Chat now with support
Chat with Support

Welcome, erwin customers to Quest Support Portal click here for for frequently asked questions regarding servicing your supported assets.

Active Administrator 8.5 - User Guide

Active Administrator Overview Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

LSASS drilldown

The Local Security Authority Subsystem (LSASS) drilldown displays information on database traffic and authentication requests.

The LSASS drilldown displays the following information in graphs:

Table 145. LSASS drilldown


The percentage of the CPU used by the LSASS process.

LSASS I/O Activity

How many bytes have been read from or written to the Active Directory database by the LSASS process. Read activity is shown in orange. Write activity is shown in blue.


The number of NTLM NT Lan Manager Authentications and Kerberos Authentications per second being handled by the currently connected domain controller. NTLM Authentications are shown in orange and Kerberos Authentications are shown in blue.

Directory Activity

The number of directory read and write operations per second occurring on this domain controller. Read activity is shown in orange, and write activity is shown in blue.

LDAP drilldown

The LDAP drilldown displays detailed information regarding communications between clients and the domain controller.

The LDAP drilldown displays the following graphs:

Table 146. LDAP Drilldown

LDAP Client Sessions

The number of clients that currently have open LDAP sessions with this domain controller.

LDAP Bind Time

The amount of time necessary to perform the last LDAP bind.

Consistently high values might indicate a hardware or networking problem.

Directory Searches Per Second

The number of directory searches that are being run per second on this domain controller.

LDAP Search Time

The time taken for a simple LDAP search against the domain controller.

FSMO Roles drilldown

The Flexible Single-Master Operation (FSMO) Roles drilldown indicates which domain controller owns each FSMO role. It also indicates which domain controller is the Global Catalog (GC) server.

NOTE: By default, the FSMO Roles drilldown collects only the FSMO roles for the domain where the domain controller is located. Select Collect FSMO role holders from other domains to collect all FSMO roles in the forest. If selected, this check box is applied to all current connections as well as new future connections.

The FSMO Roles drilldown displays the following information.


The five main roles a server can fulfill. These include Domain Naming Master, Schema Master, Infrastructure Master, PDC Emulator, and RID Server.

Global Catalog and Intersite Topology Generator are not FSMO roles; they are listed here as extra information.

Domain Controller

The network name of the computer that fulfills the associated FSMO role.


The name of the domain to which the computer belongs.


The site to which the computer belongs.

IP Address

The IP address of the computer.


Alerts Appendix

This appendix provides details on the alerts within the Active Directory Health Analyzer. Along with a detailed description of the event that triggers the alert, a resolution is provided.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating