AD.DomainMemberPerspectiveMicrosoft.SystemCenter.DashboardViewTypePublicTrue
Microsoft.Windows.Server.AD.DomainMemberStateDomain Member StateMicrosoft.Windows.Server.AD.DomainMemberStateMicrosoft.Windows.Server.AD.DomainMemberPerspectiveMicrosoft.SystemCenter.StateViewTypePublicTrue