Active Directory Server Client (Monitoring)

Summary

AD Client Monitoring Management Pack

The purpose of the Active Directory Client Side Monitoring MP is to augment the server-side monitoring capabilities of the Active Directory Management Pack with a client-side view of the health of the Active Directory® directory service.

The rules that are contained in this rule group are used to test the availability of Active Directory from a client perspective, for example, the availability of Active Directory from directory-enabled application servers.

This MP should be deployed manually into an environment where it is necessary (or desirable) to actively monitor the availability of domain controllers and Active Directory.

AD Monitoring Clients should always be enabled on or near Microsoft Exchange servers to ensure that global catalog servers and domain controllers are always available to Microsoft Exchange.

Features

Each Windows computer (a computer that is not a domain controller running the OpsMgr 2007 agent) can be configured to monitor only the domain controllers of interest. You can:

• Monitor a specific list of domain controllers.

• Monitor domain controllers in the client’s local site.

• Monitor domain controllers in a list of specified sites.

• Monitor all domain controllers in the client’s domain or in a specified list of domains.

The client computer determines whether the domain controllers are available by:

• Pinging (both Internet Control Message Protocol (ICMP) and Lightweight Directory Access Protocol (LDAP)).

• Performing a net use connection to the Sysvol share.

• Performing LDAP binds.

• Performing LDAP searches.

Thresholds can be specified for the LDAP bind and search. If multiple consecutive failures (or binds or searches that exceed the specified thresholds) occur, an alert is generated.

In addition, the client computer also determines whether:

• The client can contact a domain controller in its local site.

• There is a sufficient number of global catalog servers available.

Configuration

To deploy this rule group to client computers, override the AD Client Perspective Discovery Rule.

To monitor Active Directory from the client’s perspective, tests are run from a client that is targeted at servers in which the client is interested. There are four modes of operation:

• Full mode: all domain controllers in the specified domains are targeted. If no domains are specified, the local domain is targeted.

• Specific Site mode: only domain controllers in the specified sites are targeted.

• Local Site mode: only domain controllers in the client’s site are targeted.

• Specific mode: only domain controllers that are specified are targeted.

The configuration for these modes can be performed globally through the OpsMgr 2007 console. If individual configurations are required, they can be specified through a configuration file on the client computer. Any parameters that are specified at the OpsMgr 2007 Console can be overridden by writing specified values in the registry on individual client computers.

In the Full, Local Site, and Specific Site modes, discovery of domain controllers is performed once per day, by default.

It is possible to configure both a list of specific domain controllers and a list of sites to target. In this case, the union of the list of domain controllers and the domain controllers in each of the sites will be targeted.

Registry Configuration Format

The configuration in the registry is contained under the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Management\AD Management Pack\Client Monitoring

There are two keys under this base:

Configuration

Tests

Configuration Key

Under the Configuration key, there are also three entries:

Domain Controllers: a string specifying (comma-delimited) domain controller names.

Sites: a string specifying (comma-delimited) sites.

Domains: a string specifying (comma-delimited) domains.

The settings are overrides in the AD Client Update DCs rule.

The AD Client Update DCs rule is run periodically. (The frequency is set through the OpsMgr 2007 Console.) The purpose of this script is to discover the domain controllers for a client computer. Discovery of the domain controllers to be tested occurs as follows:

If there are domain controllers specified in the configuration on the client computer, these domain controllers are stored in the DCTargets collection.

If the DCTargets collection is empty, the domain controllers that are specified in the DomainControllers script parameter for the AD Client Update DCs script in MOM are added to the DCTargets collection.

If there are sites specified in the configuration on the client computer, the domain controllers in each of the sites that are specified are added to the DCTargets collection.

If the discovery mode is Specific Site, the domain controllers in the sites specified (as the Sites parameter to the AD Client Update DCs script in MOM) are added to the DCTargets collection.

If the discovery mode is Local Site, the domain controllers in the local site are added to the DCTargets collection.

If the discovery mode is Full and the DCTargets collection is empty, the domain controllers for the specified domains (or if no domains are specified, the domain that the client is joined to) are added to the DCTargets collection.

The test suite is run against all the domain controllers in the DCTargets collection.