Chat now with support
Chat with Support

Active Administrator 8.4 - User Guide

Active Administrator Overview Certificates Security & Delegation Azure Active Directory  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Configuring Azure Active Directory Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSRS CPU load DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Review the reported orphaned GPO folders in the local SYSVOL and remove any that are obsolete. Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Managing certificates

The Certificate Management window displays the certificates for the selected computer. The heading at the top of the display enumerates the total valid, soon to expire, expired, deleted, and broken certificates. The state of each certificate is indicated by an icon.

If someone deleted a certificate using native tools, the certificate displays in a pane at the bottom of the screen. You can restore the deleted certificate from the Active Administrator database or install the certificate on another computer.

Broken certificates also display in a pane at the bottom of the screen. You can attempt to repair the broken certificate or override the broken certificate notification, which replaces the certificate stored in Active Administrator with the broken certificate. See Managing broken certificates.

1
Select Certificate | Certificate Management.

Computers

Manage the computers on which certificates are monitored. See Managing computers.

Sync

Refresh the Active Administrator database and the display with the certificates on a selected computer. See Updating the list of certificates.

NOTE: If Certificate Protection is enabled (see Configuring certificate protection), the database and display are not refreshed, but instead the certificates on the computer are checked against the Active Administrator database for differences. If broken certificates are found, email notifications are sent. If auto-repair is enabled, an attempt to repair the broken certificates automatically (see Managing broken certificates).

Add

Add a certificate to a selected computer. See Installing certificates.

Delete

Delete a certificate from a selected computer. Deleting certificates.

Install on

Install selected certificates on one or more computers. See Installing certificates.

Refresh

Refresh the display by pulling the contents of the Active Administrator database. See Updating the list of certificates.

More | Export

Export a selected certificate to a selected location, either from the list of certificates or a selected computer. See Exporting certificates.

More | Details

View the details of the selected certificate. You also can install the certificate on a computer, export the certificate, and view the validation chain. See Viewing certificate details.

More | Add to Repository

Add a selected certificate to the Certificate Repository. See Adding a certificate to the repository.

More | Validation Chain

View the validation chain of the selected certificate. See Viewing the validation chain.

More | Report

Create a certificates report to display in a report editor, to send in an email, or to save to a file. See Sending a report.

More | Report schedules

Edit, disable, or remove report certificate report schedules. See Managing report schedules.

More | Notifications

Exclude a selected certificate from being included in the certificates that support cryptography notification email. See Excluding certificates that support cryptography.

More | Revoke Notifications

Exclude a selected certificate from being included in the revoked certificate notification email. See Excluding revoked certificates

More | Broken Certificate History

View the list of the certificates that are broken, were repaired, failed repair, or were overridden. See Managing broken certificates.

More | Monitored Organizational Units

View the list of organizational units that are being monitored for computers that are added or removed. See Managing monitored organizational units.

Group by

Group the list of certificates by stores or by the state of the certificate. See Grouping the list of certificates.

Managing computers

To view certificates on a computer, you must add the computer. When you first add a computer, it is synced when you choose to display the certificates. Only those computers that are managed by the Certificate module are monitored for certificates. Managed computers are monitored based on the schedule set on the Certificate Configuration page (see Setting certificate configuration). You can turn off the dynamic monitoring of managed computers and sync them manually.

1
Select Certificate | Certificate Management.
2
Click Computers.

Add

Add a computer to the list of managed computers. See Adding computers.

Remove

Remove the selected computers from the list of managed computers. See Removing computers.

Edit

Enable/disable the selected computer or edit the credentials on the selected computer. See Disabling certificate management and Adding computers.

Stores

Exclude selected stores on a specified computer from monitoring. See Excluding stores.

Test

Validate the connection to the selected computer.

Enable

Enable certificate management on the selected computers.

Disable

Disable certificate management on the selected computers. See Disabling certificate management.

Adding computers

To manage certificates on a computer, you must first add the computer. Only the computers listed in the Available computers list are monitored for certificate management.

1
Select Certificate | Certificate Management.
2
Click Computers.
3
Click Add to add new computers to the list.
4
To populate the Available computers list, choose between adding selected computers or loading computers from selected OUs. You can use a combination of both options to populate the list of computers.
a
Select Select Computers.
c
Click Add to add the computers to the list of Available computers.
a
Select Select Organizational Units.
NOTE: To reload the list of OUs, click Refresh. All selections are cleared and any newly added OUs appear in the list.
e
Click Add to add the computers from the selected OUs to the list of Available Computers.
5
To manage the Available computers list, you can filter the list and remove computers you no longer need to monitor.
To filter the list, start typing in the Filter Computers box. The list filters as you type.
b
Click Stores.
You can filter the list of stores or use Select all/Clear all to manage the list.
d
e
Click Yes to confirm the excluded stores.
7
By default, the Active Administrator® Foundation Service Credentials are used to retrieve certificates from the selected computers. If you want to specify a different account, clear the check box, and enter the username, or browse to select an account, and enter the password.
8
NOTE: Active Administrator validates each computer, in the order they appear in the Available computers list. If you selected several computers and the process is taking too long or you are getting errors, you can cancel the process. Click Cancel in the progress bar, and click Yes to confirm. If you want to repeat the test, click Test.
9
Click Close.

Excluding stores

You can exclude selected stores on a specified computer from certificate monitoring.

1
Select Certificate | Certificate Management.
2
Click Computers.
Filter the list, if necessary. Start typing in the Filter computers box. The list filters as you type.
4
Click Stores.
Filter the list, if necessary. Start typing in the Filter stores box. The list filters as you type.
6
Use Select all/Clear all to manage the list.
7
8
Click Yes to confirm the excluded stores.
Related Documents