BMC Performance Manager Active Directory Best Practices White Paper

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "BMC Performance Manager Active Directory Best Practices White Paper"

Transcription

1 BMC Performance Manager Active Directory Best Practices White Paper Problem The IT department delivers user authentication services to their internal and external customers. Users complain that they can t login to their systems or that the systems login response time is not acceptable. The IT department wants to maintain control over their own users and network resources while simplifying Active Directory administration. Solution The technology features that will be implemented in Active Directory monitoring will be based on the priorities that the business has expressed. The members of the IT department need clearly defined key availability indicators so that they know when and why the users were not able to login with their provided user credentials. The members of the IT department need clearly defined key performance indicators so that they know when and why the users were experiencing delays during the login process with their provided user credentials. The members of the IT department need to verify the functionality of the provided logon services from a client perspective. The members of the IT department need the objective data to prove to themselves and management that their time and budget is allocated to provide user authentication services with the highest ROI. Primary Message The BMC Performance Manager for Servers based Active Directory monitoring solution provides clearly defined key performance and availability indicators to measure the quality of the user authentication services. Description BMC Performance Manager for Servers gathers key performance indicators based on performance metric data, events and synthetic transaction in order to measure, verify the core services of Active Directory and alarm if the status exceeds or is less than a configured threshold. Monitoring the distributed Active Directory service and the services that it depends on helps to ensure consistent directory data and a consistent level of service throughout the organization. Product Highlights Gather, analyze and correlate key performance indicators based on Windows performance monitor metrics on each individual domain controller. Gather, analyze and correlate key performance indicators based on WMI objects on each individual domain controller. Gather, analyze and correlate key performance indicators based on Lightweight Directory Access Protocol (LDAP) objects on each individual domain controller. Gather, analyze and correlate key performance indicators based on the Active Directory topology. Gather, analyze and correlate key performance indicators based on the Domain Name Service. Verify and determine Active Directory s logical function from a client perspective by means of synthetic transactions. BMC PM for Servers - Active Directory Version 2.3 Page 1 of 30

2 Products involved BMC Performance Manger for Servers P for Windows PKM for Microsoft Windows PKM for Microsoft Windows Domain Services PKM for Microsoft Windows Active Directory P Wizard for MS PM and WMI Contents Monitoring of Components... 3 Six Sigma Values... 3 Controlling the cost of your Active Directory Infrastructure & Monitoring Solution... 5 Device and Application Probing... 6 Event Correlation Module... 6 Notification Module... 6 Types of Monitoring and Monitoring Systems... 7 Methods of Monitoring the Active Directory... 8 Simple Network Monitoring Protocol (SNMP)... 8 LDAP Probing... 8 DNS Probing... 8 Operating System Specific Probes... 8 Indirect Monitoring... 8 Log File Analysis... 8 Using the Event Log as a Data Source Application Log System Log Security Log Directory Service Log File Replication Service Log Domain Name Systems Server Log Monitoring replication within the configuration naming context PATROL defaultaccount required permissions To configure PATROL KM for Microsoft Windows Active Microsoft Windows Server 2003 SP1 / R BMC PM for Servers - Active Directory Version 2.3 Page 2 of 30

3 Monitoring of Components Why Monitor? Monitoring is the only indication as to the health and well being of your deployed directory solution. Experience proves-out that companies who do not initiate proactive monitoring, always fall prey to crisis situations, disasters that could have been foreseen and avoided, and quickly fall into the unenviable position of constantly having to respond to situations where customers are impacted by failures or service interruption. How many times have we seen a service interruption first reported by a customer or end-user (usually a call to the service desk indicating a problem connecting to or accessing a system or service). With a little thought and a little more work, you can implement a proactive monitoring scheme that ultimately saves you time, money and vastly improves customer satisfaction. Six Sigma Values As stated in related documentations, Six Sigma values tell us: You don't know what you don't know You can't do what you don't know You won't know until you measure (or monitor) The more sophisticated, elaborate and distributed your directory service, the more you need to monitor, so that you fully understand what is going on at all times. The following text is provided within the context of these values, as these are the keys that frame your proactive monitoring paradigm. How does Six Sigma works? Follow these steps closely to successfully monitor and manage your Active Directory: 1. Define 2. Measure 3. Analyze 4. Improve 5. Control See the next graphic for additional explanations. BMC PM for Servers - Active Directory Version 2.3 Page 3 of 30

4 BMC PM for Servers - Active Directory Version 2.3 Page 4 of 30

5 Controlling the cost of your AD Infrastructure & Monitoring Solution Ask yourself the following questions to identify and determine the quality and depth of your monitoring solution for the Active Directory: Are Systems personnel divided into silos where they specialize on a specific platform? How many servers/subsystems does each person manage? How fast are existing servers growing? What happens if key applications or technologies are not available? How much of your day is taken up with repetitive tasks? Are you experiencing costly hardware and software upgrades to meet computer resource demands? What are your goals this year in terms of service quality, new application deployment, and capacity growth? Do your have a proactive methodology in place to ensure that your mission critical business applications perform as required today and in the future? Do inconsistencies between different tools cause staff to duplicate work? Does the data center consistently meet deadlines and SLAs? So far, we have established that your directory is the heart and souls of your computing environment, used by customers to logon to the network, authenticate to services and application, and look-up other users and resources network-wide. An interruption to these core directory services results in downtime for users and business applications, which directly translates into lost productivity and money. By monitoring your directory, you can learn of outages as soon as they occur, and in some cases, even before they occur. With more sophisticated monitoring tools, you can further anticipate failures, understand where performance degradation exists, and use the captured information for the purpose of system tuning. A monitoring system consists of three elements: The monitored devices and services. The monitoring solution or system. The alert, notification, and escalation processes that determine how you will respond to events. BMC PM for Servers - Active Directory Version 2.3 Page 5 of 30

6 Device and Application Probing This element is the function or process responsible for periodically checking the status of a monitored service, device, host, application, or other system. When a device fails to respond to a specified probe, an alert is generated that indicates the failed device and nature of the failure. BMC Performance Manager Agent based Probe Event Correlation Module This element receives input from the probing module and correlates the inputs to determine the root cause. It then suppresses any events that might have occurred as a result of other events. After suppressing indirect events, the module constructs one or more alerts and forwards them to the notification module. Notification Module This module receives alerts from the correlation module and generates notifications to the appropriate (pre-programmed) respondent or responsible party. Also, this module might generate a notification to an automated response system pre-programmed to restart a service, or some other remedial action designed to address a failure. The monitoring system shown in the figure above is a conceptual model. Humans or a software application could perform any of the models elements. The goal is to automate these elements as much as possible into a cohesive, predictable solution that addresses your specific monitoring needs. BMC PM for Servers - Active Directory Version 2.3 Page 6 of 30

7 Types of Monitoring and Monitoring Systems There are essentially three types of monitors - hard-error monitors, soft-error monitors, and performance monitors. Hard errors occur as a direct result of a hardware or network failure. Soft errors are typically caused by programming or data problems, resulting in incorrect or inconsistent data in the directory proper. Performance monitors provide valuable feedback on the system's performance, identifying bottlenecks, points of contention, and performance degradation. Performance monitoring can also provide baseline information, allowing you to capture trend information useful in understanding when you will need to perform capacity planning or execute an upgrade to the directory infrastructure. The main goal of the monitoring solution should help to control the cost of your IT Infrastructure. Some Best practices are listed in order to turn from chronic instability to stability : Be current Test everything Prevent all repeat problems Avoid all known problems Optimize risk profile of all changes Manage proactively BMC PM for Servers - Active Directory Version 2.3 Page 7 of 30

8 Methods of Monitoring the Active Directory Simple Network Monitoring Protocol (SNMP) Although SNMP [Security is Not My Problem] has found its widest application in the management of networking hardware such as switches, hubs and routers, it is also possible to use SNMP to monitor and manage applications and process running on servers and other support devices. SNMP allows a management application to monitor the status of an entity on a network. It is also possible for a management application to be asynchronously notified via the SNMP trap mechanism when an event or error occurs. LDAP Probing One of the most straightforward and useful ways to monitor your directory is to probe it by connecting from a client and issuing LDAP commands and/or requests. For example, a simple probe tool might connect to a directory and search for a pre-determined entry. If the response is within a pre-specified response window, the directory is considered to be functioning. If not, the probe tool can generate an error. DNS Probing Another way to monitor your directory is to probe it by connecting from a client and issuing DNS query requests. For example, a simple probe tool might connect to a domain name server and search for a pre-determined entry. If the response is within a prespecified response window, the directory is considered to be functioning. If not, the probe tool can generate an error. Operating System Specific Probes Most modern operating systems come with tools that provide for monitoring their respective services, including their native directory services. This type of information can assist you in determining when your directory is experiencing a problem as a result of the operating system. Indirect Monitoring Monitoring the applications that directly touch your directory provides more of an enduser view of the responsiveness and reliability of the system. Log File Analysis You can automatically scan your directory's log files for events that indicate an error condition. Additionally, you can monitor for conditions that indicate performance problems. BMC PM for Servers - Active Directory Version 2.3 Page 8 of 30

9 BMC Performance Manager for Servers As a distributed service, Active Directory depends on many interdependent services that are distributed across many devices and in many remote locations. Correlation of key performance indicators, object state and logical transaction based data becomes more important. To monitor the key performance indicators of a simple server configuration, the members of the IT department need to collect three different types of performance data over a specified period of time: 1. general performance data 2. baseline performance data 3. data for service level reports General performance data is information that can help the members of the IT department to identify short-term trends such as memory leaks. After a month or two of data collection, the members of the IT department can average the results and save them in a more compact format. Baseline performance data is information that can help the members of the IT department to discover changes that occur slowly, over time. By comparing the current state of your system with historical data, you can troubleshoot and tune your system. Data for service level reports is information that can help you to ensure that your system meets a certain service or performance level, and that you will likely present to decision makers who are not performance analysts. How often you collect and maintain this data depends on your specific needs. Use Case Scenarios This use case will address the following issue: The members of the IT department need clearly defined key indicators so that they know when and why the users were not able to login with their provided user credentials. In order to find out why the user was not able to login with the provided user credentials a member of the IT department will perform the following tasks: 1. Collect and analyze key availability indicator metric based: general performance data baseline performance data 2. Collect and analyze key availability indicator event based: general availability data baseline availability data 3. Collect and analyze key performance indicator metric based: general performance data baseline performance data 4. Collect and analyze key performance indicator event based: general availability data baseline availability data BMC PM for Servers - Active Directory Version 2.3 Page 9 of 30

10 Implementation Scenarios General Performance Monitoring Adjust Polling Cycle based on CPU Collection interval Step 1: Select the properties of the application class of the collector you want to change Step 2: Select the Parameter / Collector and click on Customize Step 3: Adjust the polling interval according to your requirements Step 4: Press OK BMC recommends the use of PATROL Configuration Manager (PCM) in a production environment to configure BMC Performance Manager for Servers, PATROL Agents, Thresholds, Alerts and the configuration of Knowledge Modules. BMC PM for Servers - Active Directory Version 2.3 Page 10 of 30

11 Implementation Scenarios General Performance Monitoring Adjust Threshold based on CPU performance metric Step 1: Select the metric you want to change Step 2: Select the Task and click on Customize Step 3: Adjust the thresholds according to your requirements Step 4: Press OK BMC PM for Servers - Active Directory Version 2.3 Page 11 of 30

12 Implementation Scenarios General availability monitoring Service monitoring The member of the IT Department can monitor all windows services. All available services are being monitored out of the box. If the startup type is set to automatic, you can activate a corrective action in order to restart the service. In the case of Active Directory monitoring BMC recommends selecting the core services to monitor: Certificate Service Distributed File System DNS Server DNS Client Event Log Intersite Messaging Kerberos Key Distribution Center Server Workstation Net Logon File Replication Service IPSEC Services Remote Procedure Call (RPC) Remote Procedure Call (RPC) Locator Windows Time The current status of the service is displayed and historical data is kept in a database. A menu command allows the member of the IT Department to change the services being monitored and related properties. See online help for further details Configuring service monitoring. BMC PM for Servers - Active Directory Version 2.3 Page 12 of 30

13 Implementation Scenarios General availability monitoring Process Performance Monitoring In addition to the service monitoring, the monitoring of Active Directory core processes, corresponding to the services mentioned earlier and recommended by BMC, are essential to detect possible bottlenecks or inconsistent system behavior. Processes can be grouped to get the overall picture of the system performance and workload. Clearly defined Key performance indicators help to monitor the performance and availability of Active Directory. Formatted data as well as raw data is provided in order to satisfy the need of having objective data. Menu commands provide the flexibility to add, delete or modify process monitoring and manage process groups. BMC PM for Servers - Active Directory Version 2.3 Page 13 of 30

14 Implementation Scenarios Domain Name Services AD from client perspective The process for monitoring DNS to support Active Directory varies according to whether your organization already has an existing DNS service or whether you are deploying a new DNS service. To verify Active Directory s Domain Name Server system and appropriate name resolution from a client perspective, it s recommended to incorporate BMC Performance Manager for Internet Servers into your monitoring design. The member of the IT Department can configure lookup requests to search for SRV records in the DNS database. Additional value is given by means of the content check. It enables the member of the IT Department to check the logical function of Active Directory in connection with DNS. A subset of recommended resource records to look for is listed below. BMC PM for Servers - Active Directory Version 2.3 Page 14 of 30

15 SRV Resource Records and Dynamic Updates DNS exists independently of Active Directory, whereas Active Directory is designed specifically to work with DNS. For Active Directory to function properly, DNS servers must support Service Location (SRV) resource records. SRV resource records map the name of a service to the name of a server offering that service. Active Directory clients and domain controllers use SRV resource records to determine the IP addresses of domain controllers. Mnemonic Type DNS Record Requirements PDC SRV _ldap._tcp.pdc._msdcs.<dnsdomainname> One per domain GC SRV _ldap._tcp.gc._msdcs.<dnsforestname> At least one per forest GcIpAddress A _gc._msdcs.<dnsforestname> At least one per forest DSACName CNAME <DsaGuide>._msdcs.<DnsForestName> One per domain controller KDC SRV _kerberos._tcp.dc._msdcs.<dnsdomainname> At least one per domain DC SRV _ldap._tcp.dc._msdcs.<dnsdomainname> At least one per domain A <DomainControllerFQDN> One per domain controller (domain controllers that have multiple IP addresses can have more than one A resource record) BMC PM for Servers - Active Directory Version 2.3 Page 15 of 30

16 Implementation Scenarios Domain Name Services AD from server perspective Active Directory uses the name resolution services provided by DNS to enable clients to locate domain controllers and to enable the domain controllers hosting the directory service to communicate with each other. Active Directory uses DNS as its locator service to support the various types of services that AD offers, for example: Global Catalog (GC) Kerberos Lightweight Directory Access Protocol (LDAP) Sometimes clients might need to contact a Microsoft-hosted service. For that reason, each domain in DNS has a _msdcs sub domain that hosts only DNS SRV records that are registered by Microsoft-based services. The Netlogon process dynami cally creates these records on each domain controller (DC). The _msdcs sub domain also includes the globally unique identifier (GUID) for all domains in the forest and a list of GC servers. BMC Performance Manager for Servers verifies the proper DNS registration of a domain controller and reports failures of a domain controller to register DNS records dynamically that advertise its availability as a domain controller. The error Event IDs 5774, 5775 and 5783 and the warning Event ID 5781, for example, are being tracked and a member of the IT Department is being informed of the situation. Besides the monitoring of the Win32 service DNS.EXE, BMC Performance Manager for Servers monitors the ability of the server to initiate a remote procedure call (RPC). A selection of DNS based performance indicators help to identify possible bottleneck in the logical operations of the DNS. Process monitoring in turn, will provide performance data information that can help the members of the IT Department to discover changes that occur slowly, over time. DNS performance testing, by means of DNS lookup queries are supported in order to measure the general response time of a DNS server. It will help the members of the IT department to evaluate the current workload of the DNS system. BMC PM for Servers - Active Directory Version 2.3 Page 16 of 30

17 Implementation Scenarios AD related Services AD from client perspective The member of the IT Department can configure the Lightweight Directory Access Protocol (LDAP) monitor to perform an anonymous bind to a specific server. It will help the members of the IT Department to evaluate the current workload of the LDAP system. The member of the IT Department can configure the SMTP monitor to perform an SMTP login to a specific server. It will help the members of the IT department to evaluate the current workload of the SMTP system. There is a menu command with BMC Performance Manager for Internet Servers provides the Interface to configure the server monitoring. Standard TCP/IP based internet services, like LDAP, SMTP and HTTP/S that can have a crucial part in the overall availability of the services provided by Active Directory, should be monitored from a performance, workload and logical perspective. BMC PM for Servers - Active Directory Version 2.3 Page 17 of 30

18 Implementation Scenarios FSMO & GC related Services AD from server perspective Domain controllers must be able to locate and establish an LDAP connection with Flexible Single Master Operation (FSMO) role holders. BMC Performance Manager for Servers monitors the connectivity status of each of the five FSMO role holders from the current domain controller. Each FSMO role has one instance, named to reflect its FSMO role: Schema Master Domain Naming Master Relative ID Master PDC Emulator Infrastructure Master BMC Performance Manager for Servers enables the member of the IT Department to: Report whether the domain controller that holds the operations master role is allowing LDAP connections. Detect and report when a master operations FSMO role is moved to or from the current DC and when the current DC acquires the role. Verify that the domain naming master owner hosts a global catalog (GC). Verify that the infrastructure naming master is not a global catalog. Exceptions include o o a single domain forest a multi-domain forest where every domain controller also hosts a global catalog Verify that the Domain Naming Master and Schema Master reside on the same domain controller. Sample Report on an Active Directory implementation based on the InfoBox of the BMC Performance Manager for Servers Active Directory monitoring solution. BMC PM for Servers - Active Directory Version 2.3 Page 18 of 30

19 BMC Performance Manager for Servers enables the member of the IT Department to verify the health of the Server holding the global catalogue by: Reporting the connectivity/availability of LDAP on a global catalog server using the global catalog port number, Reporting the current number of threads in use by the LDAP subsystem of the local directory service. Reporting the amount of time required to issue an LDAP bind operation and perform a small search on a global catalog server using the global catalog port, Reporting the amount of time required to issue an LDAP bind operation. The bind operation is performed locally on the domain controller to eliminate network latency. Verifying that a global catalog is correctly advertising itself as a global catalog. If a global catalog is not advertising correctly, clients will not be able to locate it. Verifying that a domain controller is correctly advertising itself correctly as a domain controller. If a domain controller is not advertising correctly, clients cannot locate it. Operations Master Role Consequences if Role is Unavailable Risk of Improper Restoration Recommendation for Returning to Service After Seizure Schema master You cannot make changes to the schema. Conflicting changes can be introduced to the schema if both schema masters attempt to modify the schema at the same time. This can result in a fragmented schema. Not recommended. Can lead to a corrupted forest and require rebuilding the entire forest. Domain naming master You cannot add or remove domains from the forest. You cannot add or remove domains or clean-up metadata. Domains might appear as though they are still in the forest even though they are not. Not recommended. Can require rebuilding domains. PDC emulator You cannot change passwords on pre-active Directory clients. No replication to Windows NT 4.0 backup domain controllers. Password validation can randomly pass or fail. Password changes take much longer to replicate throughout the domain. Allowed. User authentication can be erratic for a time, but no permanent damage occurs. Infrastructure master Delays displaying updated group membership lists in the user interface when you move users from one group to another. Displays incorrect user names in group membership lists in the user interface after you move users from one group to another. Allowed. May impact the performance of the domain controller hosting the role, but no damage occurs to the directory. RID master Eventually, domain controllers cannot create new directory objects as each of their individual RID pools is depleted. Duplicate RID pools can be allocated to domain controllers, resulting in data corruption in the directory. This can lead to security risks and unauthorized access. Not recommended. Can lead to data corruption that can require rebuilding the domain. BMC PM for Servers - Active Directory Version 2.3 Page 19 of 30

20 Implementation Scenarios Replication related Services AD from server perspective In addition to Win32 service and process monitoring BMC Performance Manager for Servers enables the member of the IT Department to verify the health of Active Directory replication by: Monitoring directory replication to report duplicate object errors. Monitoring the warning Event ID 1265 in the directory service event log. Reporting the number of unsuccessful synchronization requests processed. Monitoring for the occurrence of lingering objects. Monitoring the error Event ID 1388 in the directory service event log. Reporting the number of directory synchronization requests that are queued for this server but have not yet been processed. Reporting errors that occur when the NT Directory Service (NTDS) received a failure while trying to perform an authenticated RPC call to another Domain Controller due to a service principal name (SPN) mismatch. Reporting a topology mismatch, this occurs when replication configuration information in Active Directory Sites and Services does not reflect the physical topology of the network. Monitoring the File Replication service (FRS) for occurrences of duplicate connections. Detecting a journal wrap. This parameter issues an alert if the NT File System (NTFS) change journal exceeds its maximum size limit and wraps to restore its maximum size by deleting the oldest records. Detecting when the FRS service has been unable to complete the RPC connection to a specific replication partner. Monitoring the resolution of user security IDs (SIDs) for File Replication System (FRS) and issues an alarm if the SID cannot be determined from the distinguished name. Monitoring the available space in the staging area and issues an alert if this area becomes full. Verifying that the domain controller has an enabled inbound connection from a SYSVOL replication partner and that an enabled outbound connection from the domain controller resides on a SYSVOL replication partner. Reporting the existence of replication collisions for the types of objects that were selected for monitoring. Reporting whether replication between the site/domain, site/forest, or both for a domain controller is occurring properly. Reporting whether replication within the site/domain, site/forest, or both for a domain controller is occurring properly. Reporting whether or not SYSVOL is shared. BMC PM for Servers - Active Directory Version 2.3 Page 20 of 30

21 Implementation Scenarios Performance Monitor AD from server perspective BMC Performance Manager for Servers enables the member of the IT Department to verify the health of Active Directory by collecting and analyzing key performance indicators based on the Windows Performance monitor. The WMI and Performance Monitor Wizard let you integrate all available performance counters and custom WQL based quires. To highlight just a few possibilities: BMC PM for Servers - Active Directory Version 2.3 Page 21 of 30

22 Implementation Scenarios Eventlog Monitor AD from server perspective BMC Performance Manager for Servers enables the member of the IT Department to verify the health of Active Directory by collecting and analyzing key performance indicators based on the Windows event log. All major Active Directory events are being taken care of by means of the AD monitoring solution. To enhance the monitoring capabilities, BMC Performance Manager for Servers enables the member of the IT Department to: Monitor additional events and can do so by incorporating appropriate event log filtering. To reduce the amount of events being forwarded by the infrastructure monitoring by allowing to alter the respective configuration. To create filters that monitor Windows events based on event properties. Whenever an event occurs that matches the filter criteria that the member of the IT Department specifies BMC Performance Manager for Servers generates reports or alerts, depending upon the notification settings the member of the IT Department selected for the filter. BMC PM for Servers - Active Directory Version 2.3 Page 22 of 30

23 Using the Event Log as a Data Source You can use the Event Log service and BMC Performance Manager for Servers Windows Event monitoring solution to gather and filter information about hardware, software, and system problems, and to monitor Windows security events. Windows 200x records events in six types of logs: Application Log This log contains events logged by applications or programs. System Log This log records events such as valid and invalid logon attempts, as well as events related to resource use such as creating, opening, or deleting files or other objects. Security Log This log contains events logged by Windows system components. The event types logged by system components are predetermined by the server. Directory Service Log This log contains events logged by the Microsoft Windows Active Directory directory service. File Replication Service Log This log contains events logged by the Windows File Replication service. Domain Name Systems Server Log This log contains events logged by the DNS service. BMC PM for Servers - Active Directory Version 2.3 Page 23 of 30

24 Events raised by replication issues Common events that might indicate a problem with Active Directory replication, together with root cause and solution information. Event Root Cause Solution Net Logon Event ID 5805 NTDS Event ID 1083 NTDS Event ID 1265 NTDS Event ID 1311 NTDS Event ID 1388 NTDS Event ID 1645 A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name, or the computer name has not replicated to every domain controller. A duplicate object is present in the Active Directory of the replication partner of the local domain controller, so updating it is impossible. Replication failed for the reason stated in the message text. This error occurs when the replication configuration information in Active Directory Sites and Services does not accurately reflect the physical topology of the network. This error is usually generated by a lingering object which resulted from disconnecting a domain controller for too long. This error occurs over an existing replication link when the GUID of the NTDS Settings object of a replication partner does not match the GUID defined in the Service Principal Name (SPN) attributes of the computer object of this replication partner. If you do not find multiple instances of the computer name, verify that replication is functioning for the domain that contains the computer account. See Troubleshooting Directory Data Problems. Use Repadmin.exe to further identify the problem, and use Table x.x to determine the appropriate action to take for the message generated by Repadmin.exe. If the event message indicates a DNS lookup failure or the RPC server is unavailable, see Troubleshooting Active Directory Related DNS Problems. If the event message indicates that the target account name is incorrect, troubleshoot GUID discrepancies. If the event message indicates a time difference between the client and server, synchronize replication from the PDC emulator. Troubleshoot NTDS event ID If the domain controller does not also function as a global catalog server, see Remove Lingering Objects from an Outdated Writable Domain Controller. If the domain controller also functions as a global catalog server, see Remove Lingering Objects from a Global Catalog Server. Troubleshoot GUID discrepancies. BMC PM for Servers - Active Directory Version 2.3 Page 24 of 30

25 Event Root Cause Solution SceCli event ID 1202 A user account in one or more Group Policy objects (GPOs) cannot be resolved to a security identifier (SID). This error is possibly caused by a mistyped or deleted user account Troubleshoot SceCli event ID referenced in either the User Rights Assignment or Restricted Groups branch of a GPO. Events raised by Active Directory Event Log Source Event Why Event is Important Application SCECLI Severity = error 1058 Critical NETLOGON service errors Application USERENV Severity = error Responsible for the application of group policy User = System and profiles on domain controllers Directory The primary error events for the Active Directory All Sources Severity = error Service service. FRS All Sources Severity = error FRS is used to synchronize policy between all Domain Controllers in the Forest. System DNSAPI DNS server timed out System DNSAPI A resource record for the domain controller is not registered in DNS System DNSAPI The zone or the currently connected DNS server does not support dynamic update System DNSAPI Domain controller does not have sufficient rights to perform a secure dynamic update System KDC Severity = error System LSASS Severity = error System NETLOGON 5773 System NETLOGON 5774 Critical Kerberos Distribution Center service error messages Local Security Authority is the core security subsystem for Active Directory One or more DC locator records are not registered because the primary DNS server does not support dynamic update One or more DC locator records are not registered in DNS BMC PM for Servers - Active Directory Version 2.3 Page 25 of 30

26 Event Log Source Event Why Event is Important System NETLOGON Severity = error 5705 Critical NETLOGON service errors 5723 System W32TIME Severity = error Severity = warning BMC PM for Servers - Active Directory Version 2.3 Page 26 of 30

27 Security Hardening Synthetic Transactions AD from server perspective Monitoring replication within the configuration naming context BMC Performance Manager for Servers Knowledge Module for Active Directory version 1.6 monitors Active Directory intrasite and intersite replication for both errors and latency issues within the domain naming context. This release of BMC Performance Manager for Servers Knowledge Module for Active Directory provides the ability to monitor replication within the configuration naming context. Replication monitoring within the configuration naming context is not enabled by default. To enable replication monitoring within the configuration naming context, create and set the /ActiveDirectory/Configuration/ReplMonConfigNC configuration (pconfig) variable as shown in Table 1. Simultaneous replication monitoring of both the configuration and domain naming context is supported, but not required. To disable replication monitoring of the domain naming context, create and set the /ActiveDirectory/Configuration/ReplMonDomainNC configuration (pconfig) variable as shown in Table 1. For inter operability with previous releases of the KM, replication monitoring of the domain naming context must be enabled (the default). Variable name Default Values /ActiveDirectory/Configuration/ReplMonConfigNC 0 (Off) 0=Configuration naming context monitoring is off 1=Configuration naming context monitoring is on /ActiveDirectory/Configuration/ReplMonDomainNC Table 1 1 (On) 0=Domain naming context monitoring is off 1=Domain naming context monitoring is on BMC Performance Manager for Servers uses the same parameters to monitor configuration naming context replication as it uses to monitor domain naming context replication. The alarm annotations report the following: Replication context Names of the domain controllers that failed to replicate or that did not replicate in a timely manner BMC PM for Servers - Active Directory Version 2.3 Page 27 of 30

28 Insertions into the Active Directory Interdomain o PatrolReplication container under the Configuration Container Intradomain o PatrolReplication container under the Domain NC Default Configuration for CN=PatrolReplication based on Active Directory PATROL defaultaccount required permissions Monitoring replication within the configuration naming context requires that the PATROL Agent defaultaccount have sufficient Active Directory permissions to create a container object and child container objects in the configuration naming context of the forest in which the domain controller resides. The account must have full control of the created objects. The PATROL Agent defaultaccount must be granted permission to Create Container Objects in the Configuration NC and to give Full Control to the created container object and its children. Monitoring replication within the domain naming context requires that the PATROL Agent defaultaccount have sufficient Active Directory permissions to create a container object and child container objects in the domain naming context of the domain in which the domain controller resides. The account must have full control of the created objects. The BMC PM for Servers - Active Directory Version 2.3 Page 28 of 30

29 PATROL Agent defaultaccount must be granted permission to Create Container Objects in each Domain NC and to give Full Control to the created container object and its children. To configure PATROL KM for Microsoft Windows Active Directory for configuration naming context replication In Active Directory, grant PATROL Agent defaultaccount the following permissions: o Create Container Objects in the configuration naming context o Full Control to the created container object and its children Set the pconfig variable /ActiveDirectory/Configuration/ReplMonConfigNC to 1. (Optional) Set the pconfig variable /ActiveDirectory/Configuration/ReplMonDomainNC to 0. Microsoft Windows Server 2003 SP1 / R2 Additional requirements: Microsoft Windows Server 2003 requires Performance Monitor Users Group and the PATROL Agent needs to be able to access the registry via the internal command. Also, the PATROL Agent defaultaccount needs to be able to query our PatrolReplication container on the remote boxes. BMC PM for Servers - Active Directory Version 2.3 Page 29 of 30

30 Reference _0,00.html BMC Software Technical Bulletin *53535* PATROL KM for AD Microsoft MSDN Six Sigma is a methodology to manage process variations that cause defects, defined as unacceptable deviation from the mean or target; and to systematically work towards managing variation to eliminate those defects. The objective of Six Sigma is to deliver high performance, reliability, and value to the end customer. It was pioneered by Bill Smith at Motorola in 1986 and was originally defined as a metric for measuring defects and improving quality; and a methodology to reduce defect levels below 3.4 Defects Per (one) Million Opportunities (DPMO). Six Sigma has now grown beyond defect control. Six Sigma is a registered service mark and trademark of Motorola, Inc. Feedback & Comments BMC Software, Inc. Product Management BMC Performance Manager Copyright August 31, 2006 BMC Software, Inc., as an unpublished work. All rights reserved. BMC Software, the BMC Software logos, and all other BMC Software product or service names are registered trademarks or trademarks of BMC Software, Inc. All other trademarks belong to their respective companies. BMC Software considers information included in this documentation to be proprietary and confidential. Your use of this information is subject to the terms and conditions of the applicable End User License Agreement for the product and the proprietary and restricted rights notices included in this documentation. Disclaimer; Limitation of Liability; Indemnity BMC PM for Servers - Active Directory Version 2.3 Page 30 of 30

Active Directory Monitoring With PATROL

Active Directory Monitoring With PATROL Active Directory Monitoring With PATROL Contents What is Active Directory?...1 Why Monitor?...1 Active Directory and PATROL...2 Critical Active Directory Components to Monitor...3 Address Book...3 Domain

More information

Module 10: Maintaining Active Directory

Module 10: Maintaining Active Directory Module 10: Maintaining Active Directory! Lesson: Backing Up Active Directory Topic: How to Back Up Active Directory! Lesson: Restoring Active Directory Topic: How to Perform a Primary Restore! Lesson:

More information

Planning Domain Controller Capacity

Planning Domain Controller Capacity C H A P T E R 4 Planning Domain Controller Capacity Planning domain controller capacity helps you determine the appropriate number of domain controllers to place in each domain that is represented in a

More information

Dell Active Administrator 8.0

Dell Active Administrator 8.0 What s new in Dell Active Administrator 8.0 January 2016 Dell Active Administrator 8.0 is the upcoming release of Dell Software's complete solution for managing Microsoft Active Directory security auditing,

More information

Dell Spotlight on Active Directory 6.8.4. Deployment Guide

Dell Spotlight on Active Directory 6.8.4. Deployment Guide Dell Spotlight on Active Directory 6.8.4 2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under

More information

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval 1. What is Active Directory schema? Answer: The schema is the Active Directory component that defines all the objects and attributes that the directory service uses to store data. 2. What is global catalog

More information

Active Directory Restoration

Active Directory Restoration Active Directory Restoration This document outlines the steps required to recover an Active Directory Infrastructure, running on Windows 2003 R2 Server Standard. The scope of this document covers the scenario

More information

How the Active Directory Installation Wizard Works

How the Active Directory Installation Wizard Works How the Active Directory Installation Wizard Works - Directory Services: Windows Serv... Page 1 of 18 How the Active Directory Installation Wizard Works In this section Active Directory Installation Wizard

More information

This article was previously published under Q216498 SUMMARY

This article was previously published under Q216498 SUMMARY Article ID: 216498 - Last Review: September 11, 2011 - Revision: 12.0 How to remove data in Active Directory after an unsuccessful domain controller demotion System Tip This article applies to a different

More information

Chapter 3: Building Your Active Directory Structure Objectives

Chapter 3: Building Your Active Directory Structure Objectives Chapter 3: Building Your Active Directory Structure Page 1 of 46 Chapter 3: Building Your Active Directory Structure Objectives Now that you have had an introduction to the concepts of Active Directory

More information

Dell Spotlight on Active Directory 6.8.3. User Guide

Dell Spotlight on Active Directory 6.8.3. User Guide Dell Spotlight on Active Directory 6.8.3 User Guide 2013 Dell Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

White Paper Monitoring Active Directory Using System Center Operations Manager 2007 R2

White Paper Monitoring Active Directory Using System Center Operations Manager 2007 R2 White Paper Monitoring Active Directory Using System Center Operations Manager 2007 R2 Abstract Active Directory is a key component in many organizations IT infrastructure. This white paper discusses on

More information

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe Article ID: 216498 - Last Review: February 3, 2010 - Revision: 11.0 How to remove data in Active Directory after an unsuccessful domain controller demotion System Tip This article applies to a different

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows Server

More information

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services About this Course This five-day instructor-led course provides to teach Active Directory Technology Specialists

More information

How to install Small Business Server 2003 in an existing Active

How to install Small Business Server 2003 in an existing Active Page 1 of 6 How to install Small Business Server 2003 in an existing Active Directory domain INTRODUCTION This article describes how to install a Microsoft Windows Small Business Server (SBS) 2003-based

More information

locuz.com Microsoft Practice Active Directory Services

locuz.com Microsoft Practice Active Directory Services locuz.com Microsoft Practice Active Directory Services IT organizations are striving to deliver high performance to clients at all times, along with uninterrupted availability and flexibility to add new

More information

Rebasoft Auditor Quick Start Guide

Rebasoft Auditor Quick Start Guide Copyright Rebasoft Limited: 2009-2011 1 Release 2.1, Rev. 1 Copyright Notice Copyright 2009-2011 Rebasoft Ltd. All rights reserved. REBASOFT Software, the Rebasoft logo, Rebasoft Auditor are registered

More information

CA ARCserve Backup Patch Manager for Windows

CA ARCserve Backup Patch Manager for Windows CA ARCserve Backup Patch Manager for Windows User Guide r16 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Modular Messaging. Release 4.0 Service Pack 4. Whitepaper: Support for Active Directory and Exchange 2007 running on Windows Server 2008 platforms.

Modular Messaging. Release 4.0 Service Pack 4. Whitepaper: Support for Active Directory and Exchange 2007 running on Windows Server 2008 platforms. Modular Messaging Release 4.0 Service Pack 4 Whitepaper: Support for Active Directory and Exchange 2007 running on Windows Server 2008 platforms. April 2009 2006-2009 Avaya Inc. All Rights Reserved. Notice

More information

ms-help://ms.technet.2005mar.1033/enu_kbntrelease/ntrelease/308406.htm

ms-help://ms.technet.2005mar.1033/enu_kbntrelease/ntrelease/308406.htm Page 1 of 12 Knowledge Base FRS Event Log Error Codes PSS ID Number: 308406 Article Last Modified on 10/13/2004 The information in this article applies to: Microsoft Windows 2000 Server Microsoft Windows

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

Lesson Plans Managing a Windows 2003 Network Infrastructure

Lesson Plans Managing a Windows 2003 Network Infrastructure Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291) Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing...

More information

SPI for MS Active Directory. Replication Monitoring. Introduction. How It Works

SPI for MS Active Directory. Replication Monitoring. Introduction. How It Works SPI for MS Active Directory Replication Monitoring How It Works Introduction The HP OpenView SMART Plug-In (SPI) for Microsoft Active Directory is a critical add-on to any Windows 2000 or Windows Server

More information

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Published: June 02, 2011 Language(s): English Audience(s): IT Professionals Level: 200

More information

Dell Compellent Storage Center

Dell Compellent Storage Center Dell Compellent Storage Center Active Directory Integration Best Practices Guide Dell Compellent Technical Solutions Group January, 2013 THIS BEST PRACTICES GUIDE IS FOR INFORMATIONAL PURPOSES ONLY, AND

More information

NETWRIX ACCOUNT LOCKOUT EXAMINER

NETWRIX ACCOUNT LOCKOUT EXAMINER NETWRIX ACCOUNT LOCKOUT EXAMINER ADMINISTRATOR S GUIDE Product Version: 4.1 July 2014. Legal Notice The information in this publication is furnished for information use only, and does not constitute a

More information

Forests, trees, and domains

Forests, trees, and domains Active Directory is a directory service used to store information about the network resources across a. An Active Directory (AD) structure is a hierarchical framework of objects. The objects fall into

More information

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure (Exam 70-294) Table of Contents Course Overview... 2 Section 1.1: Introduction to Active Directory... 3 Section

More information

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9

More information

IT ACADEMY LESSON PLAN. Microsoft Windows Server Active Directory

IT ACADEMY LESSON PLAN. Microsoft Windows Server Active Directory 2008 IT ACADEMY LESSON PLAN Microsoft Windows Server Active Directory Microsoft Windows Server 2008 Active Directory: Lesson Plans Introduction Preparing to teach a course on Microsoft Windows Server 2008

More information

CA Unified Infrastructure Management

CA Unified Infrastructure Management CA Unified Infrastructure Management Probe Guide for IIS Server Monitoring iis v1.7 series Copyright Notice This online help system (the "System") is for your informational purposes only and is subject

More information

Partie Serveur 2008. Lab : Implement Group Policy. Create, Edit and Link GPOs. Lab : Explore Group Policy Settings and Features

Partie Serveur 2008. Lab : Implement Group Policy. Create, Edit and Link GPOs. Lab : Explore Group Policy Settings and Features Partie Serveur 2008 Implement a Group Policy Infrastructure This module explains what Group Policy is, how it works, and how best to implement Group Policy in your organization. Understand Group Policy

More information

Microsoft Active Directory (AD) Service Log Configuration Guide

Microsoft Active Directory (AD) Service Log Configuration Guide Microsoft Active Directory (AD) Service Log Configuration Guide Document Release: October 2011 Part Number: LL600011-00ELS090000 This manual supports LogLogic Microsoft AD Service Release 1.0 and above,

More information

University of Maryland Active Directory Policies

University of Maryland Active Directory Policies University of Maryland Active Directory Policies Purpose of this policy Scope AD Forest Forest Schema & Data Visibility Account and Group Synchronization Account Creation and Password Forest Security Principle

More information

Installing Active Directory

Installing Active Directory Installing Active Directory 119 Installing Active Directory Installing Active Directory is an easy and straightforward process as long as you planned adequately and made the necessary decisions beforehand.

More information

Windows Server 2003 Active Directory: Perspective

Windows Server 2003 Active Directory: Perspective Mary I. Hubley, MaryAnn Richardson Technology Overview 25 September 2003 Windows Server 2003 Active Directory: Perspective Summary The Windows Server 2003 Active Directory lies at the core of the Windows

More information

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements Analyze the impact of Active Directory on the existing technical environment. Analyze hardware and software

More information

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services Microsoft Jump Start M11: Implementing Active Directory Domain Services Rick Claus Technical Evangelist Microsoft Ed Liberman Technical Trainer Train Signal Jump Start Target Agenda Day One Day 1 Day 2

More information

Using WhatsUp IP Address Manager 1.0

Using WhatsUp IP Address Manager 1.0 Using WhatsUp IP Address Manager 1.0 Contents Table of Contents Welcome to WhatsUp IP Address Manager Finding more information and updates... 1 Sending feedback... 2 Installing and Licensing IP Address

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

CA Nimsoft Monitor. Probe Guide for Active Directory Response. ad_response v1.6 series

CA Nimsoft Monitor. Probe Guide for Active Directory Response. ad_response v1.6 series CA Nimsoft Monitor Probe Guide for Active Directory Response ad_response v1.6 series Legal Notices This online help system (the "System") is for your informational purposes only and is subject to change

More information

LockoutGuard v1.2 Documentation

LockoutGuard v1.2 Documentation LockoutGuard v1.2 Documentation (The following graphics are screen shots from Microsoft ISA Server and Threat Management Gateway which are the property of Microsoft Corp. and are included here for instructive

More information

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior

More information

Monitoring Microsoft Exchange to Improve Performance and Availability

Monitoring Microsoft Exchange to Improve Performance and Availability Focus on Value Monitoring Microsoft Exchange to Improve Performance and Availability With increasing growth in email traffic, the number and size of attachments, spam, and other factors, organizations

More information

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise

More information

2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D.

2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D. ACTIVE DIRECTORY AD: Is a centralized database where it contains the information about the objects like users, groups, computers, printers etc. AD is a centralized hierarchical Directory Database. AD is

More information

WhatsUp Gold v11 Features Overview

WhatsUp Gold v11 Features Overview WhatsUp Gold v11 Features Overview This guide provides an overview of the core functionality of WhatsUp Gold v11, and introduces interesting features and processes that help users maximize productivity

More information

Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7

Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7 Active Directory Disaster Recovery Workshop Lab Manual Revision 1.7 Table of Contents LAB 1: Introduction to the Lab Environment... 1 Goals... 1 Introduction... 1 Exercise 1: Inspect the Lab Environment...

More information

Active Directory basics. Explaining Active Directory to IT professionals

Active Directory basics. Explaining Active Directory to IT professionals 1 Contents Introduction.........................................................................3 Active Directory and its components................................................ 4 Domain Controllers..............................................................

More information

Monitoring Windows Event Logs

Monitoring Windows Event Logs Monitoring Windows Event Logs Monitoring Windows Event Logs Using OpManager The Windows event logs are files serving as a placeholder of all occurrences on a Windows machine. This includes logs on specific

More information

VMware and VSS: Application Backup and Recovery

VMware and VSS: Application Backup and Recovery Best Tools : VMware ESX Virtualization Management VMware and VSS: Application Backup and Recovery Written by: Anton Gostev Product Manager Veeam Software CONTENTS EXECUTIVE SUMMARY... 3 VSS AWARE BACKUP

More information

Windows Server 2008 Active Directory Resource Kit

Windows Server 2008 Active Directory Resource Kit Windows Server 2008 Active Directory Resource Kit Stan Reimer, Mike Mulcare, Conan Kezema, Byron Wright w MS AD Team PREVIEW CONTENT This excerpt contains uncorrected manuscript from an upcoming Microsoft

More information

Monitoring DoubleTake Availability

Monitoring DoubleTake Availability Monitoring DoubleTake Availability eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Outline Module 1: Introducing Active Directory Domain Services This module provides

More information

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4

More information

Cisco Change Management: Best Practices White Paper

Cisco Change Management: Best Practices White Paper Table of Contents Change Management: Best Practices White Paper...1 Introduction...1 Critical Steps for Creating a Change Management Process...1 Planning for Change...1 Managing Change...1 High Level Process

More information

Windows Server 2003 Active Directory MST 887. Course Outline

Windows Server 2003 Active Directory MST 887. Course Outline Content and/or textbook subject to change without notice. Pennsylvania College of Technology Workforce Development & Continuing Education Windows Server 2003 Active Directory MST 887 Course Outline Course

More information

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR DOCUMENTUM @ EROOM

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR DOCUMENTUM @ EROOM SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR DOCUMENTUM @ EROOM Abstract This paper explains how to setup Active directory service on windows server 2008.This guide also explains about how to install

More information

IPAM. Radhakrishnan G

IPAM. Radhakrishnan G IPAM IP Address Management (IPAM) is one of the New Features introduced with Windows Server 2012. In this Article I explained how to install and configure. By Radhakrishnan G What Is IPAM? IPAM (IP Address

More information

Getting Started. Version 9.1

Getting Started. Version 9.1 Getting Started Version 9.1 Contents About this Guide 4 Other Resources 4 Product Documentation 4 Online Training Program 4 Daily Online Q & A sessions 4 Prepare Your Customer's Network 5 Create a Probe

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Code: M6425 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Overview This five-day instructor-led course

More information

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services About this Course Configuring and Troubleshooting Windows This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses

More information

6425C - Windows Server 2008 R2 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Introduction This five-day instructor-led course provides in-depth training on configuring Active Directory Domain Services

More information

Agency Pre Migration Tasks

Agency Pre Migration Tasks Agency Pre Migration Tasks This document is to be provided to the agency and will be reviewed during the Migration Technical Kickoff meeting between the ICS Technical Team and the agency. Network: Required

More information

Integrating LANGuardian with Active Directory

Integrating LANGuardian with Active Directory Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity

More information

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide Dell KACE K1000 System Management Appliance Version 5.4 Service Desk Administrator Guide October 2012 2004-2012 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without

More information

SMART Active Directory Migrator. Desired End State and Project Prerequisites

SMART Active Directory Migrator. Desired End State and Project Prerequisites SMART Active Directory Migrator Desired End State and Project Prerequisites uthor Title Table of Contents Introduction... 3 Purpose... 3 About SMART Active Directory Migrator... 3 Components of SMART AD

More information

Network Management and Monitoring Software

Network Management and Monitoring Software Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Active Directory About this Course This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting (AD DS) in and R2 environments. It covers core

More information

LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash

LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash Syllabus Course Description 5 Sessions - 15 Hours of Interactive Training The Windows Server 2003 Active Directory Infrastructure

More information

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10 Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS

More information

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION Date: April 22,2013 Prepared by: Sainath K.E.V Microsoft Most Valuable Professional Introduction: SKV Consulting is a Premier Consulting

More information

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days Introduction This five-day instructor-led course provides in-depth training

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services www.etidaho.com (208) 327-0768 Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 5 Days About this Course This five-day instructor-led course provides in-depth

More information

Migrating to vcloud Automation Center 6.1

Migrating to vcloud Automation Center 6.1 Migrating to vcloud Automation Center 6.1 vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 05 October 2005 200 Microsoft

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Troubleshooting Windows monitoring 2007 Intellipool AB

Troubleshooting Windows monitoring 2007 Intellipool AB Troubleshooting Windows monitoring 2007 Intellipool AB Troubleshooting Windows monitoring 2007 Intellipool AB All rights reserved. No parts of this work may be reproduced in any form or by any means -

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (wmpmsp_mngnwi-121) You are an administrator for an organization that provides Internet connectivity to users from the corporate network. Several users complain that they cannot

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

HDA Integration Guide. Help Desk Authority 9.0

HDA Integration Guide. Help Desk Authority 9.0 HDA Integration Guide Help Desk Authority 9.0 2011ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic logo and Point,Click,Done! are trademarks and registered trademarks of ScriptLogic

More information

Windows Server 2003 default services

Windows Server 2003 default services Windows Server 2003 default services To view a description for a particular service, hover the mouse pointer over the service in the Name column. The descriptions included here are based on Microsoft documentation.

More information

PATROL Console Server and RTserver Getting Started

PATROL Console Server and RTserver Getting Started PATROL Console Server and RTserver Getting Started Supporting PATROL Console Server 7.5.00 RTserver 6.6.00 February 14, 2005 Contacting BMC Software You can access the BMC Software website at http://www.bmc.com.

More information

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services Table of Contents Introduction Audience At Clinic Completion Prerequisites Microsoft Certified Professional Exams Student Materials

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425C Course Length: 5 Days Course Overview This five-day course provides in-depth training on implementing,

More information

SysPatrol - Server Security Monitor

SysPatrol - Server Security Monitor SysPatrol Server Security Monitor User Manual Version 2.2 Sep 2013 www.flexense.com www.syspatrol.com 1 Product Overview SysPatrol is a server security monitoring solution allowing one to monitor one or

More information

Vector HelpDesk - Administrator s Guide

Vector HelpDesk - Administrator s Guide Vector HelpDesk - Administrator s Guide Vector HelpDesk - Administrator s Guide Configuring and Maintaining Vector HelpDesk version 5.6 Vector HelpDesk - Administrator s Guide Copyright Vector Networks

More information

MS 6419 Configuring, Managing and Maintaining Windows Server 2008-based Servers

MS 6419 Configuring, Managing and Maintaining Windows Server 2008-based Servers MS 6419 Configuring, Managing and Maintaining Windows Server 2008-based Servers Description: Days: 5 Prerequisites: This five-day instructor-led course provides students with the knowledge and skills that

More information

WhatsUp Gold v11 Features Overview

WhatsUp Gold v11 Features Overview WhatsUp Gold v11 Features Overview This guide provides an overview of the core functionality of WhatsUp Gold v11, and introduces interesting features and processes that help users maximize productivity

More information

MANAGEX 4.23 ACTIVE DIRECTORY SERVICES Policies & Reports

MANAGEX 4.23 ACTIVE DIRECTORY SERVICES Policies & Reports MANAGEX 4.23 ACTIVE DIRECTORY SERVICES Policies & Reports MANAGEX 4.23 ACTIVE DIRECTORY SERVICE REPORTS & POLICIES NOTICE Hewlett-Packard makes no warranty of any kind with regard to this material, including,

More information

SolarWinds Certified Professional. Exam Preparation Guide

SolarWinds Certified Professional. Exam Preparation Guide SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how

More information

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3 Citrix EdgeSight Administrator s Guide Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for enapp 5.3 Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior

More information

Application Note 116: Gauntlet System High Availability Using Replication

Application Note 116: Gauntlet System High Availability Using Replication Customer Service: 425-487-1515 Technical Support: 425-951-3390 Fax: 425-487-2288 Email: info@teltone.com support@teltone.com Website: www.teltone.com Application Note 116: Gauntlet System High Availability

More information

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see

More information

ACTIVE DIRECTORY REPLICATION: HOW IT WORKS

ACTIVE DIRECTORY REPLICATION: HOW IT WORKS ACTIVE DIRECTORY REPLICATION: HOW IT WORKS Active Directory is a great tool. And Now a days it hard to imagine a windows network without active directory. In this part we will see what active directory

More information

Directory Backup and Restore

Directory Backup and Restore Directory Backup and Restore Overview Active Directory is backed up as part of system state, a collection of system components that depend on each other. You must backup and restore system state components

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Five Days, Instructor-Led About this course This five-day instructor-led course provides in-depth training

More information