Chat now with support
Chat with Support

Active Administrator 8.4 - Web Console User Guide

Active Administrator Web Console Overview Active Directory Health Alerts Notifications Active Directory Health Check
Using the Health Check landing page Creating a Health Check Setting options for Health Check tests Health check tests
Forest tests Domain tests Domain controller tests Site tests
Active Directory Topology Reports Network Operations Center

Domain controller tests

Domain controller tests are divided into four categories that are organized on four tabs. You can select tests from all four tabs to run together.

Active Directory Domain Service

Indicates if the Active Directory® Domain Service is running on the domain controller.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally or remotely, domain administrator privilege is required.

The most typical cause of this situation is when a server administrator shuts down the Distributed File System (DFS) service and forgets to restart it.

Use the Services MCC snap-in or another SCP application to restart Active Directory Domain Services.

Cache copy read hits

Indicates the performance of the server may be degraded because of too few cache read hits.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required and the user must be a part of the Performance Logs User group.

Tests the cache copy read hits data collector on the domain controller to see if the value of the data collector drops below the configured threshold for a period exceeding the configured duration.

Compare SRV DNS records with Netlogon.dns file

Indicates one or more requisite Domain Name System (DNS) Service Locator (SRV) entries are not defined. DNS SRV entries are vital to the proper functioning of Active Directory®.

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group.

This test compares all of the SRV records that exist in the netlogon.dns file to the SRV records int he DNS server. This test confirms the existence of the following SRV entries for each zone hosted on the server and checks the netlogon.dns file if the file exists on the domain controller:

_ldap._tcp.<zone-name>

This test is accompanied by a list of the missing SRV entries.

Whenever a domain controller is promoted, the Microsoft NetLogon process registers the applicable SRV entries with the primary DNS server of the affected domain. As SRV entries are used to identify the constituent domain controllers, the Primary Domain Controller(PDC), and the owner of the global catalog of each zone, the absence of an SRV entry can have serious consequences for Active Directory.

The presence of all requisite SRV locator entries is evaluated for top-level zones exclusively. However, SRV locator entries of sub-zones that host at least one domain controller (with a Active Directory Health Analyzer agent) are evaluated.

Typically, missing SRV entries indicate that Dynamic DNS has been disabled for one or more DNS zones. Active Directory relies on Dynamic DNS to update all affected entries when network resources are altered or relocated. Other possible causes include DCPROMO failure, and erroneous manual configuration of SRV entries.

Confirm that Dynamic DNS is enabled on all applicable zones. Either add the SRV entries manually in the DNS Management Console or cause the entries to be refreshed (for example, by demoting and subsequently promoting the effected domain controllers).

Related Documents