refers to core metrics and performance indicators for Active Directory. Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks and is included in most Windows Server operating systems. It provides a variety of directory services including authentication, authorization, and accounting.
Threshold Configurations settings under the "Domain Controllers -> AD Core" section of the ENow Admin Console, which is focused on the Active Directory metrics of domain controllers.
AD Time:
If the domain controller's time drifts from the primary domain controller (PDC) by 24 hours (warning) or 48 hours (critical), an alert would be triggered. Time synchronization is critical in AD environments for login, replication, and various security protocols
See: Configure an authoritative time - Windows Server | Microsoft Learn
AD Partition Backup:
Backing up Active Directory, and ensuring successful restores in cases of corruption, compromise or disaster is a critical part of Active Directory maintenance. A warning at 10 hours and a critical alert at 15 hours indicate how long it has been since a backup was taken. Regular backups are important for disaster recovery.
See: Back up and restore Active Directory - Azure Backup | Microsoft Learn
AD LDAP Bind Time:
This indicator measures how long it takes for a Lightweight Directory Access Protocol (LDAP) bind (authentication request) to occur. The thresholds are set at 10 seconds for a warning and 15 seconds for critical. LDAP binds should be quick; longer times can indicate performance issues.
See: LDAP considerations in ADDS performance tuning | Microsoft Learn
AD LDAP Client Sessions:
A client session in the context of AD and LDAP refers to the interaction between a client (e.g., a user's computer or an application) and the directory server. We monitor the number of simultaneous LDAP client sessions on AD and have it set at 200 sessions or a critical alert at 250 sessions before it triggers a warning/alert. High numbers might indicate heavy usage or potential misuse.
AD LDAP Searches Per Second:
This metric shows how many LDAP searches are being performed every second. If the system conducts more than 10 searches per second, it triggers a warning, and more than 20 searches trigger a critical alert. High search rates may impact performance.
AD LDAP Expensive Searches:
These are searches that consume significant resources. A count of 10 triggers a warning, and 20 triggers a critical alert. Monitoring these searches helps in identifying and mitigating inefficient queries.
AD LSASS Percent CPU Usage:
LSASS is the Local Security Authority Subsystem Service. If LSASS is using 85% of the CPU, a warning is issued; at 95%, the situation becomes critical. High LSASS CPU usage could indicate a security issue or misconfiguration.
Repadmin Last Error:
Repadmin is a command-line tool for diagnosing AD replication issues. A warning is set for 24 hours since the last replication error, and a critical alert for 8 hours. Frequent replication errors could point to network or server issues. See: (https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/troubleshoot-adreplication-guidance)
Comments
0 comments
Please sign in to leave a comment.