AD Connect monitoring

[kalyanpabolu]

Hi Team,

We want to monitor AD connect in Nagios XI. I could find below plugin to monitor the same but I am unable to find the the plugin name itself.
Below is the link:

https://exchange.nagios.org/directory/P ... 20%2DHours.

Please suggest some plugins that would be helpful to monitor AD connect sync.

[benjaminsmith]

Hi @kalyanpabolu,

There is a collection for plugins by this member on GitHub. This looks like the plugin you are looking for:

https://github.com/juangranados/nagios- ... ctsync.ps1

--Benjamin

[kalyanpabolu]

Hello,

Thank you for your reply.
I am not sure how to use powershell script in Linux. Could you please guide us on the same?
Please give an example to use the script.

[ssax]

The powershell scripts are meant to be run through an agent such as NCPA that would be running on the remote Windows server, see here:

https://support.nagios.com/kb/article/n ... a-722.html

[kalyanpabolu]

Hello,

Thank you for the help!!

We are able to get the correct output using the same plugin but I am getting some additional error message as well.

[root@vmaz-nagiosxi libexec]# /usr/local/nagios/libexec/check_ncpa.py -H 10.44.3.78 -t ******* -P 5693 -M 'plugins/check_azureadconnectsync.ps1'
Get-ADSyncScheduler : The term 'Get-ADSyncScheduler' is not recognized as the
name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\Program Files (x86)\Nagios\NCPA\plugins\check_azureadconnectsync.ps1:36
char:20
+ $ADSyncScheduler = Get-ADSyncScheduler
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-ADSyncScheduler:String) [],
CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

CRITICAL: Azure AD Connect Sync is disabled. Server is in active mode. Latest heart beat event (within last 3 hours). Time 03/25/2021 14:47:50.
[root@vmaz-nagiosxi libexec]#


Can you please help me on the same?

[ssax]

It may need to use the 32-bit powershell.

Edit your C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg on the Windows server and comment out this one that is uncommented:

Code: Select all

.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args

To this:

Code: Select all

#.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args

Then add this one in its place:

Code: Select all

.ps1 = c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -ExecutionPolicy Bypass -File $plugin_name $plugin_args

Then restart the ncpa_listener service on the Windows system, run the check again, and let us know the results.

EDIT: If that doesn't fix it, you may need to do this:

https://www.michev.info/Blog/Post/1355/ ... et-missing

If that doesn't fix it, try reverting the ncpa.cfg back to use the original .ps1 line and then test again.

[kalyanpabolu]

Hello Sean,

We are able to get the output now, but the timestamp it is showing is incorrect. The latest sync timing is around 1 PM GT today.
But, in attached screenshot, you can see its showing 11:48 AM GST.

Is there nay difference in between heart beat event and sync?

Please suggest.

[ssax]

The time output is coming directly from the plugin, I would check the date/time on the remote system that is running the plugin, I don't think NCPA would have any impact on it, do this:
- Login to the Windows system:
- Open up a 32bit powershell session as an admin
- cd into C:\Program Files (x86)\Nagios\NCPA\plugins
- Run the plugin manually, what does it output?