Title: Module 8: Implementing an Active Directory Domain Services Monitoring Plan
1- Module 8 Implementing an Active Directory Domain
Services Monitoring Plan
2Module Overview
- Monitoring Active Directory Domain Services Using
Event Viewer - Monitoring Active Directory Domain Servers Using
Reliability and Performance Monitor - Configuring Active Directory Domain Services
Auditing
3Lesson 1 Monitoring Active Directory Domain
Services Using Event Viewer
- Event Viewer Features
- Demonstration Overview of the Event Viewer
- Active Directory Domain Services Logs
- What Are Custom Views?
- What Are Subscriptions?
- Demonstration Configuring Custom Views and
Subscriptions
4Event Viewer Features
5Demonstration Overview of the Event Viewer
- In this demonstration, you will see how to
navigate the Event Viewer
6Active Directory Domain Services Logs
The following logs can provide specific
information about Active Directory issues
- Application log connections
- System Log
- DFS Replication log
- Directory Service Log
- DNS Server log
- Group Policy\Operational
7What Are Custom Views?
Custom views
- Allow you to aggregate and filter information
from multiple logs into a single view - Are reusable
- Can be exported to other computers
Event 1. Security log
Event 2. System log
Event Viewer
Event 3 DFS log
8What Are Subscriptions?
Subscriptions collect events from multiple
computers and store them locally
9Demonstration Configuring Custom Views and
Subscriptions
- In this demonstration, you will see how to
- Create a custom view and add the AD DS specific
logs to the view. - Create a subscription to collect logs from
multiple domain controllers
10Lesson 2 Monitoring Active Directory Domain
Servers Using Reliability and Performance Monitor
- Reliability and Performance Monitor Features
- Demonstration Overview of the Reliability and
Performance Monitor - Monitoring AD DS Using Performance Monitor
- What Is an Active Directory Baseline?
- Monitoring Service Availability with Reliability
Monitor - Monitoring Active Directory Domain Services Using
Data Collector Sets - Demonstration Monitoring AD DS
11Reliability and Performance Monitor Features
- Reliability and Performance Monitor allows you to
Perform real-time monitoring
ü
Collect data
ü
Track performance of applications and services
ü
Generate alerts
ü
Take action when thresholds are reached
ü
Generate reports
ü
12Demonstration Overview of the Reliability and
Performance Monitor
- In this demonstration, you will see an overview
of the Reliability and Performance monitor
13Monitoring AD DS Using Performance Monitor
Useful NTDS Counters for Monitoring Active
Directory
NTDS\ DRA Inbound Bytes Total/sec
ü
NTDS\ DRA Inbound Object
ü
NTDS\ DRA Outbound Bytes Total/sec
ü
NTDS\ DRA Pending Replication Synchronizations
ü
NTDS\ Kerberos Authentications/sec
ü
NTDS\ NTLM Authentications
ü
14What Is an Active Directory Baseline?
A baseline defines what a server looks like
under normal workload conditions
ü
Servers performing different functions will have
different baselines measurements
ü
Baseline measurements should include basic
server counters and function specific counters
ü
Problems areas can be identified by comparing
baseline measurements to current statistics
ü
15Monitoring Service Availability with Reliability
Monitor
16Monitoring Active Directory Domain Services Using
Data Collector Sets
- Organizes multiple data collection points into a
single component
- Can be grouped with other data collection sets
- Can be incorporated into logs
- Can be created individually or from templates
Data Collector Sets can contain the following
types of data collectors
- Performance counters
- Event trace data
- System configuration information (registry key
values)
17Demonstration Monitoring AD DS
- In this demonstration, you will see how to set up
monitoring of Active Directory
18Lesson 3 Configuring Active Directory Domain
Services Auditing
- What Is Active Directory Domain Services
Auditing? - Demonstration Configuring an Audit Policy
- Types of Events to Audit
- Demonstration Configuring AD DS Auditing
19What Is Active Directory Domain Services
Auditing?
- Active Directory auditing can show old values and
new values of changed attributes in audit entries - Active Directory audit policy is divided into
four subcategories - Directory service access
- Directory service changes
- Directory service replication
- Detailed Directory service replication
- Only directory service access is enabled for
success by default - Use the Auditpol.exe command-line tool to view or
set audit policy subcategories
20Demonstration Configuring an Audit Policy
- In this demonstration, you will see how to
configure a global audit policy with the GPMC and
adjust it with Auditpol.exe
21Types of Events to Audit
Event ID Category Event
4662 Directory service access An operation was performed on an Active Directory object
4722 User account management A user account was enabled
4726 User account management A user account was deleted
4738 User account management A user account was changed
5136 Directory service changes An Active Directory object was modified
5137 Directory service changes A new Active Directory object was created
5138 Directory service changes An Active Directory object was undeleted
22Demonstration Configuring AD DS Auditing
- In this demonstration, you will see how to
configure the site link object to manage
replication between sites
23Lab Monitoring Active Directory Domain Services
- Exercise 1 Monitor AD DS Using Event Viewer
- Exercise 2 Monitor AD DS Using Performance and
Reliability Monitor - Exercise 3 Configure AD DS Auditing
Logon information
Virtual machine NYC-DC1, NYC-DC2
User name Administrator
Password Paw0rd
Estimated time 60 minutes
24Lab Review
- You want to enable the Directory Service Changes
subcategory without enabling a global audit
policy. How could you do this? - What services must be running on a source
computer in order to provide information to a
subscription? - You have enabled a global audit policy to collect
directory service access events, but no events
are showing up in the security log. What might
the problem be?
25Module Review and Takeaways
- Review questions
- Considerations
26Beta Feedback Tool
- Beta feedback tool helps
- Collect student roster information, module
feedback, and course evaluations. - Identify and sort the changes that students
request, thereby facilitating a quick team
triage. - Save data to a database in SQL Server that you
can later query. - Walkthrough of the tool
27Beta Feedback
- Overall flow of module
- Which topics did you think flowed smoothly, from
topic to topic? - Was something taught out of order?
- Pacing
- Were you able to keep up? Are there any places
where the pace felt too slow? - Were you able to process what the instructor said
before moving on to next topic? - Did you have ample time to reflect on what you
learned? Did you have time to formulate and ask
questions? - Learner activities
- Which demos helped you learn the most? Why do you
think that is? - Did the lab help you synthesize the content in
the module? Did it help you to understand how you
can use this knowledge in your work environment? - Were there any discussion questions or reflection
questions that really made you think? Were there
questions you thought werent helpful?