Chat now with support
Chat with Support

Active Administrator 8.4 - User Guide

Active Administrator Overview Certificates Security & Delegation Azure Active Directory  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Configuring Azure Active Directory Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSRS CPU load DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Review the reported orphaned GPO folders in the local SYSVOL and remove any that are obsolete. Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Setting certificate configuration

The Certificates feature monitors the state of certificates on managed computers and the security on the repository. You can enable or disable certificate monitoring, and send a notification email when the state of a certificate changes.

Certificate protection validates that the certificate details stored by Active Administrator® match the details of the certificate installed on the computer. When this feature is enabled, any differences found are reported as broken certificates and email notifications are sent to the recipients on the certificate email list.

To make changes to certificates in the repository, users and groups must be granted the modify permission on the Certificate Repository folder from within Active Administrator. You can check the security and send notifications if the modify permission is altered with native tools.

Topics:

Setting certificate notifications

Notifications are sent to accounts on the email list based on the settings you configure.

1
Select Configuration | Certificate Configuration.
2
Open the General tab, if necessary.

deleted

Certificate Management only

Select to enable or disable notifications for certificates that were deleted.

added

Certificate Management only

Select to enable or disable notifications for certificates that were added.

You also can further specify to only send notifications when a certificate is added using native tools.

going to expire

Select to enable or disable notifications for certificates that are going to expire.

To exclude expiring certificates in the repository and PFX files, clear the check boxes.

You also can select to send notifications to the user prior to a password expiring The maximum value is 90 days. Select to send additional levels of notification, if desired.

Select to repeat the notifications after the final notification, if desired. The setting for the final notification will repeat, so if the final notification is set to 5 days, the user will continue to receive the notification daily after 5 days until they change their password.

expired

Select to enable or disable notifications for certificates that are expired.

To exclude expired certificates in the repository and PFX files, clear the check boxes.

uses a cryptographic hash algorithm

Select to enable or disable notifications for certificates that use a cryptographic hash algorithm.

By default, only SHA1RSA is included in the notification. To include other hash algorithms, select the check boxes.

revoked

Select to enable or disable notifications for certificates that were revoked.

To exclude revoked certificates in the repository and PFX files, clear the check boxes.

8
Click Save.

Setting up certificate email notifications

Email notifications are sent to the listed accounts based on the settings on the General tab. See Setting certificate notifications. Notifications are also sent for broken certificates. See Configuring certificate protection.

1
Select Configuration | Certificate Configuration.
2
Click Email Addresses.
4
Click Save.

Configuring certification authority

When searching for Certificate Authority (CA) certificates, you can employ the search cache instead of searching Active Directory. You can choose to cache an entire forest to maximize the speed of retrieving results, or you can choose to cache only found objects in Active Directory to quickly retrieve the object again from the cache for a certain amount of time.

1
Select Configuration | Certificate Configuration.
2
Click Certificate Authority.

Full

The entire forest (users and computers with CA certificates) is cached in memory.

Set the cache refresh rate. By default, the cache is refreshed every 20 minutes.

Minimal

Only objects that are found during the search are cached. If you search for the object again, the object is found first in the cache. The object is removed from the cache after 20 minutes.

7
Click Save.
Related Documents