Chat now with support
Chat with Support

Active Administrator 8.6.2 - User Guide

Active Administrator Overview User Provisioning Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Managing broken certificates

Previous Next


Certificates > Managing broken certificates

Managing broken certificates

On a specified interval, the Certificate Protection feature validates that the certificate details stored by Active Administrator® match the certificates installed on the computer. When this feature is enabled, any differences found are reported as broken certificates and email notifications are sent to the recipients on the certificate email list. See Configuring certificate protection.

Broken certificates are indicated by an icon in the list and also display in a pane at the bottom of the window.

You can attempt to repair the broken certificate or override the broken certificate, which replaces the certificate stored in the Active Administrator database with the broken certificate. An email notification is sent to a list of recipients when a broken certificate is repaired, fails repair, or is overridden. To see the history of repairs and overrides, select More | Broken Certificate History.

 
* 
NOTE: If auto-repair is enabled, repairs are automatically attempted on broken certificates when found. If the repair is successful, email notifications are sent and the repair is logged in Broken Certificate History. If the repair fails, the broken certificate remains in the list, and the failed repair is logged in the Broken Certificate History.
To manage a broken certificate
1
Select Certificates | Certificate Management.
2
Select the computer or virtual folder to view the certificates.
3
Select the broken certificate in the bottom pane.

To view the details of the broken certificate, click Certificate Details.

4
Choose to either repair the broken certificate or override the broken certificate notification.

To repair a broken certificate

a
Click Repair.
b
Click Yes. If the repair is successful, the status of the broken certificate becomes Valid.

To override a broken certificate notification

a
Click Override.
b
Enter a comment to explain why you are overriding the broken certificate notification. The comment appears in the email notification and Certificate Details..
* 
IMPORTANT: The broken certificate replaces the certificate stored in Active Administrator
c
Click OK. The status of the broken certificate becomes Valid.

Sending email notifications

Previous Next


Certificates > Sending email notifications

Sending email notifications

You can send email notifications when a certificate is about to expire, added, or deleted. You also can check for certificates that use a cryptographic hash algorithm. Some notifications apply only to Certificate Management, while others also apply to the Certificate Repository. See Setting certificate configuration.

Topics 
Excluding certificates that support cryptography
Excluding revoked certificates

Excluding certificates that support cryptography

Previous Next


Certificates > Sending email notifications > Excluding certificates that support cryptography

Excluding certificates that support cryptography

If notifications are enabled and a certificate supports the selected cryptographic hash algorithm, an email notification is sent. See Setting certificate configuration. You can exclude a selected certificate from being included in the notification.

To exclude a certificate from notification
1
Select Certificates | Certificate Management.
2
Select the computer or virtual folder to view the certificates.
3
Select a certificate, and select More | Notifications.
4
Select Exclude from notification.
5
Click OK.
To exclude a certificate in the repository from notification
1
Select Certificates | Certificate Repository.
2
Select a certificate, and click Edit Certificate.
3
Select Exclude from notification.
4
Click OK.

Excluding revoked certificates

Previous Next


Certificates > Sending email notifications > Excluding revoked certificates

Excluding revoked certificates

By default, if a certificate is revoked, an email notification is sent. You can exclude a selected certificate from being included in the notification.

To exclude a certificate from revoked notification
1
Select Certificates | Certificate Management.
2
Select the computer or virtual folder to view the certificates.
3
Select a certificate, and select More | Revoke notifications.
4
Select the check box to exclude the certificate.
5
Click OK.
To exclude a certificate in the repository from revoked notification
1
Select Certificates | Certificate Repository.
2
Select a certificate, and click Edit Certificate.
3
Select Exclude from revoke notification.
4
Click OK.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating