Chat now with support
지원 담당자와 채팅

Active Administrator 8.3 - Web Console User Guide

Active Administrator Web Console Overview Active Directory Health Alerts Notifications Active Directory Health Check
Using the Health Check landing page Creating a Health Check Setting options for Health Check tests Health check tests
Forest tests Domain tests Domain controller tests Site tests
Active Directory Topology Reports Network Operations Center

Active Directory Health reports

2
Select Report | Active Directory Health.

Active Directory White Space

Displays white space events (Event ID 1646 – the amount of disk space that can be recovered by offline defragmentation) in the NTDS event log.

The results indicate if White Space Logging is enabled, the amount of white space in the database, the size of the Active Directory® database, and the number of events.

NOTE: You must set the Garbage Collection value in the registry to view Event ID 1646. See https://technet.microsoft.com/en-us/library/cc816652(v=ws.10).aspx.

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\ registry key on the remote system or the AFS account should be a member of the Server Operators group in Active Directory.

AD Diagnostic Event Logging Levels

Lists values and descriptions for each event log level for the selected domain controller.

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\ registry key on the remote system or the AFS account should be a member of the Server Operators group in Active Directory.

AD Disk Space

Lists file locations, page file information, Active Directory file location check, file information, disk usage, and SYSVOL information.

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to:

Application Event Log

Lists events generated by applications for a specified domain controller. You can filter the report by text, event ID, and event type, and specify the number of events and the time period.

Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory.

Authentication Methods

Lists RootDSE and Registered Service Principal Name attributes and values resulting from the authentication of the specified domain controller using three methods: negotiate authenticated LDAP, NTLM authenticated LDAP, and un-authenticated LDAP.

Minimum required permission: Domain User rights.

Bind with RID Master

Lists the relative identifier (RID) master role and the results of the binding (DSBind) with the selected domain controller.

Minimum required permission: Domain User rights.

Conflicting Objects

Lists the object and the conflicting object including the date and time of creation.

Minimum required permission: Domain User rights

Connection Object Duplicates

Lists the duplicated connection objects for the selected domain controller.

Minimum required permission: Domain User rights.

Cross-Domain Linked GPO

Lists the number and names of GPOs that are linked to a different domain.

Minimum required permission: Domain User rights.

Directory Health Alerts

Displays a detailed Directory Health alerts report. You can choose the date or date range, and the specific alerts to include.

NOTE: You can also access this report from Monitor | Active Directory Health | Alert History | Report. See Generating an alert history report.

Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must be a member of the AA_Admins group either in the domain or on the database server, depending on the configuration selected during setup.

Directory Objects

Displays a count, in both a horizontal bar graph and a table, of the number of specified directory objects in a specified domain over a specified time period. Directory objects include user, group, computer, group policy objects, and organizational units.

Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must be a member of the AA_Admins group either in the domain or on the database server, depending on the configuration selected during setup.

Directory Service Event Log

Lists events from the Directory Service Event Log for the specified domain controller.

Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory.

Directory Service Parameters

Lists directory service configuration parameters from the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\CurrentControlSet\Services\NTDS\Parameters\ registry key on the remote system or the AFS account should be a member of the Server Operators group in Active Directory.

Disk Drives

Displays detailed information about all of the fixed drives in the selected domain controller(s), such as Name, Type (e.g., NTFS, FAT), Capacity, Free Space (amount and percentage), System Volume (yes/no), and whether the drive contains the Active Directory database, SYSVOL, and/or Active Directory Log Files.

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access to HKLM\CurrentControlSet\Services\NTDS\Parameters\ registry key on the remote system, or be a member of the Server Operators group in Active Directory.

Distributed File System (DFS) Shares

Lists the Distributed File System (DFS) shares available on a domain controller, including the following information for each DFS share: entry path, volume state and timeout, comments associated with the DFS share, and the DFS storage entry(s) associated with the name including server name, share name, and storage state.

Minimum required permission: Domain User rights.

Distributed File System Replication

Lists Distributed File System Replication (DFSR) partners, DFSR service information, connection objects, SYSVOL statistics, connectivity tests, and recent event log messages.

Optionally, if the DFSR service is not running, you can choose to start the DFSR service on the target domain controller and on its DFSR partners. The default setting is to not start the DFSR service.

You also can choose to include details about the files and folders that were moved to the Conflict and Deleted folder due to conflicting updates.

Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers.

DNS Configuration

Displays DNS configuration information from the specified domain controller. The results include Registry keys and values from HKLM\System\CurrentControlSet\Services\ DNS\Parameters, zones hosted on the specified domain controller, DNS Service Information, and Active Directory DNS Information.

Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers.

DNS Event Log

Lists events from the DNS Server Event Log for the specified domain controller.

Minimum required permission: Domain Administrator rights.

DNS Zone Information

Displays zone information for the specified domain controller. The results include the DNS server and forward zone parameters and values.

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access rights to all DNS zones on the target DNS servers, and Enable Account and Remote Enable WMI Security permissions for the target servers.

DNS Zones

Lists the zones for the specified domain controller.

Minimum required permission: The Active Administrator Foundation service (AFS) account must have read access rights to all DNS zones on the target DNS servers and Enable Account and Remote Enable WMI Security permissions for the target servers.

Domain Advertising

Displays the roles being advertised by each domain controller in the specified domain, and verifies that all domain controllers in the domain are properly registered.

Minimum required permission: Domain User rights.

Domain Configuration

Lists domain role holders, Group Policy objects, protected groups, domain administrators, and trusted domains.

Minimum required permission: Domain User rights.

Domain Controller Adapter Information

Displays information from WMI regarding the network adapters present on the specified domain controller(s).

Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers.

Domain Controller Advertising

Lists the services advertised by the domain controller to the Directory Service.

Minimum required permission: Domain User rights.

Domain Controller Connection Objects

Lists the connections objects, with details, from the domain controllers that are used during replication.

Minimum required permission: Domain User rights.

Domain Controller Consistency

Compares domain controller level configurations between two or more domain controllers in a domain.

Minimum required permission: Domain User rights.

Domain Controller Information

Displays the following information for the specified domain controller(s) as held by the Directory Service: Domain Controller name, NetBIOS Name, Domain Name, Domain Controller GUID, Domain Controller SID, DNS Forest Name, Domain GUID, Domain SID, Site name, Client site name, Address, and Address type, and Domain Controller Roles.

Minimum required permission: Domain User rights.

Domain Controller Operating System Information

Displays information about the operating system installed on the specified domain controller(s).

Minimum required permission: Domain User rights and the Active Administrator Foundation service (AFS) account must have Enable Account and Remote Enable WMI Security permissions for the target servers.

Domain Controller Ping

Pings the specified domain controller and displays the ping times. Times that are less than 10 milliseconds are shown as < 10 milliseconds.

Minimum required permission: Domain User rights.

Domain Controller Processes List

Displays the list of processes on a domain controller. The results include the following properties for each process: Process Name, Process ID, Handle Count, Page File Bytes, Page File Bytes Peak, Pool Paged Bytes, Pool Nonpaged Bytes and Thread Count.

Minimum required permission: WMI rights.

Domain Controller Processors List

Displays all of the processors on a domain controller.

Minimum required permission: WMI rights.

Domain Controller Replica State

Displays the state of the replicas of a domain in relation to the selected domain controllers.

Minimum required permission: Domain User rights.

Domain Controller Roles

Indicates which of the following operations master roles are being performed by the specified domain controller(s): Inter-site Topology Generator, Schema Master, Infrastructure Master, RID Master, Domain Naming Master, PDC Emulator Manager, and Global Catalog Manager.

Minimum required permission: Domain User rights.

Domain Controller RootDSE

Displays the values of the attributes in the RootDSE for the specified domain controller(s).

Minimum required permission: Domain User rights.

Domain Controller Security Configuration

Checks core security configurations on one or more domain controllers and compares them against the Microsoft® Best Practices guidelines. This report highlights any configuration parameters that exceed the recommended guidelines and provides recommendations to correct the issue(s) reported.

Minimum required permission: Domain user rights, WMI rights, and File System rights.

Domain Controller Services

Displays the following information for all services on the specified domain controller(s) as held by the Service Control Manager: Service Name, Display Name, Status, Startup Type, and Log On As.

Minimum required permission: Domain Administrator rights.

Domain Controller Site Coverage

Lists the sites covered by the specified domain controller. The information is derived from the site coverage key.

Minimum required permission: Domain User rights.

Domain Controller Sites

Displays a list of all the domain controllers and the site to which each belongs for the specified domain.

Minimum required permission: Domain User rights.

Domain Controller SPNs

Lists the Service Principal Name (SPN) for all services on the specified domain controller.

Minimum required permission: Domain User rights.

Domain Controller Trends

Displays the average performance values on a domain controller. Values include Cache copy read hits; CPU processor time; DFSRS % processor time, private bytes, USN records accepted, and working set; LSASS % processor time, private bytes, and working set; file replication (NTFRS) staging space free in kilobytes; memory page faults a second; and NTDS DRA inbound properties filtered a second, LDAP searches a second, and LDAP writes a second; Server sessions.

Minimum required permission: Domain User rights.

Domain Controllers

Lists all domain controllers for the specified domain. Information includes the DNS host name, IP address and the distinguished name for each domain controller in the domain.

Minimum required permission: Domain User rights.

Domain Controllers Memory Utilization

Displays the top domain controllers sorted by the average % of physical memory consumed over a specified period of time.

Minimum required permission: Domain User rights.

Domain Controllers without replication links

Lists the domain controllers without replication links.

Minimum required permission: Domain User rights.

Domain Naming Masters

Lists all the Domain Naming Masters in a given forest and domain.

Minimum required permission: Domain User rights.

Domain Role Holders

Lists all servers that hold the following operation masters:

Minimum required permission: Domain User rights.

Domain Security

Displays the following security information for the specified domain:

Minimum required permission: Domain user rights.

Domains

Lists all the domains in a given forest, along with the number of sites, domain controllers, and directory objects associated with each domain.

Click on a number of sites, domain controllers, or directory objects to drill down to a greater level of detail.

Minimum required permission: Domain User rights.

Drivers List

Lists all the drivers on the specified domain controller. The results include the following properties for each driver: Display Name, Driver Name, State, and Status.

Minimum required permission: Domain Administrator rights.

Duplicate SIDs

Lists duplicate SIDs for the selected domain controller.

Minimum required permission: Domain User rights.

Environment Variables

Displays all the environment settings, including both system and individual user settings, on a domain controller. The results include the following details: Variable Name, User Name, System Variable (true/false), and Variable Value.

Minimum required permission: Domain user rights and WMI rights.

Event Log

Lists the events from selected event logs on the selected domain controller. You can filter events based on text, event ID, date, or event status.

Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory.

Event Log Errors

Lists all the Event Log errors on the selected domain controller In the last day, week, and month.

Minimum required permission: The Active Administrator Foundation service (AFS) account must be a member of the Event Log Readers group in Active Directory.

Forest Configuration

Displays forest configuration details, such as role holders, partition information, and counts of GPOs and connection objects.

Minimum required permission: Domain User rights.

Forest Inventory

Displays an inventory of all forests previously discovered by Active Administrator, along with the number of domains, sites and domain controllers associated with each forest.

To view forest inventory with greater level of detail, enter the forest name or select the forest name in the Summary area, and run the report.

NOTE: By default, AFS refreshes the forest cache every three hours. To change the refresh schedule, edit the RefreshForestCacheIntervalHours value in the registry key below and restart the AFS service. To disable the scheduled refresh of the forest cache, set this value to zero.

Minimum required permission: Domain User rights and the AFS account must have read and write access to the Active Administrator share.

Global Catalogs

Lists all the Global Catalogs in a given forest and domain.

Minimum required permission: Domain User rights.

GPO Consistency

Performs a Cyclic Redundancy Check (CRC) of the Group Policy Object (GPO) files on two or more selected domain controllers. The results display a list of inconsistent policies found between the specified domain controllers.

Minimum required permission: Domain User rights.

Group Membership Consistency

Checks the group membership consistency between two or more domain controllers in a domain.

Minimum required permission: Domain user rights.

Ineffective GPO

Lists policies that are not linked, as well as all policies that are linked, but currently in a disabled stated, which renders them ineffective. Information includes the display name of the group policy, its unique ID, and a brief description why it is considered an ineffective link.

Minimum required permission: Domain User rights.

Infrastructure Masters

Lists all the Infrastructure Masters in a given forest and domain.

Minimum required permission: Domain User rights.

Installed Updates

Displays the current service pack information for the specified domain controller, including when the service pack was installed and who installed it.

Minimum required permission: Domain Administrator rights.

Inter-site Topology Generators

Lists all the Inter-site Topology Generators in a given forest.

Minimum required permission: Domain User rights.

IP Deny List

Displays the list of IP addresses in the IP Deny List (Configuration/services/ windows nt/Directory Service/Query-Policies/Default QueryPolicy/ldapdenylist/ IDAPIPDenyList) for the specified server.

Minimum required permission: Domain user rights.

Last Boot Up Time

Displays the last time a domain controller was booted and how long the domain controller has been running.

Minimum required permission: WMI rights.

LDAP Policies

Displays the Lightweight Directory Access Protocol (LDAP) protocol policies of the specified domain controller. The results display the attributes and values for LDAP Administration limits and lists LDAP Admin limits that could not be found.

Minimum required permission: Domain user rights.

Lost and Found Items

Lists the lost and found items for the specified domain controllers.

Minimum required permission: Domain User rights.

Naming Context Metadata

Displays the following information for each domain controller in the specified naming context: local USN, originating DSA, originating USN, originating time/date, version, and attribute.

Minimum required permission: Domain User rights.

Naming Context Topology

Checks that the generated topology is fully connected for all domain controllers, and checks the connection objects and the naming context (NC) header where RepsFrom and RepsTo is saved. The results include the sites in the domains, and domain controller replication topology and intersite replication information.

Minimum required permission: Domain user rights.

Naming Context Topology Aliveness

Initiates a replication of the selected domain and reports the results of the replication. The results include the following synchronization information: source server, destination server, event, and event description.

Minimum required permission: Domain User rights.

Naming Context Up-to-Dateness

Displays the Up-to-Dateness vector from the state information of the directory service for the specified domain.

Minimum required permission: Domain User rights.

Net Logon

Verifies that NetLogon is running on the specified domain controller and retrieves information about the NetLogon service on the specified domain controller using WMI.

Minimum required permission: WMI and Registry Read rights.

Owner Information

Lists the global advertised services known by the specified domain controller. The advertised services are Global Catalog, Time Server, Preferred Time Server, Primary Domain Controller (PDC) emulator, and Key Distribution Center (KDC). The results include the server holding the service, the ping times, and other advertised services held by that server.

Minimum required permission: Domain User rights.

PDC Emulators

Lists all the PDC (Primary Domain Controller) Emulator Masters in a given forest and domain.

Minimum required permission: Domain User rights.

Ping Global Catalog

Lists all Global Catalog servers in the specified domain. The results include the total number of GCs in the domain and the ping times for each GC.

Minimum required permission: Domain User rights.

Remote Access Information

Displays the settings and status of the current active remote access connections for the specified domain controllers.

Minimum required permission: Domain Administrator rights.

Replication Failures

Lists the results of replication operations for every naming context and every replication partner.

Minimum required permission: Domain User rights.

Replication Logon Privileges

Checks that logon privileges are appropriate for replication.

Minimum required permission: Domain User rights.

Replication Partner DNS Resolution

Validates that DNS resolution is functioning properly. Displays the domain controller IP address, the DNS server IP address that the domain controller is configured to use, the records queried, and the records returned by DNS, including the IP address and ping response times.

Minimum required permission: Domain User and WMI rights.

Replication Partners

Lists information about inbound and outbound replication partners for the selected domain controller.

Minimum required permission: Domain User rights.

Replication Queue Length

Lists the length of the queues for current and pending replication tasks.

Minimum required permission: Domain Administrator rights.

RID Information

Lists the following RID (relative ID) information from the registry and Active Directory containers for the selected domain controller: minimum RID, maximum RID, RID threshold, RID block size, RID cache size, cached next RID, role owner (RID Master name), available RID pool for domain, allocation pool, next RID, previous allocation pool, and used pool.

Minimum required permission: Domain User rights.

RID Masters

Lists all the RID (relative ID) masters in a given forest and domain.

Minimum required permission: Domain User rights.

RIDs

Verifies the low and high values of RID sets for each domain controller in the specified domain. The results include values and pass/fail.

Minimum required permission: Domain User rights.

Schema Master

Lists all the schema masters in a given forest and domain.

Minimum required permission: Domain User rights.

Security Event Log

Lists events from the Security Event Log for the specified domain controller.

Minimum required permission: The Active Administrator Foundation Service (AFS) account must be a member of the Event Log Readers group in Active Directory.

System Event Log

Lists events from the System Event Log for the specified domain controller.

Minimum required permission: The Active Administrator Foundation Service (AFS) account must be a member of the Event Log Readers group in Active Directory.

SYSVOL Attach

Tests attaching to the SYSVOL of the specified domain controller. Results show the path for which the attempt was made, as well as the actual path after connecting.

Minimum required permission: WMI rights.

SYSVOL Consistency

Performs a Cyclic Redundancy Check (CRC) of the SYSVOL content on two or more domain controllers. The report groups data based on the Policies (Group Policy Objects) and Scripts directories stored on the SYSVOL.

Minimum required permission: Domain User, WMI, and File System Access rights.

Time Synchronization

Verifies time synchronization for the specified domain controller and displays the domain controllers that have time differences with their W32Time Parent. Report information is displayed in Coordinated Universal Time (UTC).

For the specified domain controller, the results include SNTP Server (yes/no), UTC Time, Local Time, Forest Root Domain (yes/no), PDC (yes/no), and Time Servers.

For the Time Server for the specified domain controller, the results include Name, SNTP Server (yes/no), UTC Time, Local Time, and Difference (in seconds between Time Server and specified domain controller).

Minimum required permission: Domain User and WMI rights.

Time Synchronization - Domain Controllers with Time Difference greater than threshold

Displays the domain controllers that have time differences greater than the specified threshold. Report information is displayed in Coordinated Universal Time (UTC).

Minimum required permission: Domain User and WMI rights.

Tombstoned Items

Enumerates tombstoned items, which are objects that have been marked for deletion by Active Directory, but whose tombstone lifetime has not expired. Tombstone lifetime is the number of days before a deleted item is removed from Active Directory (default is 60 days).

Minimum required permission: Domain user rights.

Unlinked GPO

Lists the GPOs that are not linked at the site, domain, or organizational unit level for a specified domain. This is a forest-wide search, so it detects cross-domain linking of GPOs.

Minimum required permission: Domain User rights.

User Consistency

Checks the consistency of user objects between two or more domain controllers in a domain. Verifies that each user object exists and that its group member list and other attributes are the same on each domain controller.

Minimum required permission: Domain user rights.

Active Directory Infrastructure reports

2
Select Report | Active Directory Infrastructure.

Forest and Domain Trusts

Lists the domain trusts for the domain where the specified domain controller resides. Information includes the name of the trusted domain, the type of trust, whether the trust is transitive or not, and the direction of the trust.

Forest Assessment

Lists details about forest trusts, Global Catalog servers, sites, and domains for the specified forest.

Global Catalog Server

Lists the global catalog servers in all domains.

Replication Assessment

Lists replication errors and details about domain controller replications for the specified forest.

Site Configuration

Displays site level configurations for one or more sites, including a list of the domain controllers located in the site and the domains within the site, and details on topology generation, universal group caching, and site links.

Site Information

Displays information about associated subnets, schedules, site links, and site link bridges for the specified site. Results include the following for Site Links: Name, Cost, Replication Interval and Transport.

Site Link Information

Displays information about associated sites, replication schedules, costs, intervals, and transports for the specified site. Results include the following details for site links: name, transport, cost, interval, associated sites, and schedule.

Site Messaging

Displays inter-site messaging configuration for the specified site. Results include the following information for each transport and site found: bridgehead server(s) (for specified site), cost, interval, and schedule.

Subnet Report

Displays the details of the subnets within the forest. Results include the forest name, domain root, forest functional level, domain naming master, schema master, and the prefix, site name, and location of all subnets.

DNS reports

2
Select Reports | DNS.
Table 3. DNS reports

DNS Domain

Lists the subdomains and resource records for the specified DNS domain on a specified DNS server.

DNS Server

Lists zones and their properties for the specified DNS server.

Security reports

2
Select Report | Security.

Active Templates Delegation Details

Lists the delegated permissions provided by the active templates for the selected object and the current delegation status of each permission.

Active Template Delegations

Lists the active templates for the selected object and the delegation status of each active template.

All Computers Report

Lists all computers in the specified path.

All Groups Report

Lists all groups in the specified path.

All Organizational Units Report

Lists all organizational units in the specified path.

All Users Report

Lists all users in the specified path.

Inactive Accounts Report

Lists all inactive user or computer accounts in the specified database and domain.

Object Class Summary

Displays counts for each object class type within a specified path.

Security Delegation Report

Lists all delegated permissions for a specified path.

관련 문서