Threshold Configuration settings under the Domain Controllers -> Network section of the ENow Admin Console, which is focused on the network aspects of domain controllers.
Here’s an analysis of each setting:
GC Bind Time:
"GC" stands for Global Catalog, a distributed data repository that contains a searchable, partial representation of every object in every domain in a multi-domain Active Directory Domain Services (AD DS) forest. The thresholds set here (5000 milliseconds for warning and 10000 milliseconds for critical) dictate when an alert should be generated based on the time it takes to bind to the GC. A long bind time can indicate network or GC performance issues.
LDAP Bind Time:
This is similar to GC Bind Time, but it specifically refers to the general LDAP service. LDAP (Lightweight Directory Access Protocol) is used for directory services like AD. Again, the thresholds are 5000 milliseconds for a warning and 10000 milliseconds for critical, and alerts would be issued when the LDAP service takes longer than this to respond to a bind request, which could point to network latency or service performance problems.
See: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/binding-to-an-ldap-server
GC Ports:
These settings allow you to configure monitoring for the Global Catalogue server ports mainly secure and non-secure GC and LDAP traffic. This port is used by clients to perform searches against the Global Catalogue. It provides access to the partial attribute set of objects in the AD forest. When an LDAP query is made to port 3268 or 3269, it is directed to a Global Catalog server, which returns the search results. The options for monitoring the ports are:
- Do not monitor the GC non-secure port: This will deactivate the monitoring on the non-secure GC port
- Monitor the GC non-secure port: This would activate monitoring on the non-secure port for any issues.
- Do not monitor the GC secure port: This would deactivate the monitoring on the non-secure GC port
- Monitor the GC secure port: This option enables monitoring of the secure port to ensure secure connections are being established as expected.
LDAP Ports:
Similar to GC Ports, but for the default LDAP ports:
- "Do not monitor the LDAP non-secure port": Typically port 389, for standard LDAP traffic.
- "Monitor the LDAP non-secure port": Enables monitoring on the non-secure port.
- "Do not monitor the LDAP secure port": Typically port 636, for LDAPS traffic.
- "Monitor the LDAP secure port": Enables monitoring of the secure port
Comments
0 comments
Please sign in to leave a comment.