Hi all.
Is it possible to monitor Active Directory using WMI? If so, are there any good documentation you could direct me to? I've had non-stop problems trying to monitor using NSClient++ but WMI has been pretty easy so I'd like to make it the default for Windows monitoring.
Monitoring Active Directory using WMI
-
cwscribner
- Posts: 316
- Joined: Thu Mar 31, 2011 9:54 am
- Location: Patten, ME
- Contact:
Re: Monitoring Active Directory using WMI
Not sure about using WMI, but one thing I do to check AD functionality is a homegrown plugin with ldapsearch for a known entity. When that fails, I know the domain controller isn't happy.
- Kyle
-
cwscribner
- Posts: 316
- Joined: Thu Mar 31, 2011 9:54 am
- Location: Patten, ME
- Contact:
Re: Monitoring Active Directory using WMI
I've been trying to accomplish the AD monitoring with this (http://www.itefix.no/i2/node/11970#comment-14777) plugin but I've had zero luck.
Re: Monitoring Active Directory using WMI
We use a variety of tools to do AD monitoring I don't know if this will help but this is how we do it:
check_tcp: Check ports 636 and 389
Nsclient++: Monitor that the AD services are running
command_line $USER1$/check_nt -H $HOSTADDRESS$ -u -s <pass> -p 12489 -v SERVICESTATE -d SHOWALL -l Netlogon,NtFrs,kdc,W32Time,DNS,ISMSERV
WinEventLog: Look for problems relating to FSMO, FRS, RID, KCC
We used check_ad for NSClient++ but we found it gave a lot of false positives or alerting of things you really don't care about.
check_tcp: Check ports 636 and 389
Nsclient++: Monitor that the AD services are running
command_line $USER1$/check_nt -H $HOSTADDRESS$ -u -s <pass> -p 12489 -v SERVICESTATE -d SHOWALL -l Netlogon,NtFrs,kdc,W32Time,DNS,ISMSERV
WinEventLog: Look for problems relating to FSMO, FRS, RID, KCC
We used check_ad for NSClient++ but we found it gave a lot of false positives or alerting of things you really don't care about.
-
cwscribner
- Posts: 316
- Joined: Thu Mar 31, 2011 9:54 am
- Location: Patten, ME
- Contact:
Re: Monitoring Active Directory using WMI
I might give that method a try. I know nothing about AD other than that my client wants it monitored. Would you happen to have a details list or something that shows what sort of things you can monitor in AD?
Re: Monitoring Active Directory using WMI
This is going to seem like a cop out reply but what's important to us may not be important to you. With that being said though, I would probably start by adding "Directory Service", "DNS Server" and "File Replication Service" logs to WinEventLog and just capture all Errors. Also ask your AD guy... he may know exactly what he wants to care about or if you have access to a Microsoft TAM they might be able to get you some good starting information on what event ID's are environment-is-in-catastrophic-meltdown-run-around-with-arms-flailing.
After a couple months of teething you should have been able to weed out the events you don't care about.
After a couple months of teething you should have been able to weed out the events you don't care about.