• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Active Administrator 8.6
• Active Administrator 8.6 - Web Console User Guide

Active Administrator 8.6 - Web Console User Guide

Table of Contents  

Active Administrator Web Console Overview

About the Web Console Configuring the web server Opening the Web Console Using the Active Administrator dashboard

Displaying the dashboard Arranging the dashboard panels Setting refresh and rotation Configuring dashboard panels

Using the help menu

Active Directory Health

About Active Directory Health Using the Active Directory Health landing page Analyzing health of a domain controller Analyzing health of a domain Analyzing health of a site Analyzing the health of a forest

Alerts

Viewing alerts Viewing alert details Adding an alert to notifications Creating a notification for an alert Viewing alert history

Filtering alert history

Generating an alert history report Muting alerts Clearing mutes Viewing mute history

Notifications

About alert notifications Viewing alert notifications Creating alert notifications Pushing alerts to System Center Operations Manager Limiting notifications

Active Directory Health Check

Using the Health Check landing page Creating a Health Check Setting options for Health Check tests Purging Health Check History Health check tests

Forest tests

Forest details Naming operations master inconsistent Naming operations master is not a global catalog server Naming operations master not responding Schema operations master inconsistent Schema operations master not responding Schema version inconsistent

Domain tests

Conflict encountered during replication DC replication latency DNS domain missing SRV records Domain details FSMO placement GC replication latency Infrastructure master host GC Infrastructure master not responding Infrastructure operations master inconsistent Objects exist in the Lost and Found PDC master not responding RID master not responding RID operations master inconsistent Root PDC time source missing

Domain controller tests

Active Directory Domain Service Cache copy read hits Compare SRV DNS records with Netlogon.dns file Consecutive replication failures threshold exceeded CPU processor time DC replication latency DFS namespace service DFS replication service DFSRS % processor time DFSRS conflict area disk space DFSRS conflict files generated DFSRS private bytes DFSRS RDC is not enabled DFSRS sharing violation DFSRS staged file age DFSRS staging area disk space DFSRS USN records accepted DFSRS working set Domain controller relative identifier (RID) Domain controller responsive Domain controller time synchronization File replication (NTFRS) staging space free in kilobytes GC replication latency Group policy object inconsistent Installed applications Installed updates Invalid primary DNS domain controller IP address Invalid secondary DNS domain controller IP address Kerberos Key Distribution Center service LDAP response time Logic disk details LSASS % processor time LSASS private bytes LSASS working set Memory details Memory page faults a second Missing domain controller SRV DNS record NetLogon folder shared NetLogon Windows service Network adapter information NTDS DRA inbound properties filtered a second NTDS LDAP searches a second NTDS LDAP writes a second Operating system details Primary DNS resolver not responding Secondary DNS resolver not responding Server sessions SysVol details SysVol folder shared Windows Time service

Site tests

No authority in site to resolve universal group memberships Inter-site replication manager Inter-site replication topology generation disabled Intra-site replication topology generation disabled Morphed directories exist in site Site details Too few global catalog servers in site

Active Directory Topology

Viewing Active Directory forest topology Viewing alerts Customizing the topology layout

Reports

Running reports Active Directory Health reports Active Directory Infrastructure reports DNS reports Security reports Certificates reports Server configuration report

Network Operations Center

Using the Network Operations Center

Viewing operations summary Viewing topology Viewing active alerts Viewing domain controllers

Managing diagrams

Adding a new diagram Editing a diagram Deleting a diagram

Managing profiles

Adding a new profile Editing profile settings Deleting a profile

• Viewing Topics 65 - 68 of 148

×

Active Directory Domain Service

Indicates if the Active Directory® Domain Service is running on the domain controller.

Category

•	Windows Services

Requirements

•	Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

•	Required permissions: When monitored locally or remotely, domain administrator privilege is required.

Description

The most typical cause of this situation is when a server administrator shuts down the Distributed File System (DFS) service and forgets to restart it.

Resolution

Use the Services MCC snap-in or another SCP application to restart Active Directory Domain Services.

Cache copy read hits

Indicates the performance of the server may be degraded because of too few cache read hits.

Category

•	Performance counters

Requirements

•	Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

•	Required permissions: When monitored locally and remotely, only domain user privilege is required and the user must be a part of the Performance Logs User group.

Description

Tests the cache copy read hits data collector on the domain controller to see if the value of the data collector drops below the configured threshold for a period exceeding the configured duration.

Resolution

•	Reduced cache hits are due to excessive disk I/O or insufficient memory, or both. When the cache hit percentage drops, the system spends more time waiting for disk accesses to complete, and overall system throughput suffers enormously.

•	If possible, try to reduce the number of applications running on the server that is generating disk I/O. If you are running several batch jobs on the server, running them one after the other, rather than all at the same time, may actually be faster.

•	You can also try to reduce the number of users accessing the server by moving heavily-used files to other, less-loaded servers.

Compare SRV DNS records with Netlogon.dns file

Compare SRV DNS records with Netlogon.dns file

Indicates one or more requisite Domain Name System (DNS) Service Locator (SRV) entries are not defined. DNS SRV entries are vital to the proper functioning of Active Directory®.

Category

•

General

Requirements

•	Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

NOTE: Windows Active Directory DNS Server only.

•	Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group.

Description

This test compares all of the SRV records that exist in the netlogon.dns file to the SRV records int he DNS server. This test confirms the existence of the following SRV entries for each zone hosted on the server and checks the netlogon.dns file if the file exists on the domain controller:

_ldap._tcp.<zone-name>

_ldap._tcp.dc._msdcs.<zone-name>

_ldap._tcp.pdc._msdcs.<zone-name>

_kerberos._tcp.<zone-name>

_kerberos._udp.<zone-name>

_kerberos._tcp.dc._msdcs.<zone-name>

_kpasswd._tcp.<zone-name>

_kpasswd._udp.<zone-name>

This test is accompanied by a list of the missing SRV entries.

Whenever a domain controller is promoted, the Microsoft NetLogon process registers the applicable SRV entries with the primary DNS server of the affected domain. As SRV entries are used to identify the constituent domain controllers, the Primary Domain Controller(PDC), and the owner of the global catalog of each zone, the absence of an SRV entry can have serious consequences for Active Directory.

The presence of all requisite SRV locator entries is evaluated for top-level zones exclusively. However, SRV locator entries of sub-zones that host at least one domain controller (with a Active Directory Health Analyzer agent) are evaluated.

Cause

Typically, missing SRV entries indicate that Dynamic DNS has been disabled for one or more DNS zones. Active Directory relies on Dynamic DNS to update all affected entries when network resources are altered or relocated. Other possible causes include DCPROMO failure, and erroneous manual configuration of SRV entries.

NOTE: Dynamic DNS can be disabled explicitly via Windows Registry settings.

Resolution

Confirm that Dynamic DNS is enabled on all applicable zones. Either add the SRV entries manually in the DNS Management Console or cause the entries to be refreshed (for example, by demoting and subsequently promoting the effected domain controllers).

Consecutive replication failures threshold exceeded

Indicates that the number of consecutive replication failures equals or exceeds the configured threshold.

Category

•

General

Requirements

•	Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

•	Required permissions: When monitored locally and remotely, only domain user privilege is required. When monitored remotely, the target server must have WMI remote access enabled and the user must be a member of the Distributed COM Users group.

Resolution

•	Check connectivity between the domain controller and the replication partner in question. Check to see that the link is reasonably clear, especially during replication (check the replication schedule for the connection).

•	Make sure that each partner has adequate CPU and memory resources to ensure timely servicing of replication requests.

•	Make sure that the link between partners is adequate for the amount of traffic carried during replication. For example, if thousands of objects are being replicated over a slower connection link, the link should be upgraded, or the replication topology reconsidered.

•  Previous
• Viewing Topics 65 - 68 of 148
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center