Active Administrator Overview
Starting Active Administrator console
Using quick tasks
Using the dashboard
Managing domain controllers
Certificates
Adding a managed domain controller
Removing a managed domain controller
Accessing a domain controller remotely
Searching Active Directory
Opening the Web Console
Using the Certificates landing page
Managing certificates
Managing computers
Managing monitored organizational units
Viewing certificates
Viewing certificate details
Viewing the validation chain
Managing broken certificates
Sending email notifications
Reporting on certificates
Exporting certificates
Installing certificates
Deleting certificates
Managing Certificate Authority
Security & Delegation
Viewing a Certificate Authority summary
Adding a forest
Searching Certificate Authority
Managing Certificate Authority servers
Viewing certificate templates
Viewing events
Configuring Certificate Authority notifications
Viewing Certificate Authority backups
Using the Certificate Repository
Adding a certificate to the repository
Viewing certificate details from the repository
Installing certificates from the repository
Updating certificates in the repository
Reporting on certificates in the repository
Exporting certificates from the repository
Deleting certificates from the repository
Searching certificates
Using the Security & Delegation landing page
Managing security
Azure Active Directory
Managing Active Directory objects
Viewing Active Directory objects by type
Reporting on Active Directory objects by type
Viewing native permissions
Viewing Active Template delegations
Resetting passwords
Resetting computers
Moving Active Directory objects
Managing group memberships
Monitoring user logon activity
Managing locked out accounts
Managing password policies
Adding members to a selected group
Adding selected accounts to a group
Adding multiple accounts to selected groups
Reporting on Active Directory objects
Creating a new fine-grained password policy
Linking a password policy
Sending password notifications
Checking delegation status
Managing Active Templates
Creating an Active Template
Categorizing Active Templates
Adding a delegation link
Reporting on Active Templates
Managing inactive accounts
Configuring inactive users and computers
Checking for inactive users and computers
Viewing inactive users and computers history
Reporting on inactive accounts
Purging stale accounts
Sending password reminders
Sending account expiration notifications
Viewing expired accounts
Purging account history
Setting up Azure Active Directory
Using the Azure Active Directory landing page
Managing users
Managing groups
Searching Azure Active Directory
Viewing changes to Azure Active Directory
Active Directory Health
Switching to Active Directory Health
Using the Active Directory Health landing page
Installing Active Directory Health Analyzer agents
Auditing & Alerting
Installing Active Directory Health Analyzer agents into a pool
Installing Active Directory Health Analyzer agents onto domain controllers
Setting up automatic Active Directory Health Analyzer agent deployment
Using the Active Directory Health Analyzer agent configuration utility
Excluding domain controllers
Managing the Remediation Library
Analyzing Active Directory health
Managing the Active Directory Health Analyzer tree
Using the analyzer pages
Analyzing health of all domain controllers
Analyzing health of a selected domain controller
Analyzing health of all domains
Analyzing health of a selected domain
Analyzing health of all sites
Analyzing health of a selected site
Analyzing the health of a forest
Analyzing Azure Active Directory
Installing the Azure Active Directory Connect Health Monitoring Agent
Setting up the Azure Active Directory Connect application
Managing Active Directory Health Analyzer alerts
Adding the Azure Active Directory Connect application
Configuring Azure Active Directory Connect application settings
Viewing Azure Active Directory Connect status
Viewing Azure Active Directory Connect alerts
Monitoring Azure Active Directory Connect operations
Viewing Azure Active Directory Connect events
Searching the Metaverse
Viewing Azure Active Directory Connect connectors
Managing the Azure Active Directory Connect Health Monitoring Agent
Setting alerts
Purging and archiving alert history
Viewing alerts and alert history
Filtering alert history
Generating an alert history report
Muting alerts
Clearing mutes
Viewing mute history
Managing alert notifications
Pushing alerts to System Center Operations Manager and SNMP managers
Managing monitored domain controllers
Managing data collectors
Setting permissions for data collectors
Setting data collectors
Adding performance counter data collectors
Adding Windows Services data collectors
Setting an authoritative RODC
Purging and archiving Active Directory Health Analyzer data
Active Directory Health Templates
Managing Active Directory Health Analyzer agents
Using the Troubleshooter
Managing the DFSR service
Running the Directory Service Replication Troubleshooter
Enabling or disabling domain controller replication
Setting directory service log levels
Setting Netlogon parameters
Setting startup and recovery options
Cleaning up metadata
Running online defrag
Replicating Active Directory
Recovering Active Directory Health data
Using the Auditing & Alerting landing page
Managing audit reports
Group Policy
Creating a new audit report
Creating a new audit report by copying a report
Running an audit report
Scheduling audit reports
Changing ownership of scheduled reports
Categorizing audit reports
Using tags to mark events
Adding a comment to an event
Grouping events
Viewing event details
Managing archive reports
Managing audit agents
Excluding domain controllers
Setting up auditing on domain controllers
Installing audit agents
Modifying the audit agent startup account
Modifying the audit agent test account
Updating audit agents
Moving an audit agent
Automating audit agent deployment
Canceling pending automated deployments
Managing alerts
Creating an alert
Managing alerts
Changing the alert notification policy
Setting global quiet time
Managing alert history
Managing event definitions
Archiving & purging audit events
Using the Group Policy landing page
Managing Group Policy objects
Active Directory Recovery
Creating a new Group Policy object
Copying Group Policy objects
Copying Group Policy objects between domains
Comparing Group Policy objects
Reporting on Group Policy objects
Managing links
Managing GPOs by container
Creating containers
Linking Group Policy objects
Blocking inheritance
Managing linked GPOs
Reporting on Group Policy objects
Searching for GPO settings
Managing GPO history
Using the GPO repository
Modeling GPO changes
Managing GPO backups
Backing up Group Policy objects
Scheduling a GPO backup
Comparing Group Policy backups
Restoring a Group Policy object
Troubleshooting
Purging GPO history
Using the Active Directory Recovery landing page
Managing Active Directory backups
Restoring from a backup
Purging Active Directory backups
Active Directory Infrastructure
Using the Active Directory Infrastructure landing page
Managing Active Directory sites
DC Management
Browsing Active Directory
Building Active Directory structure
Monitoring replication
Using the replication analyzer
Managing Active Directory trusts
Adding a new site
Adding a new connection
Adding a new subnet
Adding a new site link
Adding a new site link bridge
Reporting on Active Directory
Using the DC Management landing page
Checking domain controller status
Managing services
Monitoring domain controller performance
Managing event logs
DNS Management
Using the DNS Management landing page
Managing DNS servers
Configuration
Adding managed DNS servers
Adding records
Editing records
Deleting records
Running reports
Editing DNS server properties
Editing zone properties
Editing zone permissions
Scavenging records
Monitoring DNS servers
Using the DNS analyzer
Viewing the DNS event log
Searching for DNS records
Using the Configuration landing page
Managing tasks
Defining role-based access
Setting email server options
Configuring SCOM and SNMP Settings
Configuring Azure Active Directory
Diagnostic Console
Adding the Active Administrator app
Setting up Azure Active Directory domains
Setting up Azure Active Directory change notifications
Setting notification options
Setting Active Template options
Setting agent installation options
Setting recovery options
Setting GPO history options
Setting certificate configuration
Setting certificate notifications
Setting up certificate email notifications
Configuring certification authority
Configuring certificate protection
Setting security on the repository
Setting service monitoring policy
Managing archive databases
Migrating data to another database
Setting a preferred domain controller
Setting up workstation logon auditing
Deploying the workstation logon audit agent
Managing configuration settings
Enabling workstation auditing
Deploying the workstation logon agent
Deploying the workstation logon agent from a GPO
Enabling the default port for the workstation logon auditing agent
Setting the Active Administrator server
Viewing license details
Running an assessment report
Scheduling an assessment report
Running a configuration report
Managing email addresses
Scheduling a configuration report
Checking status of the AFS server
Setting user options
Setting general user options
Setting options for audit reports
Setting user log on activity
Setting Active Directory Health Analyzer options
Enabling console logging
Managing the Active Directory server
Opening the Diagnostic Console
Using components
Alerts Appendix
Network components
Dataflow components
LSASS components
File Replication components
AD Store components
Active Directory components
Operating System components
Using indicators
Using drilldowns
Domain controller alerts
Event Definitions
PowerShell cmdlets
Active Directory Certificate Services service is not running
Active Directory Domain Services is not running
Active Directory Web Services service is not running
Consecutive replication failures
DC cache hits
DC DIT disk space
DC DIT log file disk space
DC LDAP load
DC LDAP response too slow
DC Memory Usage
DC properties dropped
DC RID pool low
DC SMB connections
DC SYSVOL disk space
DC time sync lost
Detected NO_CLIENT_SITE record
DFS Replication service not running
DFS service is not running
DFSR conflict area disk space
DFSR conflict files generated
DFSRS CPU load
DFSR RDC not enabled
DFSR sharing violation
DFSR staged file age
DFSR staging area disk space
DFSR USN records accepted
DFSRS unresponsive
DFSRS virtual memory
DFSRS working set
DNS Client Service is not running
Domain controller CPU load
Domain controller page faults
Domain controller unresponsive
File Replication Service is not running
File replication (NTFRS) staging space free in kilobytes
GC response too slow
Group policy object inconsistent
Hard disk drive
Intersite Messaging Service is not running
Invalid primary DNS domain controller address
Invalid secondary DNS domain controller address
KDC service is not running
LSASS CPU load
LSASS virtual memory
LSASS working set
Missing SRV DNS record for either the primary or secondary DNS server
NETLOGON not shared
NetLogon service is not running
Orphaned group policy objects exist
Review the reported orphaned GPO folders in the local SYSVOL and remove any that are obsolete.
Physical memory
Power supply
Primary DNS resolver is not responding
Secondary DNS resolver is not responding
Security Accounts Manager Service is not running
SRV record is not registered in DNS
SYSVOL not shared
W32Time service is not running
Workstation Service is not running
Domain alerts
Conflict encountered during replication
DNS server missing domain SRV records
Domain FSMO role placement
Global catalog server replication latency
Infrastructure operations master hosts a global catalog server
Infrastructure operations master inconsistent
Infrastructure operations master not responding
Missing root PDC time source
Objects exist in the Lost and Found container
PDC operations master inconsistent
PDC operations master not responding
Replication latency
RID operations master inconsistent
RID operations master not responding
RODC allowed password replication policy inconsistent
RODC denied password replication policy inconsistent
Site alerts
Inter-site replication manager
Inter-site replication topology generation disabled
Intra-site replication topology generation disabled
Morphed directories exist in site
No authority in site to resolve universal group memberships
Too few global catalog servers in site
Forest alerts
Domain naming and schema operations masters differ
Domain naming operations master inconsistent
Domain naming operations master is not a GC
Naming operations master not responding
Schema operations master inconsistent
Schema operations master not responding
Schema version inconsistent
Site link settings inconsistent with PDC
Site settings inconsistent with PDC
Subnet settings inconsistent with PDC
Azure Active Directory Connect alerts
What are cmdlets?
Using Active Administrator cmdlets
Using cmdlets to get information about the Active Administrator server
Getting the status of Active Administrator licenses
Getting configuration settings for the Web server
Getting logging status for ADS
Getting operation status for ADS
Getting the port number for ADS
Getting logging status for AFS
Getting operation status for AFS
Getting the port number for AFS
Getting operation status for the HTTP service
Getting the status of Full-Text Search
Getting operation status for the Active Administrator Notification Service
Using cmdlets to manage the Active Administrator server
Updating the Active Administrator license
Setting configuration for the Active Administrator Web server
Switching the setting of Full-Text Search
Setting the startup account for AFS and ADS
Setting the port for ADS
Switching logging status of ADS
Switching operation status of ADS
Setting the port for AFS
Switching logging status of AFS
Switching operation status of AFS
Switching operation status of the HTTP service
Clearing the AFS cache
Setting the startup account for the Active Administrator Notification Service
Switching operation status of the Active Administrator Notification Service
Third-party contributions
Setting up auditing on domain controllers
|
2 |
Select Group Policy | Group Policy Objects. |
|
3 |
|
4 |
Expand Computer Configuration | Windows Settings | Security Settings | Local Policies, and select Audit Policy. |
|
6 |
Close the Group Policy window. |
|
7 |
From the command prompt, refresh the Group Policies by typing gpupdate /force. |
Installing audit agents
To collect data on a computer, you must install and activate the audit agent.
|
1 |
Select Auditing & Alerting | Agents. |
|
2 |
Click Install. |
The Welcome page reminds you to enable auditing in Active Directory®. See Setting up auditing on domain controllers.
|
3 |
Click Next. |
|
4 |
In the Domain box, type the domain name; or browse to locate a domain. |
|
5 |
If necessary, click Find Domain Controllers. |
|
• |
To select all listed domain controllers, click Select all. |
|
• |
To clear all the check boxes, click Clear all. |
|
7 |
Click Next. |
|
Start collecting events immediately after installation of the agent |
|
|
By default, Active Administrator® monitors the status of the audit agent. |
|
9 |
Click Next. |
|
10 |
In the Run as box, type an account with domain administrative rights, or click to locate an account, and then enter the password. |
|
NOTE: The Active Administrator Agent service can also run under a domain user account provided it is a local administrative account, which gives it the rights to log on as a service, log on locally, and manage auditing and security log, or these privileges can be granted individually. This user or service account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initial database creation were modified and it can be found under the Users container object of Active Directory. |
|
11 |
To verify the account, click Test Audit Agent Account. |
|
12 |
Click Next. |
|
14 |
Click Next. |
|
15 |
Click Finish. |
The Audit Agent page lists the domain controllers you selected, the time and date of the last event collected, the status of the audit agent and the advanced audit agent, the name of server on which Active Administrator is installed, and the version number of the audit agent installed on the domain controller.
|
NOTE: By default, the audit agent is activated upon installation. To change the default setting, click Configuration | Agent Installation Settings. See Setting agent installation options.
You can view details about the install in the AuditAgentInstall*.log file, which is located in the Program Files\Quest\Active Administrator\Server\Logging folder. NOTE: If you experience deactivated audit agents after installing agents in a new domain on a Windows Server® 2016 or Windows 2019 domain controller, clear the security event log and restart the audit agent. |
Modifying the audit agent startup account
|
1 |
Select Auditing & Alerting | Agents. |
|
2 |
Select a domain controller, and select More | Set Startup Account. |
|
NOTE: A domain administrator account is recommended. The Active Administrator® audit agent service can run under a domain user account if it is a local administrative account, which gives it the rights to log on as a service and log on locally, or an account with these two privileges granted individually. This account should also be a member of the AA_Admin group, which by default is located in the Local groups of the server where the ActiveAdministrator database is located. If the group is not found in this location, the settings during the initially database creation were modified and the group can be found under the Users container object of Active Directory®. |
|
5 |
Click OK. |
Modifying the audit agent test account
By default, Active Administrator® monitors the status of the audit agent.
|
1 |
Select Auditing & Alerting | Agents. |
|
2 |
Select a domain controller, and select More | Test Startup Account. |
|
5 |
Click OK. |