Chat now with support
Chat with Support

Active Administrator 8.7 - User Guide

Active Administrator Overview User Provisioning Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Defining role-based access

Previous Next


Configuration > Defining role-based access

Defining role-based access

Set up permissions to restrict access to the various modules in Active Administrator. Permissions are evaluated when a user starts Active Administrator. If the user does not have permission to an Active Administrator module, that module does not display. If the user does not have permission to any modules, Active Administrator Console shuts down. All modifications to the permissions are audited by the Active Administrator audit agent.

Topics 

Refer to the following table to determine the access to give to users.

Table 110. Role-based access

Role

Area

Full Control

Full access to all modules in Active Administrator. Clear the check box to configure individual roles.

Active Templates

Dashboard

Search (Search only)

Delegation Status

Active Templates

Tasks

Search quick task

Alert Editor

Dashboard

Search (Search only)

Alerts

Tasks

Search quick task

Alert Viewer

Dashboard

Search (Search only)

Alerts (Read only)

Tasks

Search quick task

Audit Report Management

Dashboard

Search (Search only)

Audit Reports

Archives

Tasks

Search quick task

Audit Report Viewer

Dashboard

Search (Search only)

Audit Reports (Read only but can add tags and comments)

Archives (Read only but can add tags and comments)

Tasks

Search quick task

Domain Controller Management

Dashboard

Search (Search only)

DC Status

Services

Performance

Event Logs

Tasks

Search quick task

Group Policy History

Dashboard

Search (Search only)

Group Policy History

Task

Search quick task

Group Policy Object Management

Dashboard

Search (Search only)

Group Policy Objects

GPO By Container

GPO Modeling

GPO Backup

Troubleshooting

Tasks

Search quick task

Group Policy Repository

Dashboard

Search (Search only)

GPO Repository

Tasks

Search quick task

Password Policy

Dashboard

Search (Search only)

Password Policies

Tasks

Search quick task

Recovery

Dashboard

Search (Search only)

Object Recovery

Tasks

Search quick task

Security

Dashboard

Search (Search and Edit)

User Logon Activity

Delegation Status

Tasks

All quick tasks items

Site Management

Dashboard

Search (Search only)

Active Directory Sites

Replication Monitoring

Replication Analyzer

Tasks

Search quick task

Trusts Management

Dashboard

Search (Search only)

Active Directory Trusts

Tasks

Search quick task

DNS Management

Full access to the DNS module.

Certificate Management

Full access to the Certificate module.

Certificate Management Viewer

Read-only access to the Certificate module.

Active Directory Health Alert Viewer

Read-only access to Active Directory Health Analyzer alerts.

Active Directory Health Analyzer

Read-only access to the Active Directory Health Analyzer module.

Azure Active Directory Connect

Full access to Active Directory Health | Active Directory Connect.

Active Directory Health Agent Management

Access to Active Directory Health Analyzer | Agents to install, remove, edit, and start/stop/restart agents.

If disabled, user can view agent properties and workload details.

Active Directory Health Alert Management

Full access to Active Directory Health Analyzer | Agents | Alert Settings to edit settings for alerts.

If disabled, user can view, but not edit alert settings.

Active Directory Health Data Collector Management

Full access to Active Directory Health Analyzer | Agents | Data Collectors to edit settings for data collectors.

If disabled, user can view, but not edit data collector settings.

Active Directory Health Notification Management

Full access to managing Active Directory Health Analyzer notifications.

Active Directory Health Troubleshooter

Full access to Active Directory Health | Troubleshooter.

If disabled, user cannot run reports, run jobs, delete reports and jobs results, clear history or replicate connections between domain controllers in replication view. User can open existing reports from history, view previous job results, and view generated replication views.

Active Directory Health Check Management

Full access to the Active Directory Health Check module.

Active Directory Health Check Viewer

Read-only access to the Active Directory Health Check module.

User Provisioning

Full access to user provisioning actions.

User Provisioning read-only access

Read-only access to user provisioning.

To manage role-based access
1
Select Configuration | Role Based Access.
NOTE: To configure individual roles, you must clear the Full Control check box. To configure individual Active Directory Health Analyzer roles, you must select the Active Directory Health Analyzer check box.

Table 111. Role-based access tool bar

Option

Description

Refresh

Refresh the list.

New

Click to add users and groups to the list. See Adding a new user or group to Active Administrator.

Save

Save any changes.

Delete

Click to remove selected users and groups from the list.

Select All Permissions

Select all modules for the selected user or group.

Clear All Permissions

Clear all modules for the selected user.

Adding a new user or group to Active Administrator

Previous Next


Configuration > Defining role-based access > Adding a new user or group to Active Administrator

Adding a new user or group to Active Administrator

To add a new user or group to Active Administrator
1
Select Configuration | Role Based Access.
2
Click New.
To select all, click Select All Permissions.
To clear all, click Clear All Permissions.
6
Click Save.

Setting email server options

Previous Next


Configuration > Setting email server options

Setting email server options

To set email server options
1
Select Configuration | Email Settings.
2
Select to use either SMTP or Exchange Online.

Email Option

Procedure

SMTP

4
Type the email address that to appear in the From box of the alert email. By entering something meaningful, you can use the From box to filter your email. By default, the email of the current user displays.

Exchange Online

NOTE:  
4
Click Test Settings to verify the values.
5
Click Save.

Configuring SCOM and SNMP Settings

Previous Next


Configuration > Configuring SCOM and SNMP Settings

Configuring SCOM and SNMP Settings

If you have a license for the Active Directory Health module and are using Microsoft® System Center Operations Manager (SCOM), you can deploy the Quest® Active Administrator® management pack, which establishes a connection to SCOM. If you are using an SNMP manager, you can configure the integration from the Active Administrator console. Once an alert manager has been configured, Active Directory Health alerts from the Active Directory Health Analyzer agent are displayed in the Operations Manager Monitoring pane under the Quest Active Administrator folder and in the SNMP Manager.

NOTE: After you complete the configuration, you can edit the System Center Operations Manager Notification to configure which Active Directory Health Analyzer alerts to push to SCOM or an SNMP manager. See Pushing alerts to System Center Operations Manager and SNMP managers.
To configure Systems Center Operations Manager and SNMP integration
1
Select Configuration | SCOM and SNMP Settings.
2
Optionally, select Forward alert events to SCOM server to forward alert events and to deploy the Quest Active Administrator management pack to the specified SCOM management server.

Type the name of the SCOM management server.

Type or browse for an account with SCOM administrator rights, and type the password.

To test the SCOM connection, click Test Settings.

3
Optionally, select Enable SNMP notification and enter the IP address of the SNMP notification target computer.

To test the SNMP connection, click Test Settings.

4
Click Save.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating