MANAGEX 4.23 ACTIVE DIRECTORY SERVICES Policies & Reports
MANAGEX 4.23 ACTIVE DIRECTORY SERVICE REPORTS & POLICIES NOTICE Hewlett-Packard makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard Co. shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard. This document is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated to another language without prior written consent of Hewlett-Packard Company. The information contained in this document is subject to change without notice. Disclaimer HP has made every effort to ensure the accuracy of our product testing. However, because each customer's environment is different from HP's laboratory test environment, it is the customer's responsibility to validate the Year 2000 readiness of these products in their own environment. Therefore, information about the Year 2000 status of HP products is provided "as is" without warranties of any kind and is subject to change without notice. The information provided here constitutes a Year 2000 Readiness Disclosure for purposes of the Year 2000 Information and Readiness Disclosure Act. Hewlett-Packard makes no representation or warranty about the Year 2000 readiness of non-hp products including pre-installed operating systems or application software. Such information, if any, was provided by the manufacturers of those products and customers are urged to contact the manufacturer directly to verify Year 2000 readiness. Warranty HP warrants that each HP hardware, software, and firmware Product delivered under these HP Terms and Conditions of Sale and Service will be able to accurately process date data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including leap year calculations, when used in accordance with the Product documentation provided by HP (including any instructions for installing patches or upgrades), provided that all other products (e.g. hardware, software, firmware) used in combination with such HP Product(s) properly exchange date data with it. If the Specifications require that specific HP Products must perform as a system in accordance with the foregoing warranty, then that warranty will apply to those HP Products as a system, and Customer retains sole responsibility to ensure the Year 2000 readiness of its information technology and business environment. The duration of this warranty extends through January 31, 2001. To the extent permitted by local law, this warranty applies only to branded HP Products and not to products manufactured by others that may be sold or distributed by HP. This warranty Section 9 i) applies only to HP Products shipped after July 01, 1998. The remedies applicable to this Section, 9 i), are those provided in Section 9 j) below. Nothing in this warranty will be construed to limit any rights or remedies provided elsewhere in these HP Terms and Conditions of Sale and Service with respect to matters other than Year 2000 compliance. ATTENTION: MICROSOFT HAS INDICATED THAT MANY OF ITS OPERATING SYSTEM SOFTWARE PRODUCTS AND APPLICATIONS REQUIRE CUSTOMER INSTALLATION OF SOFTWARE PATCHES FOR YEAR 2000 COMPLIANCE AND MAY REQUIRE ADDITIONAL PATCHES IN THE FUTURE. THE NEED FOR SUCH PATCHES MOST LIKELY APPLIES TO THE OPERATING SYSTEM SOFTWARE AND ANY MICROSOFT APPLICATIONS SHIPPED WITH THIS PRODUCT. CUSTOMER IS URGED TO CONTACT MICROSOFT AT http://www.microsoft.com/y2k OR 1-888-MSFTY2K FOR MORE Y2K INFORMATION. Microsoft, Microsoft Windows NT, and other Microsoft products referenced herein are U.S. registered trademarks or service marks of Microsoft Corporation. Compaq, Compaq Insight Manager and the names of any other Compaq products referenced herein are either trademarks and/or service marks or registered trademarks and/or service marks of Compaq. Novell and NetWare are registered trademarks of Novell, Inc., in the United States and other countries. Adobe TM and Acrobat TM are trademarks of Adobe Systems Incorporated. All other product names are the property of their respective trademark or service mark holders. HEWLETT-PACKARD COMPANY OPENVIEW SOFTWARE DIVISION 8000 FOOTHILLS BOULEVARD ROSEVILLE, CA 95747-5726, USA Copyright Hewlett-Packard Company 2000
TABLE OF CONTENTS INTRODUCTION...5 Active Directory & ManageX...6 Security...6 Replication...6 System Requirements...7 ACTIVE DIRECTORY POLICIES...9 W2K ADC Notify on All...11 W2K-Active Directory ADC Monitor...12 W2K Active Directory Replication Log...14 W2K Active Directory Health Log...15 W2K Security Directory Service Access...16 W2K Active Directory Security Monitor...17 W2K Active Directory Replication Monitor...19 W2K DS Notify On Errors and Warnings...21 W2K FRS Notify On Errors and Warnings...22 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 3
W2K Active Directory Index & Query Monitor...23 W2K Active Directory Health Monitor...25 ACTIVE DIRECTORY REPORTS...27 AD Memory Usage...28 AD Processor Usage...29 AD Replication Inbound...30 AD Replication Outbound...31 AD Replication Summary...32 4 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
INTRODUCTION HP OpenView ManageX 4.23 introduces a new set of policies and reports to monitor Active Directory Services and Connectors on Windows 2000 machines. These policies and reports are automatically installed with ManageX 4.23 on machines running English-language versions of the operating system. They do not require any additional installation or setup. The new ManageX Active Directory components monitor the Windows 2000 Services for Active Directory (AD). The Windows 2000 AD hosts multiple services from a single executable (lsass.exe). ManageX monitors the services hosted by this executable as well as the CPU and Memory consumption of the lsass.exe process. In addition, ManageX monitors the Active Directory Connector Service to support mixed Exchange 2000 and Exchange 5.5 deployment. Note that Active Directory services are available only on Windows 2000 Domain Controllers. 5
INTRODUCTION ACTIVE DIRECTORY & MANAGEX Active Directory (AD) is the directory service included with Windows 2000, extending the features of previous Windows-based directory services as well as adding entirely new features. It is designed to work well in any size installation, from a single server with a few hundred objects to thousands of servers and millions of objects. Active Directory is secure, distributed, partitioned, and replicated. The ManageX monitoring of Active Directory covers general AD health and AD-related Windows 2000 log events, plus some specially focused components for security and replication issues. SECURITY Every object in Active Directory is protected by Windows 2000 security, which controls the operations that each security principal can perform in the directory. When a principal attempts to access an object in the directory, the system calls the AccessCheckAndAuditAlarm function to determine if access is to be granted or denied and whether auditing information is generated. ManageX provides specific policies to monitor Windows 2000 log for events with a category of Directory Service Access as well as a set of security counters related to access errors and SAM membership evaluations. REPLICATION The AD directory service uses a replicated data store. This data store, which is often simply referred to as the directory, contains information about objects such as users, groups, computers, domains, organizational units, and security policies. The directory is stored on domain controllers and can be accessed by network applications or services. Each domain controller in the domain stores a copy of the directory for its domain. Changes made to the directory are replicated from the originating domain controller to other domain controllers in the domain, domain tree, or forest. Directory information is replicated both within and among sites. Active Directory replicates information within a site more frequently than across sites. This balances the need for up-to-date directory information with the limitations imposed by available network bandwidth. ManageX provides specific policies to monitor general replication health via five counters related to inbound bytes, queue size, and syncrhonization. In addition, a W2K Active Directory Replication Log policy provides information for reports on inbound and outbound replication, as well as a replication summary report. 6 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
INTRODUCTION SYSTEM REQUIREMENTS To run the HP OpenView ManageX policies and reports, you must have at least the following in addition to the standard ManageX requirements (see below): Windows 2000 and Active Directory services on machines to which Active Directory core and logging policies will be deployed Windows 2000, Active Directory services, and Active Directory Connector on machines to which Active Directory connector policies will be deployed The HP OpenView ManageX Active Directory Services policies and reports require a ManageX 4.23 management console with at least the following: personal computer with Pentium/133 or higher processor 64 MB or more of memory hard disk with 80 MB free space on partition containing TEMP directory; during installation only, 125MB must be free on this partition Microsoft Internet Explorer 5.0 network-accessible CD-ROM drive network adapter card mouse or compatible pointing device functioning network connection with appropriate administrator privileges (login) ManageX functions as a snap-in to the Microsoft Management Console (MMC) version 1.1, so you must also have MMC installed. If you do not have MMC 1.1, the ManageX installation procedure will supply a version with the necessary components. ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 7
ACTIVE DIRECTORY POLICIES The ManageX Active Directory policies fall into the categories listed below. Active Directory policies can be deployed from any management console running ManageX 4.23 or higher. The management console does not need to be running Windows 2000 or Active Directory Services. However, the AD policies can be deployed only to managed nodes on which Windows 2000 and Active Directory Services are enabled. The AD Connector policies also require that the Active Directory Connector be installed on the nodes to which they are deployed. AD Connector policies W2K ADC Notify on All W2K Active Directory ADC Monitor AD Logging policies W2K Active Directory Replication Log W2K Active Directory Health Log AD Security policies W2K Security Directory Service Access W2K Active Directory Security Monitor AD Replication policies W2K Active Directory Replication Monitor W2K Active Directory Health Log (listed under logging policies) 9
General AD Service policies W2K DS Notify on Errors and Warnings W2K FRS Notify on Errors and Warnings W2K Active Directory Index & Query Monitor W2K Active Directory Health Monitor 10 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K ADC NOTIFY ON ALL Policy Type: Filename: Location: Description: Messages & IDs: Event Management W2k-ADCNotifyOnAll.mxe NT Core\Active Directory Connector Gathers all information, warning, and error events with a source of "MSADC" from the Windows 2000 Application Log and presents them as messages in the ManageX Message Reader. All event messages and standard ADC IDs are forwarded intact from the Application Log. ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 11
W2K-ACTIVE DIRECTORY ADC MONITOR Policy Type: Filename: Location: Description: Run Frequency: Alert Descriptions: Thresholds & IDs: Intelligence W2k-activeDirectoryAdcMonitor.mxi NT Core\Active Directory Connector Monitors the general health of ADC by monitoring connector process and import failures as reported by five performance counters. When the counters exceed thresholds, an information event is automatically sent to the console. 5 minutes (all alerts) ADC Page Faults: A sustained high rate of page faults for a process usually indicates that its working set is not large enough to support the process efficiently. If the system doesn't have enough available memory to enlarge the working set, it cannot lower the page fault rate. ADC Private Bytes: Shows the current number of bytes that the ADC process has allocated that cannot be shared with other processes ADC Processor Time: If the Active Directory ADC process is consuming over the threshold percentage of processor time, the server may be overloaded, need hardware upgrade, or may require further tuning to optimize Active Directory server performance ADC Working Set: Shows the current number of bytes in the working set of the ADC process Import Failures: Rate at which import failures are occurring Alert Name Monitored Counter Warnings Errors Threshold ID Threshold ID ADC Page Faults Process.Page Faults/sec;adc.* 5 92555 10 92556 12 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
ADC Private Bytes Process.Private Bytes;adc.* ADC Processor Time Process.% Processor Time;adc.* ADC Working Set Process.Working Set;adc.* Import Failures MSADC.Rate of Import Failures;*.* 15000000 92557 18000000 92558 60 92559 70 92560 15000000 92561 18000000 92562 1 92563 3 92564 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 13
W2K ACTIVE DIRECTORY REPLICATION LOG Policy Type: Filename: Location: Description: Related Reports: Logging Interval: Monitored Variables: Logging W2kActiveDirectoryReplicationLog.mxl Logging\Active Directory Service Logs replication statistics from Perfmon for use in ManageX ADS reports. AD Replication Summary; AD Replication Outbound; AD Replication Inbound 10 minutes NTDS.DRA Sync Failures on Schema Mismatch;*.* NTDS.DS Directory Searches/sec;*.* NTDS.DS Client Binds/sec;*.* NTDS.DRA Sync Requests Made;*.* NTDS.DS Name Cache hit rate;*.* NTDS.DS Notify Queue Size;*.* NTDS.DS Server Binds/sec;*.* NTDS.AB Searches/sec;*.* NTDS.DRA Inbound Bytes Compressed (Between Sites, After Compression)/sec;*.* NTDS.DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec;*.* NTDS.DRA Inbound Bytes Not Compressed (Within Site)/sec;*.* NTDS.DS Threads in Use;*.* NTDS.DRA Inbound Bytes Total/sec;*.* NTDS.DRA Inbound Object Updates Remaining in Packet;*.* NTDS.DRA Inbound Full Sync Objects Remaining;*.* NTDS.DRA Outbound Bytes Compressed (Between Sites, After Compression)/sec;*.* NTDS.DRA Outbound Bytes Compressed (Between Sites, Before Compression)/sec;*.* NTDS.DRA Inbound Objects/sec;*.* NTDS.DRA Outbound Bytes Not Compressed (Within Site)/sec;*.* NTDS.DRA Outbound Bytes Total/sec;*.* NTDS.DRA Outbound Objects/sec;*.* NTDS.DRA Pending Replication Synchronizations;*.* NTDS.Kerberos Authentications ;*.* NTDS.SAM Account Group Membership Evaluations/sec;*.* 14 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K ACTIVE DIRECTORY HEALTH LOG Policy Type: Filename: Location: Description: Related Reports: Logging Interval: Monitored Variables: Logging W2kActiveDirectoryHealthLog.mxl Logging\Active Directory Service Logs general Active Directory health statistics from Perfmon for use in ManageX ADS reports. AD Processor Usage; AD Memory Usage 10 minutes NTDS.DS Threads in Use;*.* Process.Working Set;ntfrs.* Process.% Processor Time;ntfrs.* Process.Page Faults/sec;ntfs.* Process.Private Bytes;ntfrs.* Process.Handle Count;ntfrs.* Process.Working Set;lsass.* Process.% Processor Time;lsass.* Process.Page Faults/sec;lsass.* Process.Private Bytes;lsass.* Process.Handle Count;lsass.* ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 15
W2K SECURITY DIRECTORY SERVICE ACCESS Policy Type: Filename: Location: Description: Messages & IDs: Event Management W2k-SecurityDirectoryServiceAccess.mxe NT Core\Active Directory Service This policy monitors the Windows 2000 Security log for events with a category of "Directory Service Access". This requires that you use the Active Directory Users and Computers utility to enable auditing of Directory Service Access on the Managed Node. All event messages and IDs are passed on intact from the Security Log 16 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K ACTIVE DIRECTORY SECURITY MONITOR Policy Type: Filename: Location: Description: Run Frequency: Alert Descriptions: Intelligence W2k-ActiveDirectorySecurityMonitor.mxi NT Core\Active Directory Monitors general health of five security counters. When the counters exceed thresholds, an information event is automatically sent to the console. 5 minutes (all alerts) Errors Access Permissions: Shows the number of times attempts to open files on behalf of clients have failed with the message STATUS_ACCESS_DENIED. This counter can indicate is someone is attempting to access random files to improperly access a file that was not properly protected. Errors Granted Access: Shows the number of times that attempts to access files successfully opened were denied. This counter can indicate attempts to access files without proper access authorization. Errors Logon: Shows the number of failed logon attempts to the server. When errors exceed the threshold value, it can indicate that a password guessing program is being used to crack the security on the server. SAM Non-Transitive Membership Evaluations: Shows the number of SAM non-transitive membership evaluations. When this number of evaluations per second exceeds the value, the domain may be overloaded with users SAM Transitive Membership Evaluations: Shows the number of SAM transitive membership evaluations. When the number of evaluations per second exceeds the threshold value, an explicit domain trust may be necessary to reduce SAM transitive membership evaluations. Security Descriptor Propagator Queue: Shows the number of objects remaining to be examined while processing the current directory service security descriptor propagator event. When this number exceeds the threshold value, the domain controller may be overloaded. ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 17
Thresholds & IDs: Alert Name Monitored Counter Warning Error Threshold ID Threshold ID Errors Access Permissions Server.Errors Access Permissions;*.* Errors Granted Access Server.Errors Granted Access;*.* Errors Logon Server.Errors Logon;*.* SAM Non-Transitive Membership Evaluations NTDS.SAM Non-Transitive Membership Evaluations/sec;*.* SAM Transitive Membership Evaluations NTDS.SAM Transitive Membership Evaluations/sec;*.* Security Descriptor Propagator Queue NTDS.DS Security Descriptor Propagator Runtime Queue;*.* 2 92543 4 92544 2 92545 4 92546 2 92547 4 92548 1000 92549 1500 92550 1000 92551 1500 92552 10 92553 15 92554 18 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K ACTIVE DIRECTORY REPLICATION MONITOR Policy Type: Filename: Location: Description: Run Frequency: Alert Descriptions: Intelligence W2k- ActiveDirectoryReplicationMonitor.mxi NT Core\Active Directory Service Monitors general health of five replication counters. When the counters exceed thresholds, an information event is automatically sent to the console. If any of the replication parameter totals are high on the server, performance of the server may degrade and may indicate the replication topology needs physical partitioning. This involves taking the domains you have in a forest and dividing them up into a greater number of smaller domains. Having a greater number of smaller domains allows you to optimize replication traffic by only replicating objects to places where they are most relevant. For example, in a forest containing a single domain, every object in the forest is replicated to every domain controller in the forest. This might lead to objects being replicated to places where they are rarely used, which is an inefficient use of bandwidth. For example, a user that always logs on at a headquarters location does not need their user account replicated to a branch office location. Replication traffic can be avoided by creating a separate domain for the headquarters location and not replicating that domain to the branch office. 5 minutes (all alerts) Inbound Bytes (Between Sites): If Active Directory replication for a server exceeds the threshold number of bytes per second between sites, it may indicate the need to optimize Active Directory replication. Inbound Bytes (Within Sites): If Active Directory replication for a server exceeds the threshold number of bytes per second within the site, it may indicate the need to optimize Active Directory replication. Inbound Object Update Remaining in Packet: If Active Directory Inbound Object Updates Remaining in Packet for a server exceeds the threshold, the server may be overloaded, need hardware upgrade, or may require further replication tuning to optimize replication performance ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 19
Thresholds & IDs: Notify Queue Size: If the Active Directory notify queue exceeds the threshold, the server may be overloaded, need hardware upgrade, or may require further replication tuning to optimize replication performance Pending Synchronizations: Provides notification when Active Directory replication synchronizations queued for the server but not yet processed exceeds the threshold. Alert Name Monitored Counter Warning Error Threshold ID Threshold ID Inbound Bytes (Between Sites) NTDS.DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec;*.* Inbound Bytes (Within Sites) NTDS.DRA Inbound Bytes Not Compressed (Within Site)/sec;*.* Inbound Object Update Remaining in Packet NTDS.DRA Inbound Object Updates Remaining in Packet;*.* Notify Queue Size NTDS.DS Notify Queue Size;*.* Pending Synchronizations NTDS.DRA Pending Replication Synchronizations;*.* 40000 92531 60000 92532 40000 92533 60000 92534 10 92535 15 92536 5 92539 10 92540 50 92541 100 92542 20 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K DS NOTIFY ON ERRORS AND WARNINGS Policy Type: Filename: Location: Description: Messages & IDs: WBEM Event Management W2k-DsNotifyOnErrorsAndWarning.mxw NT Core\Active Directory Service Gathers all warning and error events from the Windows 2000 Directory Service Log and presents them as messages in the ManageX Message Reader. All event messages and standard Application Event IDs are forwarded intact from the Directory Service Log. ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 21
W2K FRS NOTIFY ON ERRORS AND WARNINGS Policy Type: Filename: Location: Description: Messages & IDs: WBEM Event Management W2k-frsNotifyOnErrorsAndWarning.mxw NT Core\Active Directory Service Gathers all warning and error events from the Windows 2000 File Replication Log and presents them as messages in the ManageX Message Reader. All event messages and standard Application Event IDs are forwarded intact from the File Replication Log. 22 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K ACTIVE DIRECTORY INDEX & QUERY MONITOR Policy Type: Filename: Location: Description: Run Frequency: Alert Descriptions: Intelligence W2kActiveDirectoryIndexAndQueryMonitor.mxi NT Core\Active Directory Service Monitors the Active Directory Index and Query sub-system, providing valuable insight into the activity of Active Directory's search engine. A sustained high value for the Kerberos Authentications alert or the NTLM Authentications alert may indicate that the Domain Controller maybe over worked with logon authentications and searches. A new domain or site may be needed to reduce the logon traffic. 5 minutes (all alerts) Kerberos Authentications: If the number of clients per second authenticating to a domain controller exceeds the threshold value, the domain controller may be overloaded with logon authentication traffic. LDAP Active Threads: If there are more than the threshold number of LDAP Active Threads on a domain controller, it may be overloaded with LDAP queries LDAP Bind Time: If LDAP Bind Time on a domain controller is over the threshold value (in milliseconds), the domain controller may be overloaded. LDAP Client Sessions: If a domain controller exceeds the threshold value of LDAP Client Sessions, it may be overloaded with queries. NTLM Authentications: If clients are authenticating to a domain controller more than the threshold number of times per second, the domain controller may be overloaded with logon authentication traffic. ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 23
Thresholds & IDs: Alert Name Monitored Counter Warning Error Threshold ID Threshold ID Kerberos Authentications Kerberos Authentications;*.* LDAP Active Threads NTDS.LDAP Active Threads;*.* LDAP Bind Time NTDS.LDAP Bind Time;*.* LDAP Client Sessions NTDS.LDAP Client Sessions;*.* NTLM Authentications NTLM Authentications:*.* 250 92523 300 92524 40 92525 50 92526 100 92527 200 92528 4000 92529 4500 92530 250 92521 300 92522 24 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
W2K ACTIVE DIRECTORY HEALTH MONITOR Policy Type: Filename: Location: Description: Run Frequency: Alert Descriptions: Intelligence W2k-ActiveDirectoryHealthMonitor.mxi NT Core\Active Directory Service Monitors general health of ADS by monitoring nine counters that report on CPU and memory consumption of LASS.EXE, and NTFRS.EXE. When the counters exceed thresholds, an information event is automatically sent to the console 5 minutes (all alerts) LSASS-Page Faults/NTFRS Page Faults: The rate at which page faults executing in this process has exceeded the threshold. A page fault occurs when a thread refers to a virtual memory page that is not in its working set in main memory. This does not cause the page to be fetched from disk if it is on the standby list and hence already in main memory, or if it is in use by another process with whom the page is shared. A sustained high rate of page faults for a process usually indicates that its working set is not large enough to support the process efficiently. If the system doesn't have enough available memory to enlarge the working set, it cannot lower the page fault rate LSASS- Private Bytes/NTFRS-Private Bytes: Shows the current number of bytes that the LSASS process has allocated that cannot be shared with other processes. When these counters exceed thresholds,it may indicate a memory leak or other memory problem. LSASS Processor Time/NTFRS Processor Time: If the ADS LSASS process is consuming over the threshold percentage value of processor time, the server may be overloaded, need hardware upgrade, or may require further tuning to optimize Active Directory server performance LSASS Working Set/NTFRS Working Set: Shows the current set of memory pages touched recently by the threads in the process. When this number exceeds the threshold value, it may indicate a memory leak or other memory problem. Threads in Use: Shows the current number of threads in use by the directory service (which is different than the number of threads in the directory service ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 25
Thresholds & IDs: process). This is the number of threads currently servicing client API calls and can be used to indicate whether additional processors should be used. Alert Name Monitored Counter Warning Error Threshold ID Threshold ID LSASS Page Faults Process.Page Faults/sec; lsass.* LSASS Private Bytes Process.Private Bytes;lsass.* LSASS Processor Time Process.% Processor Time; lsass.* LSASS Working Set Process.Working Set;lsass.* NTFRS Page Faults Process.Page Faults/sec; ntfrs.* NTFRS Private Bytes Process.Private Bytes;ntfrs.* NTFRS Processor Time Process.% Processor Time; ntfrs.* NTFRS Working Set Process.Working Set;ntfrs.* Threads in Use NTDS.DS Threads in Use;*.* 5 92501 10 92502 35000000 92509 40000000 92510 60 92505 70 92506 35000000 92513 40000000 92514 5 92503 10 92504 15000000 92511 18000000 92512 60 92507 70 92508 15000000 92515 18000000 92516 20 92517 25 92518 26 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
ACTIVE DIRECTORY REPORTS ManageX includes the following Active Directory-based summary reports: AD Memory Usage AD Processor Usage AD Replication Inbound AD Replication Outbound AD Replication Summary 27
REPORTS AD MEMORY USAGE Description: Required Policies: Examines the AD memory usage patterns for all systems from which data was logged, illustrating general patterns of memory usage between Domain Controller. The report includes graphs of the AD LSASS page faults and working set averages for the logged systems. W2K Active Directory Health Log 28 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
REPORTS AD PROCESSOR USAGE Description: Required Policies: Examines the AD processor usage patterns for all systems from which data was logged, illustrating general usage patterns between Domain Controller. The report includes graphs of the average AD LSASS percent processor time/sec and the AD average number of threads/sec. W2K Active Directory Health Log ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 29
REPORTS AD REPLICATION INBOUND Description: Required Policies: Examines the AD replication usage patterns for all systems from which data was logged. The report divides its transmission statistics between replication in-site and replication between sites. The graph displays usage patterns for Inbound Active Directory replication (in-site and between-sites). W2K Active Directory Replication Log 30 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS
REPORTS AD REPLICATION OUTBOUND Description: Required Policies: Examines the AD replication usage patterns for all systems from which data was logged. The report divides its transmission statistics between replication in-site and replication between sites. The graph displays usage patterns for outbound Active Directory replication (in-site and between-sites). W2K Active Directory Replication Log ACTIVE DIRECTORY SERVICES POLICIES & REPORTS 31
REPORTS AD REPLICATION SUMMARY Description: Required Policies: Examines the AD replication usage patterns for all systems from which data was logged. The report divides its transmission statistics between replication in-site and replication between sites. The graph displays overall usage patterns for both inbound bytes/sec and for outbound bytes transmitted/sec. W2K Active Directory Replication Log 32 ACTIVE DIRECTORY SERVICES POLICIES & REPORTS