среда, 24 октября 2018 г.

AD DS Health and Performance

Template on share.zabbix.com

Template based on MS documents




Screens


Download template

In progress

  • The time skew latency is above the configured threshold
  • Network ports




Performance counters

  • DRA Inbound Bytes Total/Sec: This counter shows total bytes received through replication per second. Lack of activity indicates that the network is slowing down replication.
  • DRA Inbound Object Updates Remaining in Packet: This counter shows the number of object updates received for replication that have not yet been applied to the local server. The value should be low, with a higher value indicating that the hardware is incapable of adequately servicing replication (warranting a server upgrade).
  • DRA Outbound Bytes Total/Sec: This counter shows the total bytes sent per second. Lack of activity indicates that the hardware or network is slowing down replication.
  • DRA Pending Replication Synchronizations: This counter indicates the replication backlog on the server. This value should be low, with a higher value indicating that the hardware is not adequately servicing replication.
  • Kerberos Authentications/Sec: This counter shows the number of Kerberos authentications on the server per second. A lack of activity can indicate network problems that are preventing authentication requests from succeeding.
  • LDAP Bind Time: This counter shows the time required for completion of the last LDAP binding, with a higher value pointing to either hardware or network performance problems.
  • LDAP Client Sessions: This counter shows the number of connected LDAP client sessions, with a lack of activity pointing to network problems.
  • LDAP Searches/Sec: This counter shows the number of LDAP searches per second performed by clients in the directory. A lack of activity points to network problems.
  • LDAP Successful Binds/Sec: This counter shows the number of successful LDAP binds per second, with a lack of activity pointing to network problems.
  • LDAP Active Threads: The current number of threads in use by the LDAP subsystem of the local directory service.
  • LDAP Writes/Sec:
  • NTLM Authentications: This counter shows the number of NTLM authentications per second handled by the domain controller (from Windows 98 and Windows NT clients). A lack of activity points to network problems.
  • Size Database and Log file


Service

  • Distributed File System Enables you to group shared folders located on different servers into one or more logically structured namespaces. Each namespace appears to users as a single shared folder with a series of subfolders.
  • DNS Server Enables DNS clients to resolve DNS names by answering DNS queries and dynamic DNS update requests. If this service is stopped, DNS updates will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
  • DFS Replication Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication.
  • Intersite Messaging Enables messages to be exchanged between computers running Windows Server sites. If this service is stopped, messages will not be exchanged, nor will site routing information be calculated for other services. If this service is disabled, any services that explicitly depend on it will fail to start.
  • Kerberos Key Distribution Center On domain controllers, this service enables users to log on to the network using the Kerberos authentication protocol. If this service is stopped on a domain controller, users will be unable to log on to the network. If this service is disabled, any services that explicitly depend on it will fail to start.
  • Windows Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  • DNS Client The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
  • Security Accounts Manager The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
  • Server Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  • Workstation Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
  • Remote Procedure Call (RPC) The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activation requests, object exporter resolutions, and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running
  • Net Logon Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services, and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.


Network ports (not included yet)

  • 389 LDAP
  • 464 Kerberos Password
  • 636 LDAPS
  • 3268,3269 Global Catalog
  • and etc. (53,88,135,139,389,445,464,636,3268,3269,9389)

Events

  • Active Directory Web Service (Error, Warning)
  • DFS Replication (Error, Warning)
  • Directory Service (Error, Warning)
  • DNS Server (Error, Warning)

Triggers

Database ==> Instances(lsass/NTDSA)\I/O Database Reads Averaged Latency < 15ms
Database ==> Instances(lsass/NTDSA)\I/O Database Reads/sec < 10
Database ==> Instances(lsass/NTDSA)\I/O Log Writes Averaged Latency < 10ms

Database ==> Instances(lsass/NTDSA)\I/O Log Writes/sec – informational only.
() Processor Information(_Total)\% Processor Utilization < 60%
() Compare NetworkInterface(*)\Bytes Sent/Sec with NetworkInterface(*)\Current Bandwidth < 60%




Комментариев нет:

Отправка комментария