Module 8: Implementing an Active Directory Domain Services Monitoring Plan

1

• Module 8 Implementing an Active Directory Domain
  Services Monitoring Plan

2
Module Overview

• Monitoring Active Directory Domain Services Using
  Event Viewer
• Monitoring Active Directory Domain Servers Using
  Reliability and Performance Monitor
• Configuring Active Directory Domain Services
  Auditing

3
Lesson 1 Monitoring Active Directory Domain
Services Using Event Viewer

• Event Viewer Features
• Demonstration Overview of the Event Viewer
• Active Directory Domain Services Logs
• What Are Custom Views?
• What Are Subscriptions?
• Demonstration Configuring Custom Views and
  Subscriptions

4
Event Viewer Features
5
Demonstration Overview of the Event Viewer

• In this demonstration, you will see how to
  navigate the Event Viewer

6
Active Directory Domain Services Logs
The following logs can provide specific
information about Active Directory issues

• Application log connections
• System Log
• DFS Replication log

• Directory Service Log
• DNS Server log
• Group Policy\Operational

7
What Are Custom Views?
Custom views

• Allow you to aggregate and filter information
  from multiple logs into a single view
• Are reusable
• Can be exported to other computers

Event 1. Security log
Event 2. System log
Event Viewer
Event 3 DFS log
8
What Are Subscriptions?
Subscriptions collect events from multiple
computers and store them locally
9
Demonstration Configuring Custom Views and
Subscriptions

• In this demonstration, you will see how to
• Create a custom view and add the AD DS specific
  logs to the view.
• Create a subscription to collect logs from
  multiple domain controllers

10
Lesson 2 Monitoring Active Directory Domain
Servers Using Reliability and Performance Monitor

• Reliability and Performance Monitor Features
• Demonstration Overview of the Reliability and
  Performance Monitor
• Monitoring AD DS Using Performance Monitor
• What Is an Active Directory Baseline?
• Monitoring Service Availability with Reliability
  Monitor
• Monitoring Active Directory Domain Services Using
  Data Collector Sets
• Demonstration Monitoring AD DS

11
Reliability and Performance Monitor Features

• Reliability and Performance Monitor allows you to

Perform real-time monitoring
ü
Collect data
ü
Track performance of applications and services
ü
Generate alerts
ü
Take action when thresholds are reached
ü
Generate reports
ü
12
Demonstration Overview of the Reliability and
Performance Monitor

• In this demonstration, you will see an overview
  of the Reliability and Performance monitor

13
Monitoring AD DS Using Performance Monitor
Useful NTDS Counters for Monitoring Active
Directory
NTDS\ DRA Inbound Bytes Total/sec
ü
NTDS\ DRA Inbound Object
ü
NTDS\ DRA Outbound Bytes Total/sec
ü
NTDS\ DRA Pending Replication Synchronizations
ü
NTDS\ Kerberos Authentications/sec
ü
NTDS\ NTLM Authentications
ü
14
What Is an Active Directory Baseline?
A baseline defines what a server looks like
under normal workload conditions
ü
Servers performing different functions will have
different baselines measurements
ü
Baseline measurements should include basic
server counters and function specific counters
ü
Problems areas can be identified by comparing
baseline measurements to current statistics
ü
15
Monitoring Service Availability with Reliability
Monitor
16
Monitoring Active Directory Domain Services Using
Data Collector Sets

• Organizes multiple data collection points into a
  single component

• Can be grouped with other data collection sets

• Can be incorporated into logs

• Can be created individually or from templates

Data Collector Sets can contain the following
types of data collectors

• Performance counters
• Event trace data
• System configuration information (registry key
  values)

17
Demonstration Monitoring AD DS

• In this demonstration, you will see how to set up
  monitoring of Active Directory

18
Lesson 3 Configuring Active Directory Domain
Services Auditing

• What Is Active Directory Domain Services
  Auditing?
• Demonstration Configuring an Audit Policy
• Types of Events to Audit
• Demonstration Configuring AD DS Auditing

19
What Is Active Directory Domain Services
Auditing?

• Active Directory auditing can show old values and
  new values of changed attributes in audit entries
• Active Directory audit policy is divided into
  four subcategories
• Directory service access
• Directory service changes
• Directory service replication
• Detailed Directory service replication
• Only directory service access is enabled for
  success by default
• Use the Auditpol.exe command-line tool to view or
  set audit policy subcategories

20
Demonstration Configuring an Audit Policy

• In this demonstration, you will see how to
  configure a global audit policy with the GPMC and
  adjust it with Auditpol.exe

21
Types of Events to Audit
Event ID Category Event
4662 Directory service access An operation was performed on an Active Directory object
4722 User account management A user account was enabled
4726 User account management A user account was deleted
4738 User account management A user account was changed
5136 Directory service changes An Active Directory object was modified
5137 Directory service changes A new Active Directory object was created
5138 Directory service changes An Active Directory object was undeleted
22
Demonstration Configuring AD DS Auditing

• In this demonstration, you will see how to
  configure the site link object to manage
  replication between sites

23
Lab Monitoring Active Directory Domain Services

• Exercise 1 Monitor AD DS Using Event Viewer
• Exercise 2 Monitor AD DS Using Performance and
  Reliability Monitor
• Exercise 3 Configure AD DS Auditing

Logon information
Virtual machine NYC-DC1, NYC-DC2
User name Administrator
Password Paw0rd
Estimated time 60 minutes
24
Lab Review

• You want to enable the Directory Service Changes
  subcategory without enabling a global audit
  policy. How could you do this?
• What services must be running on a source
  computer in order to provide information to a
  subscription?
• You have enabled a global audit policy to collect
  directory service access events, but no events
  are showing up in the security log. What might
  the problem be?

25
Module Review and Takeaways

• Review questions
• Considerations

26
Beta Feedback Tool

• Beta feedback tool helps
• Collect student roster information, module
  feedback, and course evaluations.
• Identify and sort the changes that students
  request, thereby facilitating a quick team
  triage.
• Save data to a database in SQL Server that you
  can later query.
• Walkthrough of the tool

27
Beta Feedback

• Overall flow of module
• Which topics did you think flowed smoothly, from
  topic to topic?
• Was something taught out of order?
• Pacing
• Were you able to keep up? Are there any places
  where the pace felt too slow?
• Were you able to process what the instructor said
  before moving on to next topic?
• Did you have ample time to reflect on what you
  learned? Did you have time to formulate and ask
  questions?
• Learner activities
• Which demos helped you learn the most? Why do you
  think that is?
• Did the lab help you synthesize the content in
  the module? Did it help you to understand how you
  can use this knowledge in your work environment?
• Were there any discussion questions or reflection
  questions that really made you think? Were there
  questions you thought werent helpful?