Chat now with support
Chat with Support

Active Administrator 8.4 - User Guide

Active Administrator Overview Certificates Security & Delegation Azure Active Directory  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Configuring Azure Active Directory Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSRS CPU load DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Review the reported orphaned GPO folders in the local SYSVOL and remove any that are obsolete. Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Managing Active Directory Health Templates

Active Directory Health templates can be viewed, modified, removed from an object, and deleted. Templates can also be imported or exported.

When viewing templates, the number of objects locked to that template are displayed to the right of the template name. When viewing the properties of a template, details such as the template ID, template name, description, object type, created dates, creator, updated dates, who updated the template, and the objects that are using the template are displayed. The collector settings and alert settings can also be viewed.

When a template is modified, all objects locked to that template will be updated to reflect the changes.

When a template is deleted, all objects locked to that template will be unlinked. The settings for the objects will remain unchanged.

1
Select Active Directory Health | Agents.
2
Select the Monitored Domain Controllers tab.
3
Select Settings | Templates.
5
Click Properties to display the template details.
6
Click Settings.
7
Optionally, click Data Collectors to view all of the data collector settings for this template.
8
Optionally, click Alerts to view all of the alert settings for this template.
9
Click Close to exit.
1
Select Active Directory Health | Agents.
2
Select the Monitored Domain Controllers tab.
3
Select Settings | Templates.
5
Click Properties to display and edit the template details.
6
Click Settings.
7
Optionally, click Data Collectors and double-click any data collector to edit its settings. Click Apply to save the changes for all objects locked to this template.
8
Optionally, click Alerts and double-click any alert to edit its settings. Click Apply to save the changes for all objects locked to this template.
9
Optionally, select Active Directory objects that have the template applied and click Remove Template to remove the application of the template. Click Yes to accept and continue..
10
Click Update to save the modified template details.
11
Click Close to exit.
1
Select Active Directory Health | Agents.
2
Select the Monitored Domain Controllers tab.
3
Select Settings | Templates.
5
Click Delete.
6
Click Close to exit.
1
Select Active Directory Health | Agents.
2
Select the Monitored Domain Controllers tab.
3
Select Settings | Templates.
5
Click Export.
8
Click Save.
1
Select Active Directory Health | Agents.
2
Select the Monitored Domain Controllers tab.
3
Select Settings | Templates.
4
Click Import.
6
Click Open.
8
9
Click Yes to overwrite any existing templates that have the same name as a template being imported.
Click No to skip importing any templates with the same name as an existing template.
10
Click Close to exit.

Managing Active Directory Health Analyzer agents

You can install agents directly to a domain controller in standalone mode. The standalone agent monitors only the domain controller on which it is installed. Installing agents into a pool maximizes the efficiency by balancing the workload among the pool of load-balancing agents.

If a Active Directory Health Analyzer agent is experiencing problems, an alert is triggered and displays in the Current Alert list. See Viewing alerts and alert history. For Active Directory Health Analyzer agents in a pool, the domain controllers it monitors move to another agent, and the domain controller hosting the agent is removed from the pool and no longer monitored until it come back online.

1
Select Active Directory Health | Agents.
2
Open the Analyzer Agents tab.
NOTE: When you select Remove, Start, Stop, Restart, Set Agent Startup Account, or Set Port Number, you are asked to select the account to use to manage the agent. You can use the Active Administrator Foundation Service (AFS) account, or indicate a specific user account.

Refresh

Refresh the Active Directory Health Analyzer agent on all listed domain controllers.

Refresh Selected

Refresh the Active Directory Health Analyzer agent on selected domain controllers.

Install

Install the Active Directory Health Analyzer agent. See Installing Active Directory Health Analyzer agents.

Properties

Display properties for the selected Active Directory Health Analyzer agent.

You also can view properties when monitoring agent performance. See Monitoring agent performance.

Limiter

Enable, disable, and edit time thresholds for notifications.

Remove

Uninstall the selected Active Directory Health Analyzer agent.

Start

Start collecting events on the selected domain controller(s).

Stop

Stop collecting events on the selected domain controller.

Restart

Restart selected Active Directory Health Analyzer agents.

Workload Details

Manage workload distribution by the agent pool. See Managing agent workload.

Manage email notifications for the status of load-balancing agents. See Sending agent notifications.

More | Agent Notifications

Manage email notifications for the status of standalone and load-balancing agents. See Sending agent notifications.

More | Automatic Agent Deployment

Set up automatic deployment of the Active Directory Health Analyzer agent.

Manage pending deployments. You can cancel or initiate the deployment immediately.

See Setting up automatic Active Directory Health Analyzer agent deployment.

More | Agent Performance Settings

Set up performance monitoring of a selected Active Directory Health Analyzer agent. See Monitoring agent performance.

More | Agent Performance

View properties and statistics to help monitor memory and CPU usage on a selected Active Directory Health Analyzer agent. See Monitoring agent performance.

More | Set Agent Startup Account

Change the Active Directory Health Analyzer agent startup account.

If you cannot use an account with domain administrative privileges, use an account that is a member of the Performance Log Users and Distributed COM Users groups in the monitored domain. You also must enable Remote Access for WMI on the remotely monitored domain controllers. Some monitoring features will not be available.

More | Set Agent Port Number

Specify the port that the Active Administrator Foundation Server uses to communicate with the Active Directory Health Analyzer agent on the domain controller.

More | Remove Orphaned Agents

Removes the Active Directory Health Analyzer agents from the selected computers.

More | View Agent Log

View the Active Directory Health Analyzer agent log.

NOTE: The log entries exist in memory. You can use the Filter Log Entries option to search for specific log entries. You can right-click and copy a selection of log entries to the clipboard. If you require a log file for troubleshooting, use the Active Directory Health Analyzer agent configuration utility. See Using the Active Directory Health Analyzer agent configuration utility.

More | Test Agent Status

Test the Active Directory Health Analyzer agent connection.

More | Configure Firewall Rules

Configures Windows® Firewall to allow the Active Directory Health Analyzer agent to communicate with the Active Administrator Data Service (ADS).

More | Upgrade

Upgrade the selected Active Directory Health Analyzer agent.

More| Upgrade All

Upgrade all listed Active Directory Health Analyzer agents.

More | Group by Status

Group the list of agents by status.

More | Remove Grouping

Remove the grouping.

More | Excluded Domain Controllers

Manage the list of domain controllers that are excluded from monitoring. See Excluding domain controllers.

Tasks

Manage the tasks that pertain to the Active Directory Health Analyzer Agent. See Managing tasks.

Managing agent workload

As domain controllers are added, removed, started, or stopped, the agent pool automatically redistributes the workload. A workload evaluation is run every 24 hours automatically, but you can trigger it manually as well. You may find you need to add more agents to the pool to help with the workload. See Installing Active Directory Health Analyzer agents into a pool.

1
Select Active Directory Health | Agents.
2
Open the Analyzer Agents tab.
3
Click Workload Details.
4
Click Evaluate Agent Load.

Sending agent notifications

By default, an email notification is sent when an agent goes into a critical state, a stopped state, and when the agent has recovered. You also can select to send an email notification when the agent goes into a warning state or when an agent workload evaluation is performed, which occurs if a load-balancing agent cannot recover.

1
Select Active Directory Health | Agents.
2
Open the Analyzer Agents tab.
3
Select More | Agent Notifications.
NOTE: For stand-alone agents, if the Load Evaluation check box is selected, a notification is not sent because load balancing does not occur.
6
Click Add to add an email address to the list of recipients for the email notifications. You can edit a selected address or remove selected addresses from the list.
7
Related Documents