directory analyzer admin guide

4.9DirectoryAnalyzer

Administrator’s Guide

© 2008 Quest Software, Inc. ALL RIGHTS RESERVED.

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc.

If you have any questions regarding your potential use of this material, please contact:

Quest Software World HeadquartersLEGAL Dept5 Polaris WayAliso Viejo, CA 92656USAwww.quest.comemail: [email protected]

Refer to our Web site for regional and international office information.

TRADEMARKS

Quest, Quest Software, the Quest Software logo, Aelita, Akonix, Akonix, AppAssure, Benchmark Factory, Big Brother, ChangeAuditor, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, GPOAdmin, I/Watch, Imceda, InLook, IntelliProfile, InTrust, Invertus, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, MessageStats, NBSpool, NetBase, Npulse, NetPro, PassGo, PerformaSure, Quest Central, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, vAnalyzer, vAutomator, vControl, vConverter, vEssentials, vFoglight, vMigrator, vOptimizer Pro, vPackager, vRanger, vRanger Pro, vReplicator, vSpotlight, vToad, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vEssentials, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.

Disclaimer

The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.

DirectoryAnalyzer Administrator’s GuideUpdated - October 2008Software Version - 4.9

http://www.quest.com/

mailto:[email protected]

DirectoryAnalyzer 1

Table of Contents

Chapter 1: Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1DirectoryAnalyzer Features - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2DirectoryAnalyzer Benefits - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4System Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6What’s in this Manual- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7Reporting Problems - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9Contacting Quest Software - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 10

Chapter 2: DirectoryAnalyzer Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -11Starting the Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 11Client Components - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 13

Chapter 3: Monitoring Active Directory - - - - - - - - - - - - - - - - - - - - - - - - - - - -27Viewing Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 29Viewing Alert Details - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34Viewing Alert Summary Graphs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36

Chapter 4: Browsing the Directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -39Forest View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 39Application Partition View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 40Domain View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 40Site View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 42Information Pages - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 43Forest Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44Domain Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 49Naming Context Summary Tab- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52Site Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 60Site Information Tab- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 62DC Information Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 65Replication Information Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 70

Chapter 5: Browsing Exchange on Active Directory - - - - - - - - - - - - - - - - - -73Exchange Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 75Administrative Group Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 76Routing Group Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 77Routing Group Connectors Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 78SMTP Connectors Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 80Exchange Server Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 82Current Exchange Alerts Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 83

Table of Contents

2 DirectoryAnalyzer

Chapter 6: Troubleshooting Active Directory - - - - - - - - - - - - - - - - - - - - - - - 87Connectivity Troubleshooter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 87FRS Troubleshooter Test - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 92

Chapter 7: Configuring Alerts, Statistics and Alert Notifications - - - - - - - - 95Alert Thresholds - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 95Configuring Alert Thresholds- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 96Modifying Alert Threshold Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 100Statistics Sampling Rate Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 102Enabling Replication Latency Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 103Configuring Authoritative Source for RODC Alerts- - - - - - - - - - - - - - - - - - - - - - - - - - - - 104Configuring Alert Notifications- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105Enabling SNMP Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105Enabling Event Log Recording- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105Configuring Email Notification - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105

Chapter 8: Alert History and Reporting - - - - - - - - - - - - - - - - - - - - - - - - - - 113Generating an Alert History Report - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 114Printing or Exporting Alert History - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 118Maintaining the Alert History Database - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 119

Chapter 9: Launching External Applications - - - - - - - - - - - - - - - - - - - - - - 121Event Viewer - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122Remote Desktop - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122Services- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122Sites and Services - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122Users and Computers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122Domains and Trusts- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123DirectoryTroubleshooter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123DNSAnalyzer - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123ChangeAuditor- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 123External Tools - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 124Adding an External Application - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 126Editing an External Application - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 127Removing an External Application - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 127

Chapter 10: DirectoryTroubleshooter Integration - - - - - - - - - - - - - - - - - - - 129DT Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129DirectoryTroubleshooter Options- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 138

Chapter 11: ChangeAuditor Integration - - - - - - - - - - - - - - - - - - - - - - - - - - 141ChangeAuditor Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 142ChangeAuditor Search Results Window- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 143

Chapter 12: DirectoryAnalyzer Web Portal - - - - - - - - - - - - - - - - - - - - - - - 147Configuring the DA Web Portal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 148DA Web Portal Main Screen - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 151Viewing Current Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 152Viewing Alert History - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 155Viewing ChangeAuditor Events and Details - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 156Sorting Your Results - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 160Managing Your Forest Using the Consolidator Configuration Utility - - - - - - - - - - - - - - 160

Table of Contents

DirectoryAnalyzer 3

Appendix A: DirectoryAnalyzer Alert Messages - - - - - - - - - - - - - - - - - - - -165Domain Controller Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 166Naming Context Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 177Site Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 182Enterprise Agent Alert - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 184Exchange Server Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 184

Appendix B: DirectoryAnalyzer Statistics - - - - - - - - - - - - - - - - - - - - - - - - -185DC Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 185Site Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 187

Glossary - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -189Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -193

Table of Contents

DirectoryAnalyzer 1

Chapter 1: Introduction

Since their inception, Windows 2000 and Active Directory have had a tremendous impact on enterprise networks worldwide. With the introduction of Windows Server 2003, the importance placed on Active Directory has increased. Ensuring a healthy and trouble-free directory is extremely vital. The directory is the heart of Windows 2000, Windows Server 2003 and Windows Server 2008 networks and directory problems can result in service disruptions and business-crippling downtime without warning. For this reason, it is important to assure optimal directory performance.

DirectoryAnalyzer proactively monitors and troubleshoots Active Directory so that you can deploy Windows 2000, Windows Server 2003 and Windows Server 2008 with confidence. DirectoryAnalyzer plays an implemental role in the initial stage of deployment as well as during your ongoing management of Active Directory.

DirectoryAnalyzer monitors domain controllers (DCs), naming contexts (NCs), sites, application directory partitions, DNS (Domain Name System) servers and Exchange servers for key conditions that are necessary to the health of Active Directory. It continuously analyzes Active Directory and alerts on error conditions that occur to give you better advantage in maintaining a stable environment.

Introduction

2 DirectoryAnalyzer

DirectoryAnalyzer FeaturesProactive Monitoring

DirectoryAnalyzer is a constant watchdog for Active Directory on your network. It continuously monitors all critical components of Active Directory to make sure that the directory is functioning properly. These components include domain controllers, naming contexts, replication, sites, Exchange, and DNS functions as they relate to Active Directory.

Alerting and NotificationContinuous monitoring of the important aspects of Active Directory is just one piece of DirectoryAnalyzer. Alerting and notification is another fundamental piece – because when problems occur somewhere in Active Directory, you need to be notified. DirectoryAnalyzer provides two levels of alert thresholds:

• Critical - notifies you of a serious condition that should be investigated immediately.• Warning - notifies you of a less severe condition that could potentially cause a

directory problem if action is not taken to correct a situation.Once a warning or critical alert has occurred, DirectoryAnalyzer can notify you in the following ways:

• Visual - On-screen alerts when a monitored attribute has breached either a warning or critical threshold.

• SNMP - Notification of problems via SNMP traps.• Event Log - Notification of problems via entries in the Application Event Log of the

server hosting the Enterprise Agent.• SMTP (Email) - Notification of problems via email based on user-defined email

rules.

Intuitive Client InterfaceThe DirectoryAnalyzer client interface is designed to provide intuitive AD health management with summary views, drillable graphs, multi-forest alert console, and smartlink integration with DirectoryTroubleshooter, DNSAnalyzer and ChangeAuditor solutions.

TroubleshootingIn addition to continuous monitoring, DirectoryAnalyzer provides interactive tools designed to help you determine what problems exist in the directory. You can use these tools to pinpoint directory problems.

The Connectivity Troubleshooter allows you to perform the following tests:

• Domain Connectivity Tests - A sequence of tests to investigate the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected domain(s).

• Site Connectivity Tests - A sequence of tests to analyze the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected site(s).

• Application Partition Connectivity Tests - A sequence of tests to analyze the connectivity between selected DCs in an Application Partition.

Introduction

DirectoryAnalyzer 3

Directory BrowsingMicrosoft offers several tools for managing Active Directory. But there is no single tool that provides a consolidated view of the entire directory and includes detailed information about each critical component, from NCs to sites to DCs to DNS servers. DirectoryAnalyzer provides that comprehensive view of the enterprise’s Active Directory.

Browse Exchange on Active DirectoryDirectoryAnalyzer’s dedicated Exchange View displays critical Active Directory components and information about how they relate to Exchange. This view provides insight on how Active Directory may be impacting your Exchange organization. This view is particularly helpful in understanding Active Directory’s impact on your Exchange service levels and can help you eliminate user-impacted downtime that may result in poor client experience and slow and incomplete messaging for your users.

In addition to this Exchange View, DirectoryAnalyzer includes several alerts to notify you of potential Exchange related problems

Knowledge BaseOnce DirectoryAnalyzer has uncovered a problem in Active Directory, you may need help solving it. When an alert occurs, you can access the DirectoryAnalyzer knowledge base for answers. The knowledge base explains what the problem means, states the likely cause(s) of the problem and recommends steps to take to repair the problem.

Alert History and ReportingWith DirectoryAnalyzer you can display and print alert history. In addition to displaying and printing the alert history log, DirectoryAnalyzer allows you to export these reports into PDF, DOC, RTF and XLS files.

Enhanced SecurityDirectoryAnalyzer provides access control facilities that define who can monitor what. That is, by assigning and/or denying read access to different objects and/or DirectoryAnalyzer facilities, administrators can control who can view the Active Directory objects being monitored by DirectoryAnalyzer. By granting or denying write access, administrator’s can control who can configure DirectoryAnalyzer.

See the DirectoryAnalyzer Security Administrator’s Guide for more information on DirectoryAnalyzer’s access control facility.

Integration with MOM (Microsoft Operations Manager)DirectoryAnalyzer’s MOM integration features include MOM alert display within the DirectoryAnalyzer interface, and alert synchronization, which ensures timely information flow between the MOM server database and DirectoryAnalyzer Enterprise Agent Alert System.

Launch External ApplicationsExternal applications (such as the Microsoft Active Directory Management utilities), DirectoryTroubleshooter, ChangeAuditor and DNSAnalyzer, as well as user-defined applications, can be launched from the DirectoryAnalyzer client.

Introduction

4 DirectoryAnalyzer

Integration with ChangeAuditor The ChangeAuditor smartlink technology provides intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer, the MOM active directory management pack (ADMP), and the infrastructure change events captured with our real-time change auditing solution, and provides correlation of health and change events within the .Net client.

Integration with DirectoryTroubleshooterThe DirectoryTroubleshooter smartlink technology includes intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer and the MOM active directory management pack (ADMP) with the troubleshooting capabilities provided by DirectoryTroubleshooter. By selecting an alert or domain controller in DirectoryAnalyzer, the product will:

• Recommend specific diagnostics tests and jobs that can help isolate and repair issues.

• Provide a real-time diagnostics view that can highlight issues and bottlenecks.• Graphically display the replication topology and allows operators to force

replication and view replication activity/status.

DirectoryAnalyzer BenefitsDirectoryAnalyzer proactively identifies issues in real-time and troubleshoots Active Directory so that administrators can deploy and manage Windows 2000/2003/2008 with confidence. This section discusses some of the many benefits that DirectoryAnalyzer provides to Active Directory administrators.

Ensures the Health of the DirectoryFrom replication latency and replication topology problems to high LDAP loads and DNS inconsistencies, DirectoryAnalyzer immediately alerts administrators to the problems they need to know about. Take DNS, for instance. As the name location service for Active Directory, DNS uses unique service location resource (SRV) records to articulate Active Directory service information. If SRV records are inaccurate or missing, DNS will point clients to the wrong location for a given resource. And that’s only one example. Replication also poses potential problems. If the directory isn’t replicating properly, new or updated group policies won’t replicate to the domain controllers and users won’t have access to new network resources and applications. DirectoryAnalyzer’s proactive diagnostics capabilities ensure the health of the directory and provide vital peace of mind to Active Directory administrators.

Introduction

DirectoryAnalyzer 5

Delivers Early Warning of Directory Infrastructure ProblemsDirectoryAnalyzer diagnoses all conditions critical to Active Directory. It notifies of alert conditions at the first sign of trouble by generating events in the Application Event Log of the Enterprise Agent, sending SNMP traps to configured receivers, and creating alert messages in the DirectoryAnalyzer Client. With DirectoryAnalyzer, administrators can set alert thresholds to meet the needs of their own environments. And DirectoryAnalyzer enables administrators to define two levels of alerts for each condition– warning and critical. DirectoryAnalyzer provides early warning that an error condition has occurred and may be escalating. It also tells the administrator the exact location of the problem for fast, efficient resolution.

Centralizes Access to Directory InformationDirectoryAnalyzer displays a comprehensive, enterprise-level view of the Active Directory infrastructure, identifying relationships and disclosing detailed information about each component. When an administrator chooses a naming context, for example, they will see details concerning Operations Master Roles, including the status of each and their consistency across all agented servers in the enterprise. Or, when they select a site, everything from current alerts to inter-site connection and replication status is displayed. DirectoryAnalyzer provides a view of Active Directory that is unavailable from any other solution, allowing administrators to browse the entire directory from a single location.

DirectoryAnalyzer’s right-click functionality allows you to launch preconfigured Microsoft MMC snap-ins, additional Quest products, and user-defined applications from within the DirectoryAnalyzer client.

Trends and Reports on Active Directory Health Over TimeDirectoryAnalyzer provides an alert history database that allows an administrator to report and trend Active Directory health. Understanding where the key problem areas in the directory are from a historical standpoint is key to your future directory planning. DirectoryAnalyzer’s alert history reporting capabilities allow you to run reports on current alerts and/or past alerts, selectable by domain, domain controller, site, etc. These reports can be printed or exported to a file.

Pinpoints and Diagnoses Directory ProblemsDirectoryAnalyzer helps to research specific issues with timesaving troubleshooting tests that quickly perform in-depth diagnostic tests. Administrators can test connectivity to domains, application partitions and sites, and quickly measure everything from IP ping-time results and server status details to LDAP query time on all of the domain controllers. To conduct similar tests manually, troubleshooting from many locations across the network would be required. DirectoryAnalyzer troubleshoots problems in minutes that would take hours to troubleshoot manually.

Introduction

6 DirectoryAnalyzer

Provides a Consolidated Multi-Forest ViewThe DirectoryAnalyzer Web Portal (DAWeb) allows administrators to view all Active Directory forest health alerts from a single Web console. This provides the power to quickly view issues that impact the Active Directory environment even in situations where cross-forest trusts do not exist. This must-have tool for multi-forest environments, enables the administrator to know what is happening across the directory before it can have a negative impact. This multi-forest view is now also available through the Consolidator View in the DirectoryAnalyzer Client.

Provides ChangeAuditor IntegrationDirectoryAnalyzer provides intelligent integration and correlation between the Active Directory alerts from DirectoryAnalyzer and the infrastructure change events captured with ChangeAuditor. Together, DirectoryAnalyzer and ChangeAuditor, provide administrators a comprehensive tool for identifying and resolving the root cause of AD issues. This translates into cost savings by reducing mean time to repair and improving directory uptime.

Provides Error Resolution with Context-Sensitive Knowledge BaseDirectoryAnalyzer proactively notifies administrators of directory trouble – and it goes a step further. DirectoryAnalyzer’s comprehensive knowledge base provides context-sensitive solutions to Active Directory problems. To obtain answers to tough directory questions, administrators simply drill down on a given alert to access expert advice from the knowledge base. The product provides practical advice for both Active Directory experts and novices.

System OverviewDirectoryAnalyzer is made up of four primary components:

• Enterprise Agent - a service that resides on a Windows 2000/2003/2008 member server in the enterprise. It is responsible for monitoring forest-wide conditions and collecting alert conditions and information from the Site Agent(s) in order to generate notifications to administrators and display status to the client.

• Site Agent - a service that resides on a single domain controller within a site. In addition to performing all the actions of a standard DC Agent, it is responsible for monitoring site-level conditions and collecting alert conditions and information from all DC Agents in the same site to pass on to the Enterprise Agent. The Site Agent also includes the functionality of the DC Agent.

• DC Agent - a service that resides on each domain controller in the enterprise, except the one hosting the Site Agent at each site. The DC Agent is charged with monitoring that domain controller for alert conditions and passing them on to the Site Agent.

• Client - the user interface that manages all aspects of DirectoryAnalyzer.

Introduction

DirectoryAnalyzer 7

The following diagram shows how these components fit together to accomplish the task of monitoring Active Directory.

The above diagram represents the general flow of alert communications through DirectoryAnalyzer. The path that is followed when generating an alert is the same path that is used to clear an alert when the given threshold is no longer being violated. Although this is a simple example, the flow of communication works the same way in complex environments with many sites and levels of administration.

What’s in this ManualThis manual assumes you have a working knowledge of Active Directory. It consists of the following chapters:

IntroductionThis chapter provides a review of the many features and benefits of DirectoryAnalyzer, an overview of DirectoryAnalyzer, a description of the contents of this manual, and information on obtaining additional assistance.

The DirectoryAnalyzer ClientChapter 2 describes the layout of the client and the commands used to operate DirectoryAnalyzer.

Monitoring Active DirectoryChapter 3 provides information about how DirectoryAnalyzer monitors the different Active Directory components. It discusses how to view alerts, access the knowledge base and override alert thresholds.

Browsing the DirectoryChapter 4 describes the browsing capabilities of DirectoryAnalyzer and defines the information presented on each of the information tabs.

Introduction

8 DirectoryAnalyzer

Browsing Exchange in Active DirectoryChapter 5 covers how to browse Exchange using DirectoryAnalyzer and provides details about each Exchange view information tab.

Configuring Alerts, Statistics and Alert NotificationsChapter 6 discusses how to customize the alert thresholds and statistics for your Active Directory environment. It also explains how to enable and configure different alert notification methods, including SNMP, Event Log Recording and SMTP (email).

Troubleshooting Active DirectoryChapter 7 describes the Connectivity and FRS troubleshooter tests included in DirectoryAnalyzer and the test results provided to pinpoint problems that may exist in the directory.

Alert History and ReportingChapter 8 describes how to generate alert history reports and how to delete alerts from the alert history database.

Launching External ApplicationsChapter 9 explains how to launch external Microsoft applications as well as user-defined applications from the DirectoryAnalyzer client.

DirectoryTroubleshooter IntegrationChapter 10 describes how DirectoryTroubleshooter solution integrates with DirectoryAnalyzer and provides a detailed description of the DT tabs.

ChangeAuditor IntegrationChapter 11 provides information about the ChangeAuditor integration and a detailed description of the ChangeAuditor tab.

DirectoryAnalyzer Web PortalChapter 12 describes the add-on which allows an administrator to view current alerts and alert history via an interactive web page. This chapter also explains how to manage your forest using the Consolidator Configuration utility.

Appendix A: DirectoryAnalyzer Alert MessagesAppendix A lists the DirectoryAnalyzer alerts and provides a brief description of each alert message and their default threshold settings.

Appendix B: DirectoryAnalyzer StatisticsAppendix B lists the DirectoryAnalyzer statistics and provides a description of each statistic and their default sampling interval.

GlossaryThe glossary contains an alphabetical listing of terms used in DirectoryAnalyzer and Active Directory.

IndexThe index provides an alphabetical subject listing for the contents of this manual.

Introduction

DirectoryAnalyzer 9

Reporting ProblemsNetPro (now part of Quest Software) offers a variety of ways to get additional help.

My.netpro.comMy.netpro.com was designed to provide you with the best possible service and deliver it conveniently and quickly -- when you need it. Here’s what you can do on my.netpro.com:

• submit and update support incidents• view your product purchases• view your maintenance purchases• subscribe and/or unsubscribe from news list(s)• request product information and literature• request product evaluation software• search our technical support knowledge base• sign up to participate in the Beta Program

My.netpro.com is a completely secure site and you will need login credentials to access the area each time you visit. On your first visit, you will create the credentials to be used every time you return to the site.

Telephone SupportNetPro offers industry-leading technical support every business day throughout North America and Europe. Qualified support technicians can be reached at the numbers listed below:

• U.S.: 1 602 346 3670 or Toll Free 1 866 9 NETPRO• Germany: 0800 180 2577• UK: 0 0800 047 0197• France: 0800 917881• Australia: 1 800 773 850• FAX: 1 602 346 3610

EmailProblem reporting is also available at the following email address:

• [email protected]

AddressNetPro Computing, Inc. (now part of Quest Software)4747 N. 22nd StreetSuite 400Phoenix, AZ 85016-4774USA

Introduction

10 DirectoryAnalyzer

Contacting Quest SoftwareEmail

[email protected]

MailQuest Software, Inc.World Headquarters5 Polaris WayAliso Viejo, CA 92656USA

Webhttp://www.quest.com

Refer to our web site for regional and international office information.

Introduction

DirectoryAnalyzer 11

Chapter 2: DirectoryAnalyzer Client

The DirectoryAnalyzer client provides the primary interface to all aspects of DirectoryAnalyzer. The client can run on Windows 2000 Professional, Windows Server 2000/2003/2008, Windows XP or Windows Vista workstations. The DirectoryAnalyzer client enables you to perform the following functions:

• monitor Active Directory and view current alert status• access MOM alert details and update alert status and history • browse the directory structure• view detailed information about domain controllers (DCs), domains, naming contexts

(NCs), application partitions, sites, and Exchange servers• configure alert thresholds, sampling rate intervals and alert notifications• troubleshoot server connectivity• report alert history• launch external applications, including DirectoryTroubleshooter, ChangeAuditor and

DNSAnalyzer

Starting the ClientTo start DirectoryAnalyzer, from the Start menu select Programs | NetPro | DirectoryAnalyzer | DirectoryAnalyzer Client. This will display the Connection dialog which allows you to select the Enterprise Agent or Consolidator to which you want to connect and enter the associated user credentials to be used.

DirectoryAnalyzer Client


Connecting to an Enterprise Agent

To connect to an Enterprise Agent, select the Enterprise Agent option at the top of the dialog and enter the server and user credentials as described below:

Enterprise Agent ServersUse the drop-down menu or enter the name of the server where the Enterprise Agent is installed to which you wish to connect.

Use Windows credentials as DA credentialsBy default, this option is selected (checked) and the current Windows credentials will be used to connect to the specified Enterprise Agent.

To specify different user credentials, select the check box to remove the check mark. This will expand the dialog allowing you to enter alternate credentials.

DomainUse the drop-down menu to select a previously used Enterprise Agent server or enter the name of the Enterprise Agent server to be used.

User IDEnter the user name to be used.

PasswordEnter the password associated with the user name specified.

Once the appropriate credentials have been entered, use the Connect button to connect to the specified DirectoryAnalyzer Enterprise Agent.

Connecting to a Consolidator

To connect to a consolidator, select the Consolidator option at the top of the dialog and enter the server to be used.



Consolidator ServersUse the drop-down menu or enter the name of the server where the DAWeb portal consolidator is installed.

NOTE: See Chapter 12: DirectoryAnalyzer Web Portal for more information on configuring the consolidator server and viewing multiple forests.

Client ComponentsThe DirectoryAnalyzer client display contains the following components:

• Menu Bar - displays the menus for accessing DirectoryAnalyzer commands.• Tool Bar - provides quick access to commonly used commands.• Enterprise Explorer - contains a hierarchical view of your network topology which can be

used to navigate through the DirectoryAnalyzer client.• Information Pages - displays specific information about the object selected in the

Enterprise Explorer.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrator’s Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights.* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



Menu BarThe DirectoryAnalyzer menus follow the same conventions as standard Windows menus. That is, commands are grouped under a menu on the menu bar. Some of these commands perform an action immediately; others display an additional dialog box where you select various options or specify additional information.

The following sections describe the commands under each of the DirectoryAnalyzer menus.

File Menu

Use the File Menu commands to connect to or disconnect from an Enterprise Agent or Consolidator or to exit DirectoryAnalyzer.

ConnectUse the Connect command to connect to a different Enterprise Agent or Consolidator.

This command will display the Connection dialog allowing you to specify the Enterprise Agent and associated user credentials (or Consolidator).

DisconnectUse the Disconnect command to disconnect from the current Enterprise Agent or Consolidator.

ExitUse the Exit command to close the DirectoryAnalyzer Client.

Edit Menu

Use the Edit Menu command to locate an object in the Enterprise Explorer.

FindUse the Find command to locate an object in the network topology displayed in the Enterprise Explorer. This command will display the Enterprise Search dialog allowing you to enter the search criteria to be used to locate an object. When the object is located, the topology view will expand and the object will be selected/highlighted and the associated information pages will be displayed.

View Menu

Use the View Menu commands to control what is to be displayed when browsing the directory.

Show DCs w/o AgentsThe Show DCs w/o Agents command is a toggle switch indicating whether to display servers that are not running a DirectoryAnalyzer Agent in the Enterprise Explorer. A check mark in front of the command means these servers will be displayed. Non-agented servers will be displayed with a grayed-out server icon.

NOTE: This command is not available in the Consolidator view.



Filter Empty Domains/SitesThe Filter Empty Domains and Filter Empty Sites commands are toggle switches that allow you to display or hide domains and sites that do not contain any servers in the Enterprise Explorer. A check mark in front of the command means these domains or sites will NOT be displayed.

Show Only Managed (default)The Show Only Managed command is a toggle switch indicating whether to display only the sites and servers managed by the currently connected Enterprise Agent or to display the entire topology including sites/servers which won’t be alerted on through the connected Enterprise Agent. A check mark to the left of this command indicates that only sites and servers managed by the currently connected Enterprise Agent will display in the Enterprise Explorer (default); no check mark indicates that ALL sites and servers in the topology will be displayed, though alerting will still only display for managed sites/servers. The default is set to Show UnManaged.

NOTE: ‘Managed’ refers to the existence of a site in an Enterprise Agent’s DA.ini file.

Expand AllUse the Expand All command to expand the tree view to display all of the objects.

Collapse AllUse the Collapse All command to collapse all of the items in the tree view to the top most level.

Expand ObjectUse the Expand Object command to display subordinates of the selected object.

Collapse ObjectUse the Collapse Object command to collapse all of the items directly under the selected object.

Show Full Screen (F11)Use the Show Full Screen command or F11 to hide the Enterprise Explorer pane and fill the entire screen with the current information page. Use this command or F11 to redisplay the Explorer pane to the left of the information page.

Configuration Menu

Use the Configuration Menu commands to view and configure the settings (alert thresholds and sampling rate settings), enable and configuration alert notifications, perform database maintenance, enable replication latency, modify DirectoryTroubleshooter options, etc.

NOTE: The Configuration menu is NOT available in the Consolidator view.

AlertsUse the Alerts command to display the Alert Configuration tab (at the top of the page) to view/modify the complete set of DirectoryAnalyzer alert threshold settings for the object type selected in the Enterprise Explorer. A check mark in front of this command indicates that the Alert Configuration tab will be displayed.



When the Domain View is selected in the Enterprise Explorer, the following commands are available to further define the Alert Configuration tab to be displayed:

• Alerts | All NCs• Alerts | Schema• Alerts | Configuration

Sampling RatesUse the Sampling Rates command to display the Sampling Rates tab, which displays the sampling rates used for gathering Active Directory statistics used to assess alert conditions. A check mark in front of this command indicates that the Sampling Rates tab will be displayed.

RODC Alerts Use the RODC Alerts command to display the Configure RODC Alerts dialog to select the authoritative source to base consistency against the selected domain.

NOTE: If an authoritative source is not configured for a domain, DirectoryAnalyzer will select a default authoritative source for the domains in your Windows 2008 environment.

SNMP AlertsThe SNMP Alerts command is a toggle switch indicating whether DirectoryAnalyzer is to report alerts via SNMP. A check mark in front of the command will cause DirectoryAnalyzer alerts to be available through SNMP.

Event Log RecordingThe Event Log Recording command is a toggle switch that specifies whether to include DirectoryAnalyzer alerts in the Application Event Log of the Enterprise Agent member server. A check mark in front of the command will cause the alerts to be recorded.

Database | Delete AlertsUse the Database | Delete Alerts command to delete alerts from the database. This command will display the Database Maintenance dialog, allowing you to delete all alerts from the database prior to a specified date.

Harvest Partial NCsUse the Harvest Partial NCs command to enable/disable the harvesting of partial NCs (a.k.a. partial replicas, read-only replicas) on global catalogs. A check mark in front of this command indicates that this feature is enabled.

Replication LatencyUse the Replication Latency command to enable replication latency. This command will display the Replication Latency dialog allowing you to enable and configure the analysis of replication latency.

Enable ICMP PingUse the Enable ICMP Ping command to enable/disable the use of ICMP pings. A check mark in front of this command indicates that this feature is enabled. The ability to disable the ICMP ping is provided to prevent environments that block the ICMP port from receiving false alerts.



Email SettingsUse the Email Settings command to configure email notifications. This command will display the Configure Email Notification dialog, which allows you to define the SMTP server configuration and credentials to be used for email notifications.

Email RulesUse the Email Rules command to define under what conditions an email notification is to be sent. This command will display the Manage Email Notification Rules dialog, which allows you to define new email rules, edit existing rules and delete rules.

DirectoryTroubleshooter OptionsUse the DirectoryTroubleshooter Options command to display the Options dialog from DirectoryTroubleshooter, which allows you to customize many of the aspects of how DirectoryTroubleshooter works.

Reset Factory DefaultsUse the Reset Factory Defaults command to reset the default alert thresholds and sampling rate settings back to the product’s original defaults.

NOTE: The Reset Factory Defaults command affects all objects except those that have been explicitly configured to override the default setting.

Reports Menu

Use the Reports Menu command to generate an alert history report.

Alert HistoryUse the Alert History command to generate an alert history report. This command will display the Alert Reports dialog allowing you to specify what is to be included in the alert history report.

Diagnostics Menu

Use the Diagnostics Menu commands to run server connectivity tests, launch other solutions to troubleshoot Active Directory and DNS issues, or run an FRS troubleshooter test.

NOTE: The Diagnostics menu is NOT available in the Consolidator view.

ConnectivityUse the Connectivity command to launch the Connectivity Troubleshooter which allows you to perform the following connectivity tests:

• the connectivity between selected domain controllers hosting a replica of an application partition

• the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in a selected domain

• the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in the selected site

DirectoryTroubleshooterUse the DirectoryTroubleshooter command to launch DirectoryTroubleshooter product, if installed.



DNSAnalyzerUse the DNSAnalyzer command to launch DNSAnalyzer QuickAnalyzer, if version 4.0 is installed or the DNSAnalyzer Admin Console, if an earlier version of DNSAnalyzer is installed.

ChangeAuditorUse the ChangeAuditor command to launch the ChangeAuditor solution, if installed.

NTFRS | New TestUse the NTFRS | New Test command to define a new FRS Troubleshooter Test. This command will display the Create New FRS Troubleshooter Test dialog, which allows you to name the test and specify the originating server. After specifying a name and server, select the Start button to execute the test.

NTFRS | View Test ResultsUse the NTFRS | View Test Results command to view the results of previously executed FRS Troubleshooter tests. This command will display the NTFRS Tests dialog which lists the FRS Troubleshooter tests available for viewing. From this dialog, select/highlight a test and select the View Results button to view the results for the selected test.

Windows Menu

Use the Windows Menu commands to enable current and MOM alerts and view details.

NOTE: If Windows Menu command alerts are disabled, alerts will still generate, though the alert tabs will be hidden.

Current Alerts(default)Use the Current Alerts command to enable (check) and display the Current Alerts tab to view alert details on its information page.

MOM AlertsUse the MOM Alerts command to enable (check) and display the MOM Alerts tab to view alert details on its information page. This command is only available if MOM has been registered.

Help Menu

Use the Help Menu commands to launch the online help contents, display general information about DirectoryAnalyzer or access the Quest Software website.

About Use the About command to display general information about DirectoryAnalyzer, including the version number, current license information, copyright information, contact information and DirectoryTroubleshooter version information.

ContentsUse the Contents command to display the DirectoryAnalyzer Overview and the table of contents for the DirectoryAnalyzer help system.



Product InfoUse the Product Info command to display the DirectoryAnalyzer product page on Quest’s website.

Product SupportUse the Product Support command to display the technical support page on NetPro’s website.

NetPro WebsiteUse the NetPro Website command to display the home page of NetPro’s website.

Tool BarThe tool bar buttons provide quick access to commonly used commands.

Use the Connect button to connect to a different Enterprise Agent or Consolidator. This command will display the Connection dialog allowing you to specify the Enterprise Agent and associated user credentials to be used (or Consolidator server).

Use the Disconnect button to disconnect from the current Enterprise Agent or Consolidator.

Use the Alert History button to generate an Alert History Report. This button will display the Alert Reports dialog, which allows you to define what is to be included in the Alert History report.

Use the Connectivity button to launch the Connectivity Troubleshooter, which allows you to perform server connectivity tests.

Use the DirectoryTroubleshooter button to launch the DirectoryTroubleshooter solution. This button is only available when DirectoryTroubleshooter is installed on the local machine.

Use the DNSAnalyzer button to launch the DNSAnalyzer product. This button is only available when DNSAnalyzer is installed on the local machine.

Use the ChangeAuditor button to launch the ChangeAuditor solution. Note: ChangeAuditor must be installed and the ChangeAuditor Client must be installed on the local machine.



Use the Refresh button to retrieve and display the latest domain controller or replication information. This button is only activated when the DC Information and Replication Information pages are active.

Use the Find button to locate an object in the Enterprise Explorer.

Enterprise ExplorerThe left-hand pane of the DirectoryAnalyzer screen contains an enterprise view which provides a quick way to obtain the necessary information relating to a problem location (naming context, domain, site, application partition, or domain controller). When you know where a problem is located, this hierarchical list allows you to easily navigate through your enterprise to the desired location.

To assist you in navigating, DirectoryAnalyzer provides the following views of your enterprise:

• The Application Partition View displays the application partitions in your enterprise in alphabetical order, without regard to hierarchy. This allows you to investigate application partition issues without navigating down the tree.

• The Domain View provides a quick way to get information regarding a domain/naming context and its domain controllers. The top level of this hierarchical list corresponds to the roots of the domain/naming context trees in the enterprise. You can then expand or collapse the trees to reveal the domain/naming context hierarchy.

• The Site View provides a quick way to get to the information about a site and the domain controllers in the site. The top level of the hierarchy is a list of sites in the enterprise. Underneath each site, the list displays the domain controllers located at that site.

• The Exchange View displays the Microsoft Exchange organization and its server components. This view provides insight on how Active Directory may be impacting specific Exchange servers.

In addition, the Edit | Find menu command and toolbar button allow you to search for an object in the Enterprise Explorer. The Enterprise Search dialog displays when the Edit | Find command is selected.

From this dialog, you can specify the object to be located in the Enterprise Explorer.



Find whatEnter the name of the object to be located. You can also enter partial names to initiate a search.

Match whole wordSelect (check) the Match whole word option if you want to match the whole word entered in the Find what field.

Search upBy default the search will start from the object selected in the Enterprise Explorer and search "down" the tree. Select (check) the Search up option to search "up" the tree.

Object typeSelect the type of object to be located:

• Application Partition• Domain• Domain Controller (default)• Exchange Group• Exchange Server• Site

When the object is found, the topology will expand and the object will be selected/highlighted. Use the Find Next button to find continue searching through the topology. Use the Close button to stop the search and close the dialog.

Enterprise View Icons

The icons used in these views represent the following objects in your enterprise:

Enterprise

Site

Naming Context (NC)

Application Partition

Domain Controller (DC) or Exchange Server

DC with Global Catalog (DC/GC)

DC with DNS Server (DC/DNS Server)

DC with DNS Server and GC (DC/DNS/GC)

Bridgehead Server



Bridgehead Server and GC

Bridgehead Server with DNS

Bridgehead Server with DNS and GC

Exchange Organization

Administrative Group

Routing Group

Non-Agented Server*

* Servers without a DirectoryAnalyzer agent can be displayed in the enterprise view by selecting the View | Show DCs w/o Agents menu command. Non-agented servers will be displayed with a grayed-out server icon. To hide these servers, select this menu command to remove the check mark.

Expanding/Collapsing Views

The lines connecting objects represent a hierarchical relationship. The small box indicates the expansion state of the object. A plus sign (+) indicates there may be more objects to be displayed; a minus sign (-) indicates that all of the objects are being displayed; no box indicates that the object cannot be expanded.

By using the View Menu commands, double-clicking the left mouse button on an object, or single-clicking on the plus sign (+) or minus sign (-), you can expand or collapse the displayed view of the enterprise.

Right-Click Functionality

Right-clicking some objects will display a context menu with commands that can be executed against the selected object. Commands include those associated with launching external applications, including DirectoryTroubleshooter.

Depending on the object selected, the following commands are available:

Show AlertsUse the Show Alerts command to display the Current Alerts tab for the selected object.

FindUse the Find command to display the Enterprise Search dialog, which allows you to enter the search criteria to be used to locate an object in the Enterprise Explorer.

ExpandUse the Expand command to expand the tree view to display subordinate objects under the selected object.



CollapseUse the Collapse command to collapse all of the items directly under the selected object.

Event ViewerUse the Event Viewer command to display the Event logs for the remote server.

Remote DesktopUse the Remote Desktop command to connect to a Windows 2000, Windows 2003 or Windows 2008 server with remote desktop enabled.

PreviewUse the Preview command to view a brief description of the alert.

Go To Subject (Site/Domain View)Use the Go To Subject command to display the information page for the location of the generated alert in domain or site view.

Set Alert Resolution StateUse the Set Alert Resolution State command to change a MOM alert’s status.

Alert History CommentsUse the Alert History Comments command to add comments to a MOM alert’s history.

ServicesUse the Services command to launch the Services snap-in for a remote server. (Windows 2003 Server only)

Users and ComputersUse the Users and Computers command to launch the Active Directory Users and Computers snap-in. (NOTE: Admin tools must be installed on the local workstation.)

Sites and ServicesUse the Sites and Services command to launch the Active Directory Sites and Services snap-in. (NOTE: Admin tools must be installed on the local workstation.)

Domains and TrustsUse the Domains and Trusts command to launch the Active Directory Domains and Trusts snap-in. (NOTE: Admin tools must be installed on the local workstation.)

DirectoryTroubleshooterUse the DirectoryTroubleshooter command to launch the DirectoryTroubleshooter product. (NOTE: DirectoryTroubleshooter must be installed on the local workstation.)

External Tools ConfigUse the External Tools Config command to display the External Tools Configuration dialog allowing you to define additional external applications (*.exe) to be launched.

CopyUse the Copy command to copy alert details for pasting into a document.

ExportUse the Export command to export and save alert details into an excel file.



PrintUse the Print command to print alert details as they appear on the information pages.

Print PreviewUse the Print Preview command to preview and print alert details as they appear on the information pages.

See Chapter 9: Launching External Applications for more information on these commands and the applications that can be launched directly from the DirectoryAnalyzer client.

Information PagesThe right-hand pane of the DirectoryAnalyzer screen contains tabbed information pages filled with data about the object selected in the Enterprise Explorer. Tabs are provided at both the top and bottom of the display to access different information relating to the selected object. The tabbed pages available at the bottom of the screen are different depending on the page being displayed using the tabs at the top of the page. Below is a list of the main (top) tabs that are available, with their supporting tabs (bottom) listed under them:

• Administrative Group (displayed when an Exchange Administrative Group is selected)• Alert Configuration (displayed when the Configuration | Alerts menu command is

enabled)• Alert Summary Graph (displayed when any object is selected)• Current Alerts (displayed when Current Alerts from the Windows menu is enabled and

any object is selected)• Alert Details • Alert Configuration • DT• ChangeAuditor

• Current Exchange Alerts (displayed when a Exchange Server is selected)• Alert Details • Alert Configuration • DT• ChangeAuditor

• DC Information (displayed when a DC is selected)• Adapter Summary• Hot Fixes• DT

• Domain Summary (displayed when the Domain View node is selected)• Domain Role Owners• Forest Role Owners• Latency Times

• Exchange (displayed when the Exchange View node is selected)• Exchange Server Summary (displayed when the Exchange Server is selected)



• Forest Summary (displayed when the Enterprise node is selected)• Domain Role Owners• Forest Role Owners• Latency Times

• MOM Alerts• MOM Alert Details• MOM Alert History• DT• ChangeAuditor

• Naming Context Summary (displayed when a domain, naming context or application partition is selected)

• DNS Summary• Role Owners Details• DC Summary• Latency Times

• Replication Information (displayed when a DC is selected)• DNS Information• DT

• Routing Group (displayed when a Exchange routing group is selected)• Routing Group Connectors (displayed when a Exchange routing group is selected)• Sampling Rates (displayed when the Configuration | Sampling Rates menu command

is enabled)• Site Information (displayed when a site is selected)

• Inter Site Connections• Global Catalogs

• Site Summary (displayed when the Site View node is selected)• Bridgehead Servers

• SMTP Connectors (displayed when a Exchange routing group is selected)



Chapter 3: Monitoring Active Directory

DirectoryAnalyzer monitors all critical components of Active Directory on a continual basis to make sure that the directory is functioning properly. These components include domain controllers, naming contexts, sites, application directory partitions, Exchange servers, and DNS functions as they relate to Active Directory.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrator’s Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights.* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Domain ControllersThe domain controller (DC) is the basic physical building block of Active Directory. The DC is a Windows 2000/2003/2008 server that has been tasked with managing a replica of an Active Directory domain. An enterprise’s Active Directory could be comprised of a single DC or hundreds of DCs. The DC stores a copy of the directory. Clients logging into the directory authenticate to the DC and it is also where replication of the directory occurs. Without the DC, Active Directory cannot exist. For this reason, DCs are the most vital components that DirectoryAnalyzer monitors. DirectoryAnalyzer monitors the critical aspects of each DC, including:

• Server status• CPU load• LDAP load• LDAP response time

Naming ContextsThe naming context (NC) is a partition in the namespace. Active Directory is made up of a number of NCs. An NC can exist in more than one physical location by having replicas of the NC reside on DCs in various locations. The NC is also the basic unit of replication within Active Directory.

Monitoring Active Directory


DirectoryAnalyzer monitors all of the important attributes of each NC within Active Directory to ensure that all aspects of each NC function as they should, such as:

• Replication latency• Replication topology issues• Operations Master statuses

SitesA site is a group of domain controllers that are connected via a high speed (greater than 10 Mb) network. Active Directory uses the site layout to create the best replication topology for the DCs in the forest. When a user logs on, the Active Directory client finds a DC in the same site as the user. Because site layout can have a significant effect on Active Directory replication, it is important for the processes carried out on a site to be monitored by DirectoryAnalyzer.

Some of the important attributes of sites that DirectoryAnalyzer monitors include:

• Global Catalog status• Status of each DC within the site

Application Directory PartitionsBeginning with Windows Server 2003, Active Directory provides support for Application Directory Partitions. Application directory partitions can contain a hierarchy of any type of objects except security principals. These partitions can be configured to replicate to any set of DCs in the forest, not just the DCs in a domain (like in a domain partition). By allowing an administrator to control the scope of replication and the placement of replicas, application directory partitions allow the directory to store dynamic data without significantly impacting network performance.

DirectoryAnalyzer monitors the following conditions for application directory partitions:

• Conflicts encountered during replication• Consecutive replication failures• Replication latency• NC lost and found

DNS ServersActive Directory is tightly integrated with Domain Name System (DNS). Active Directory domain names are DNS domain names, and Active Directory uses DNS to locate DCs. When a client tries to log onto Active Directory, it uses DNS to locate the closest DC to authenticate with. If there is a problem in the interaction between Active Directory and DNS, clients cannot locate an appropriate DC.

DirectoryAnalyzer provides important monitoring capabilities for DNS as it relates to Active Directory, including:

• Service status• General consistency between DNS and Active Directory



Exchange ServersMicrosoft Exchange Server is a powerful corporate messaging system for supporting an organization’s e-mail. Exchange 2000/2003 uses Active Directory to store and replicate directory information, for user authentication, to manage Exchange mailbox and mail-enabled objects, for global address lists (GAL), and to store Exchange configuration information. Exchange uses Active Directory to store all mail related attribute information for users including email addresses. Poor replication and DC outages will impact an Exchange server’s ability to provide information to its users. If a user’s email address or name is changed, and these changes are not replicated in a timely fashion, some Exchange servers may render incorrect responses to client requests.

DirectoryAnalyzer provides insight to help you understand Active Directory’s impact on your Exchange service levels, by monitoring the following conditions:

• Exchange server to Global Catalog ratio• Installation of an Exchange server on a DC• Responsiveness of Exchange server

Viewing AlertsDirectoryAnalyzer alerts have two levels of severity: warning and critical. As a situation escalates, a warning alert will be generated, indicating that a lower priority threshold has been violated. As the severity of the error increases, a critical alert will be generated, indicating that the higher priority threshold has been exceeded. A number of attributes can be customized for each of these levels, including the threshold value, duration before an alert occurs and duration before an alert clears.

The DirectoryAnalyzer client provides on-screen alerts when a monitored aspect of Active Directory has violated either a warning or critical threshold. The red-light interface makes it easy to locate alerted objects in your enterprise:

• RED - indicates a “critical” alert condition that should be investigated immediately.

• YELLOW - indicates a “warning” alert threshold has been violated.

Alerts generated from MOM which display on the MOM Alerts tab display additional severity levels:

• - Service Unavailable. Identifies alerts generated for missed heartbeats and other events indicating that an application or service is unavailable to its users.

• - Security Issue. Identifies an alert that indicates a security compromise has occurred. Systems on the network are at risk.

• - Critical Error. Identifies an alert that indicates a serious problem needing attention immediately.

• - Error. Identifies an alert that is important and needs attention soon.



• - Warning. Identifies an alert that might indicate future problems.

• - Information. Identifies an alert that simply provides information.

• - Success. Identifies an alert that indicates a successful event or operation.

Use the Current Alerts and MOM Alerts tabs to view current alert status for the object selected in the Enterprise Explorer. When the either tab is displayed, the following tabbed pages are also available at the bottom of the page:

• Alert Details - displays a brief description of the alert and additional information concerning the reason for the alert.

• MOM Alert Details - displays a brief description of the alert and additional navigational options.

• Alert Configuration - allows you to view or modify the alert threshold settings for an alert.

• MOM Alert History - displays brief details of the alert history.• DT - displays all of the DirectoryTroubleshooter diagnostic tests that relate to the alert

selected in the Current Alerts tab. • ChangeAuditor - allows you to immediately determine if a DirectoryAnalyzer alert was

caused by a change event captured with ChangeAuditor.

Use the Alert Summary Graph to view a graphical display of the current alerts for the object selected in the Enterprise Explorer. This bar graph displays both critical and warning alerts.



Current Alerts TabThe Current Alerts tab is displayed when the DirectoryAnalyzer Client is started or when the Windows | Current Alerts command is selected and an Enterprise node, a naming context, domain, site, application partition or domain controller is selected in the Enterprise Explorer. This tab displays a list of all the current alerts for the selected object.

The following information is displayed for each alert:

SeverityThis column displays a symbol representing the severity of all the alerted object(s) in the selected site, on the selected server or within the selected naming context. Red is used to indicate a critical alert and yellow is used in indicate a warning alert.

TypeThis column displays the type of object that generated the alert:

• Domain Controller• Enterprise• Exchange• Naming Context• Replica• Site



SubjectThis column displays the name of alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert.

Start TimeThis column displays the date and time the alert threshold was violated.

DescriptionThis column provides a text description for the current alert. Refer to Appendix A: DirectoryAnalyzer Alert Messages on page 165 for more information on the alerts that can be generated.

Forest This column displays the name of the forest where the alerted server resides. This column is only available when using the Consolidator to view multiple forests.

MOM Alerts TabWhen a problem is detected an alert is raised within the MOM operations console. At this time the MOM operator can assign the alert to the DirectoryAnalyzer console for diagnostics and repair.

You can enable MOM alerts relating to DirectoryAnalyzer to display as they appear in the MOM console. From the MOM Alerts tab, you can change alert statuses.

The MOM Alerts tab is displayed when the DirectoryAnalyzer Client is started or the Windows | MOM Alerts command is selected and an Enterprise node, a naming context, domain, site, application partition or domain controller is selected in the Enterprise Explorer. This tab displays a list of all the MOM alerts for the selected object.



The following information is displayed for each alert:

SeverityThis column specifies the severity of the alert.

Domain This column specifies the domain to which the computer belongs.

ComputerThis column specifies the computer on which an agent generated the alert.

Time Last ModifiedThis column displays the time the alert state was last changed.

NameThis column specifies the name of the rule that generated the alert.

Resolution StateThis column displays the status of the resolution process of the alert, such as New or Resolved. The resolution state indicates whether the resolution process has begun.

To preview MOM alert descriptions, change alert statuses or add history comments, right-click a selected alert to view the following context menu commands.

PreviewUse the Preview command to view a brief description of the alert.

Set Alert Resolution StateUse the Set Alert Resolution State command to update the status of a MOM alert to one of the following available statuses:

• Resolved• Acknowledged• Level 4: Assigned to external vendor• Level 3: Requires scheduled maintenance• Level 2: Assigned to subject matter expert • Level 1: Assigned to help desk or support• New

Alert History CommentsUse the Alert History Comments command to display the Alert History dialog and add optional comments to a MOM alert’s history.



Viewing Alert Details To display details for a particular alert, select/highlight an alert in the Current Alerts or MOM Alerts tab and select the corresponding alerts tab at the bottom of the page. This will display a brief description of the alert and additional information concerning the reason for the alert. In addition, from these tabs you can access the DirectoryAnalyzer knowledge base which explains what the problem means, what the likely cause(s) of the problem might be, and recommended steps to repair the problem.

Alert/MOM Alert Details TabsThe Alert Details and MOM Alert Details tabs are displayed at the bottom of the page when the Current Alerts and MOM Alerts tabs are displayed, respectively. These tabs provide additional information about the selected alert.

The Alert Details tab displays the following information about the selected alert:

AlertThis field displays the alert text.

SubjectThis field displays the name of the alerted object, such as the name of the domain controller, naming context or site that generated the alert.

TypeThis field displays the type of object that generated the alert: domain controller, naming context, replica, enterprise or site.



Start TimeThis field displays the date and time the alert threshold was violated.

DescriptionThis field displays a description of the alert.

DetailsSome alerts include this section to provide detailed information about what caused the alert to be generated, e.g., the Consecutive Replication Failures alert lists the replication partners and their corresponding number of failures.

The MOM Alert Details tab displays navigational options and the following about the alert:

DescriptionThis field displays a brief description of the alert.

Use the buttons to the right of the Alert Details and MOM Alert Details tabs to perform the following functions:

When viewing alerts from the Current Alerts tab, use this button to launch the DirectoryAnalyzer knowledge base to find details related to DirectoryAnalyzer functionality, tasks and alerts. When viewing alerts from the MOM Alerts tab, use this button to launch the DirectoryAnalyzer knowledge base to find information about MOM alerts.

Use this button to display the alert details for the first alert listed on the Current Alerts or MOM Alerts tabs.

Use this button to display the alert details for the previous alert listed on the Current Alerts or MOM Alerts tabs.

Use this button to display the alert details for the next alert listed on the Current Alerts or MOM Alerts tabs.

Use this button to display the alert details for the last alert listed on the Current Alerts or MOM Alerts tabs.

More InfoWhen viewing alerts from the Current Alerts tab, use this button to access the DirectoryAnalyzer knowledge base entry for the selected alert. When viewing alerts from the MOM Alerts tab, use this button to access the MOM knowledge base.



Viewing Alert Summary GraphsTo display a summary graph of alerts for a particular location, select/highlight an object from the Enterprise Explorer.

Alert Summary GraphThe Alert Summary Graph provides a bar graph indicating the total number of alerts, broken down by critical (red) and warning (yellow) severity, generated for the object selected in the Enterprise Explorer. When a container object is selected, this graph will include the child objects that belong to the selected container.

To display selected alert objects, the following context menu commands are available when you right-click inside the Alert Graph Summary pane:

• Include Non-Alerted Objects• DCs• Sub Domains• All Objects• Top 10• By Total• By Critical

Accessing the Knowledge BaseDirectoryAnalyzer not only identifies problems within your enterprise, it also assists you in solving these problems through its comprehensive knowledge base. When configuring alerts or when an alert occurs, you can easily access the DirectoryAnalyzer knowledge base for answers. It explains what the problem means, what the likely cause(s) of the problem might be and recommends steps to take to repair the problem.

The Alert Details tab, located at the bottom of the Current Alerts tab displays general information about the selected alert and provides access to the DirectoryAnalyzer knowledge

base. From this tab, select the button to access the knowledge base.

You can also access the DirectoryAnalyzer knowledge base from the Alert Configuration tab. Select/highlight an alert and use the More Info button to display the knowledge base entry for the selected alert.



The MOM Alert Details tab, located at the bottom of the MOM Alerts tab, displays a brief description of an alert and provides access to the MOM knowledge base. From this tab, select the More Info button to access the MOM knowledgebas

To close the knowledge base and return to the previous DirectoryAnalyzer screen, use the Close button in the upper right-hand corner of the window.



MOM Management PackThe MOM Management Pack included with DirectoryAnalyzer is responsible for changing the state on alerts as they transition for Warning, Critical and Clear. The pack allows you to configure DA alerts to become MOM alerts, and provides product and company knowledge concerning the selected alert.

The management pack provides the following details:

Product Knowledge Tab

SummaryDisplays summary details of the alert as described within MOM.

CausesDisplays causes for the alert as described within MOM.

ResolutionsDisplays resolution details as described within MOM.

External Knowledge SourcesDisplays additional links for more information about the alert.

Company KnowledgeThe Company Knowledge tab displays information provided by Microsoft.



Chapter 4: Browsing the DirectoryDirectoryAnalyzer provides a consolidated view of the entire directory and includes detailed information about each critical component, from naming contexts to sites to DCs to DNS servers. DirectoryAnalyzer provides a comprehensive view of the enterprise’s Active Directory, allowing you to easily navigate and obtain information about the different parts of the directory. You can view Active Directory by site, by domain or by application partition.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrator’s Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights.* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Forest ViewThe Forest view provides summary information about the entire forest.

When the Forest View node is selected, the following tabs are displayed:

• Forest Summary• Domain Role Owners• Forest Role Owners• Latency Times

• Current Alerts• Alert Details• Alert Configuration• DT• ChangeAuditor

• Alert Summary Graph• MOM Alerts

• ChangeAuditor• DT• MOM Alert Details• MOM Alert History

Browsing the Directory


Application Partition ViewWhen you know the name of the application partition where a problem is occurring, the Application Partition View provides a quick way to get to the information regarding that application partition and its DCs. You can expand or collapse the application partitions to reveal the parent/child hierarchy. Under each partition root is a list of the DCs pertaining to that application partition.

To browse the directory by application partition:

1. Select/expand the Application Partition View node in the Enterprise Explorer.

2. Select/highlight the object to be browsed.

When an Application Partition is selected, the following tabs are displayed:

• Naming Context Summary• DNS Summary• Role Owners Details• DC Summary

• Latency Times


• Alert Summary Graph

Domain ViewWhen you know the name of the naming context/domain where a problem is occurring, the Domain View provides a quick way to get to the information regarding that naming context/domain and its DCs. The top level of this hierarchy corresponds to the trees in your enterprise. You can expand or collapse the trees to reveal the naming context hierarchy. Under each naming context is a list of the DCs pertaining to that naming context.

To browse the directory by naming context/domain:

1. Select/expand the Domain View node in the Enterprise Explorer.


When the Domain View node is selected, the following tabs are displayed:

• Domain Summary• Domain Role Owners• Forest Role Owners• Latency Times




• MOM Alerts• ChangeAuditor• DT• MOM Alert Details• MOM Alert History


When a domain is selected, the following tabs are displayed:

• Naming Context Summary• DNS Summary• Role Owners Details• DC Summary

• Latency Times


• MOM Alerts• ChangeAuditor• DT• MOM Alert Details• MOM Alert History


When a DC is selected, the following tabs are displayed:

• DC Information• Adapter Summary• Hot Fixes

• DT




• MOM Alerts

• ChangeAuditor

• DT• MOM Alert Details• MOM Alert History


• Replication Information• DNS Information• DT

Site ViewWhen you know the location of a directory problem, the Site View provides a quick way to get to the information about the site and the domain controllers in that site. The top level of the hierarchy is a list of sites in the enterprise. Indented underneath each site are the domain controllers located at that site.

To browse the directory by site:

1. Select/expand the Site View node in the Enterprise Explorer.


When the Site View node is selected, the following tabs are displayed:

• Site Summary• Bridgehead Servers

• Current Alerts • Alert Details• Alert Configuration• DT• ChangeAuditor


When a site is selected, the following tabs are displayed:• Site Information

• Inter Site Connections

• Global Catalogs

• Current Alerts• Alert Details• Alert Configuration• DT

• ChangeAuditor




When a DC is selected, the following tabs are displayed:

• DC Information• Adapter Summary• Hot Fixes

• DT

• Current Alerts• Alert Details• Alert Configuration• DT

• ChangeAuditor

• Replication Information• DNS Information• DT

See the Information Tabs section that follows for a detailed description of all these tabs. See Chapter 3: Monitoring Active Directory for a detailed description of the alert tabs (Current Alerts and Alert Summary Graph. See Chapter 10: DirectoryTroubleshooter Integration for a detailed description of the DT tabs. See Chapter 11: ChangeAuditor Integration for a detailed description of the ChangeAuditor tab.

Information PagesDifferent types of information is provided on the various Information tabs depending on the object selected/highlighted in the Enterprise Explorer.

NOTE: Information tabs that include summary tabs and alert summary graph tabs will not contain information if DirectoryAnalyzer is set up with no DA agents and is only utilizing MOM ADMP alerts via the product connector.

The information tabs appear in this section in the following order:

• Forest Summary Tab • Domain Role Owners Tab• Forest Role Owners Tab• Latency Times Tab

• Domain Summary Tab• Naming Context Summary Tab

• DNS Summary Tab• Role Owners Details Tab• DC Summary Tab

• Site Summary Tab • Bridgehead Servers Tab

• Site Information Tab• Inter Site Connections Tab• Global Catalogs Tab



• DC Information Tab• Adapter Summary Tab• Hot Fixes Tab

• Replication Information Tab• DNS Information Tab

Forest Summary TabThe Forest Summary Tab is displays whenever the forest (top-most) node is selected in the Enterprise Explorer. When the Forest Summary Tab is displayed, the following tabbed pages are available at the bottom of the page:

• Domain Role Owners• Forest Role Owners• Latency Times

The Forest Summary tab contains the following information:

Statistics Information

The Statistics Information section, at the top of this tab, provides the following statistics for all the objects contained in the forest:

App PartitionsThis field displays the total number of application directory partitions in the forest.



DomainsThis field displays the total number of domains in the forest.

SitesThis field displays the total number of sites in the forest.

Empty SitesThis field displays the total number of empty sites in the forest.

DCsThis field displays the total number of domain controllers in the forest.

DNS ServersThis field displays the total number of DNS servers in the forest.

GC ServersThis field displays the total number of Global Catalog (GC) servers in the forest.

Bridge Head ServersThis field displays the total number of bridgehead servers in the forest.

DCs not Agented or RespondingThis field displays the total number of domain controllers in the forest that do not have a DirectoryAnalyzer agent installed or are not responding.

DCs Managed by This EAThis field displays the total number of domain controllers the current Enterprise Agent.

RODC ServersThis field displays the total number of Windows Server 2008 Read-Only Domain Controllers in the forest.

Exchange ServersThis field displays the total number of Exchange servers in the forest.

Forest Information

The Forest Information section contains the following information:

Operations Master ConsistentThis field indicates whether the Operations Master is consistent across all of the domain controllers in the enterprise.

Schema Version ConsistentThis field indicates whether the schema version is consistent across all domain controllers in the forest.

Functional Level ConsistentThis field indicates whether the forest functional level is consistent.

Domain Naming Operations MasterThis field displays the name of the domain controller that is the Domain Naming Operations Master for the enterprise.



Schema Operations MasterThis field displays the name of the domain controller that is the Schema Operations Master for the enterprise.

Forest Functional LevelThis field indicates the functional level of the entire forest:

• Windows 2000 mixed• Windows 2000 native• Windows Server 2003 interim• Windows Server 2003• Windows 2008

Replication Latency

If the Replication Latency feature is enabled (Configuration | Replication Latency command), the bottom of the Forest Summary tab provides a graphical display of the latency times that fall into the clear, warning and/or critical categories. For more details on latency times, select the Latency Times tab at the bottom of the page.

Domain Role Owners TabThe Domain Role Owners tab is displayed at the bottom of the Forest Summary and Domain Summary tabs.

This tab contains the following role owner information for all of the domains in the forest:

DNS NameThis column lists each domain in the forest, by DNS name.

PDC OwnerThis column displays the name of the domain controller that is the PDC Operations Master for each domain listed. This is the domain controller that can act as a PDC for downlevel backup domain controllers (BDCs) and clients.

RID OwnerThis column displays the name of the domain controller that is the RID Operations Master for each domain listed. This is the domain controller that can allocate RID pools to other domain controllers.



Infrastructure OwnerThis column displays the name of the domain controller that is the Infrastructure Operations Master for each domain listed. This is the domain controller that runs the inter-domain daemon process that resolves references to objects in other domains that have been moved or renamed.

Domain Functional LevelThis column indicates the functional level of the entire domain.


Forest Role Owners TabThe Forest Role Owners tab is displayed at the bottom of the Forest Summary and Domain Summary tabs.

This tab contains the following role owner information about the selected forest:

DC NameThis column lists all of the domain controllers in the forest.

Domain Naming Operations MasterThis column displays the name of the domain controller that is the Domain Naming Operations Master for the enterprise. This is the one domain controller in the enterprise that can initiate domain naming operations.

Schema Operations MasterThis column displays the name of the domain controller that is the Schema Operations Master for the enterprise. This in the one domain controller in the enterprise that can initiate changes to the schema.

Schema VersionThis column displays the version number of the schema.



Forest Functional LevelThis column indicates the functional level of the entire domain.


Replication Latency Times TabThe Replication Latency Times tab is located at the bottom of the Forest Summary, Domain Summary and Naming Context Summary tabs. This tab lists the replication latency times for the different replication partners.

NOTE: The Replication Latency command (under the Configuration menu) must be checked to view this tab.

The table on this tab displays the following details:

Clear Latency TimesThe information displayed in this column represents the latency times that are "clear" and did not exceed either the warning or critical threshold.

DC (from server)This column lists the replication partner that fall into the "clear" category.

Max Latency (HH:MM)This column displays the maximum about of time that elapsed when replicating a change out to each of the replication partners listed.

Warning Latency TimesThe information displayed in this column represents the latency times that exceeded the warning threshold.

DC (from server)This column lists the replication partner that fall into the "warning" category.

Max Latency (HH:MM)This column displays the maximum amount of time that elapsed when replicating a change out to each of the replication partners listed.



Critical Latency TimesThe information displayed in this column represents the latency times that exceeded the critical threshold.

DC (from server)This column lists the replication partner that fall into the "critical" category.

Max Latency (HH:MM)This column displays the maximum about of time that elapsed when replicating a change out to each of the replication partners listed.

Domain Summary TabThe Domain Summary tab is displayed whenever the Domain View node is selected in the Enterprise Explorer. When the Domain Summary Tab is displayed, the following tabbed pages are available at the bottom of the page:

• Domain Role Owners• Forest Role Owners• Latency Times



The Domain Summary tab displays the following information:










Bridge Head ServersThis field displays the total number of bridgehead servers in the forest.


DCs Managed by This EAThis field displays the total number of domain controllers managed by the current Enterprise Agent.

RODC ServersThis field displays the total number of Windows Server 2008 Read-Only Domain Controllers in the forest.




Forest Information

The Forest Information section contains the following information:

Operations Master ConsistentThis field indicates whether the Operations Master is consistent across all of the domain controllers in the enterprise.

Schema Version ConsistentThis field indicates whether the schema version is consistent across all domain controllers in the forest.

Functional Level ConsistentThis field indicates whether the forest functional level is consistent.

Domain Naming Operations MasterThis field displays the name of the domain controller that is the Domain Naming Operations Master for the enterprise.

Schema Operations MasterThis field displays the name of the domain controller that is the Schema Operations Master for the enterprise.

Forest Functional LevelThis field indicates the functional level of the entire forest:


Replication Latency

If the Replication Latency feature is enabled (Configuration | Replication Latency command), the bottom of the Domain Summary tab provides a graphical display of the latency times that fall into the clear, warning and/or critical categories. Deployed DirectoryAnalyzer agents are required in order for this feature to be available. For more details on latency times, select the Latency Times tab at the bottom of the page.



Naming Context Summary TabThe Naming Context Summary tab provides information specific to the domain/naming context or application partition selected in the Enterprise Explorer. When the Naming Context Summary tab is displayed, the following tabbed pages are available at the bottom of the page:

• DNS Summary• Role Owners Details• DC Summary• Latency Times

This tab displays the following information for the selected domain/naming context or application partition:

Operations Master Status

When a domain or naming context is selected in the Enterprise Explorer, the Operations Master Status section will be displayed at the top of the Naming Context Summary tab. This pane contains the following information:

Number of Domain ControllersThis field indicates how many DCs are in the selected domain. This field is grayed out when the Enterprise Configuration or Enterprise Schema naming context is selected.



Functional LevelThis field displays the functional level of the selected domain or of the entire forest depending on the object selected in the Enterprise View. Valid values are:


Functional Level ConsistentThis field indicates whether the functional level is consistent throughout the forest.

PDC Operations MasterThis field displays the name of the domain controller that is the PDC Operations Master for the selected domain. This is the domain controller in the domain that can act as a PDC for downlevel backup domain controllers (BDCs) and clients.

RID Operations MasterThis field displays the name of the domain controller that is the RID Operations Master for the selected domain. This is the DC in the domain that can allocate RID pools to other domain controllers.

Infrastructure Operations MasterThis field displays the name of the domain controller that is the Infrastructure Operations Master for the selected domain. This is the domain controller in the domain that runs the inter-domain daemon process that resolves references to objects in other domains that have been moved or renamed.

Operations Master ConsistentAn Operations Master is a virtual "token" indicating that a single domain controller has the right to perform some directory operation. An Operations Master is represented by an object in the directory that contains the name of the domain controller that "owns" the master role. DirectoryAnalyzer periodically checks the consistency of the various Operations Masters across all of the domain controllers in the enterprise. This field indicates whether this naming context’s DC agrees with the other domain controllers regarding who owns each type of master. If this naming context has a differing value for any of the Operations Masters, this field will be set to NO.

To obtain more detailed information about the Operations Master consistency for this naming context, select the Role Owners Details tab, at the bottom of the page.

Replication Latency

If the Replication Latency feature is enabled (Configuration | Replication Latency command), the middle portion of the Naming Context Summary tab provides a graphical display of the latency times that fall into the clear, warning and/or critical categories. For more details on latency times, select the Latency Times tab at the bottom of the page.



Trust List

The trust list is displayed when a domain or naming context is selected in the Enterprise Explorer. This section of the tab consists of the domains that trust this domain and the domains that this domain trusts.

Domain NameThis column lists the name(s) of the domain(s) that the selected domain has trust relationships with.

RelationshipThis column describes the state of the trust relationship:

• Tree Root – the trust relationship is between two tree root domains in the forest.• Parent – the trust relationship is from a parent domain to a child domain.• Child – the trust relationship is from a child domain to a parent domain.• External – the trust relationship is with a pre-Windows 2000 (NT) domain.• Non-Windows Kerberos Realm – the trust relationship is with a Kerberos realm,

which is a standard security and authentication protocol.• DCE Realm – the trust relationship is with a DCE realm.• Shortcut – the trust relationship is between two domains in the same forest that are

not directly related.

TransitiveThis column indicates whether this is a transitive trust. Transitive trusts can only exist between domains within the same domain tree or forest. When a new domain controller is installed and a new child is created, a transitive trust relationship is automatically created between the parent and the new child domain. Transitive trust relationships flow upward through the domain tree as they are formed, subsequently creating transitive trusts between all domains in the domain tree.

DirectionThis column indicates whether this domain trusts the partner, the partner trusts this domain or the trust is bi-directional. Valid entries are:

• Bi-Directional - the current domain trusts the target domain and vice versa• Outgoing: Domain trusts partner - the current domain trusts the target domain• Incoming: Partner trusts domain - the target domain trusts the current domain• Trust disabled - the trust was created, but has been disabled



Application Partition Information

When an application partition is selected in the Enterprise Explorer, the Application Partition Information pane will be displayed at the top of the Naming Context Summary tab.

The Application Partition Information window displays information about the currently selected application directory partition.

Distinguished NameThis field displays the distinguished name of the application directory partition.

Security Reference DomainThis field displays the name of the domain used by the security system to interpret local domain references for default security descriptors that are attached to objects created in the selected application directory partition.

Replication Notify Start Delay*This field specifies the delay (in seconds) between the opening change and the initial notification sent to the first replication partner. The default is five minutes.

Replication Notify Subsequent Delay*This field specifies the delay (in seconds) between subsequent notifications to the partition’s other (second, third, etc.) replication partners.



* The value in these two fields are from the directory. They apply to all domain controllers hosting a replica of the application directory partition and affect only the replication of the application directory partition. A registry entry on each domain controller can specify a similar value, which will override this value.

DC Summary

The DC Summary pane is displayed on the Naming Context Summary tab whenever an application partition is selected in the Enterprise Explorer. This pane provides the following information:

ServerThis column displays the name of the server(s) where this application partition resides.

GCThis column displays whether a copy of the Global Catalog is stored on the replication partner.

SiteThis column displays the name of the site to which the replication partner belongs.

Managed ByThis column displays the name of the administrator responsible for this replication partner, if the Managed By attribute is set for the domain controller.

Replication First Delay**This column specifies the delay (in seconds) between the originating change and the initial notification set to the first replication partner. The default is five minutes.

Replication Subsequent Delay**This column specifies the delay (in seconds) between subsequent notifications to the partition's other (second, third, etc.) replication partners. The default is five minutes.

** The values in these two columns are from the registry of the domain controller and they override the values set in the directory. By default, the registry and directory values are NOT set; the default values are built into Active Directory. The directory settings enable an administrator to speed up replication for all replicas of an application directory partition, while the registry settings allow him/her to fine tune these settings for each individual domain controller in the application directory partition.



DNS Summary TabThe DNS Summary tab, located at the bottom of the Naming Context Summary tab, provides a summary of the DNS servers that are authoritative for the selected domain.

This tab contains the following information about the selected domain:

ServerThis column displays the name(s) of the DNS server(s) which are authoritative for the selected domain.

Zone TypeThis column displays the zone type of each of the DNS servers:

• Primary - the server is designated as the master server for this zone.• Secondary - the server is designated as one of the secondary servers for this zone.• Active Directory Integrated - the DC obtains its DNS information from the directory,

not from a specific DNS server.• Stub - the server is designated as a stub zone, i.e., a copy of a zone that contains

only those records necessary to identify the authoritative DNS servers for that zone (Windows Server 2003).

ZoneThis column displays the zones this server hosts that apply to the selected domain.

SiteThis column displays the name of the site where the DNS servers reside.

Serial NumberThis column displays the serial number for each DNS server, which is used to determine if a zone transfer is needed to update the zone.

Allow UpdatesThis column indicates whether the zone is a dynamic DNS zone.



Role Owners Details TabAn Operations Master is a virtual "token" indicating that a single domain controller has the right to perform some directory operation. An Operations Master is represented by an object in the directory that contains the name of the domain controller that "owns" the master role. DirectoryAnalyzer periodically checks the consistency of the various Operations Masters across all of the DCs in the enterprise. The Operations Master Consistent field on the Naming Context Summary tab indicates whether the selected naming context’s DC agrees with the other DCs regarding who owns each type of master.

From the Naming Context Summary tab, you can obtain more information about the Operations Master consistency for the selected naming context by selecting the Role Owners Details tab at the bottom of the screen.

This tab contains the following information.

DC NameThis column displays the name of each domain controller for the domain or naming context.

PDC Operations MasterThis column displays the name of the domain controller that is the PDC (Primary Domain Controller) Operations Master for the domain, according to the server listed under DC Name.

RID Operations MasterThis column displays the name of the domain controller that is the RID (Relative Identifier) Operations Master for the domain, according to the server listed under DC Name.

Infrastructure Operations MasterThis column displays the name of the domain controller that is the Infrastructure Operations Master for the domain, according to the server listed under DC Name.



DC Summary TabThe DC Summary Tab is located at the bottom of the Naming Context Summary tab.

The DC Summary tab provides the following information:

ServerThis column displays the name of the server(s) where this replication partner resides.

GCThis column displays whether a copy of the Global Catalog is stored on the selected replication partner. A check mark indicates that the server is hosting a Global Catalog.

SiteThis column displays the name of the site to which the replication partner belongs.

Managed ByThis column displays the name of the administrator responsible for this replication partner, if the Managed By attribute is set for the domain controller.



Site Summary TabThe Site Summary Tab is displayed when the Site View node is selected in the Enterprise Explorer. This tab contains summary information for the forest and for all the sites in the forest. When the Site Summary tab is displayed, the Bridgehead Servers tab is available at the bottom of the page.

This tab displays the following summary information:












Bridgehead ServersThis field displays the total number of bridgehead servers in the forest.



Site Deployment

The Site Deployment section displays the following information for each site in the forest:

Site NameThis column lists the names of all the sites in the forest.

Site AgentThis column displays the name of the Site Agent for each site listed.

Site Agent VersionThis column displays the Site Agent's version number.

# Agented DCsThis column displays the number of agented domain controllers for each site. (That is, has a DC Agent installed).

# UnAgented DCsThis column displays the number of unagented domain controllers for each site. (That is, does not have a DC Agent installed.)

Bridgehead Servers TabThe Bridgehead Servers Tab is displayed at the bottom of the page when the Site Summary tab is displayed. This tab contains the following information for each site in the forest:

Site NameThis column lists all the sites in the forest.

Preferred Bridgehead ServerThis column displays the name of the preferred bridgehead server defined for each site listed.

Inter Site Topology GeneratorThis column displays the name of the server designated as the Inter Site Topology Generator (ISTG) for each site listed.



# Global CatalogsThis column displays the number of Global Catalog (GC) servers located in each site listed.

Site Information TabThe Site Information Tab is displayed when a site is selected in the Enterprise Explorer. This tab displays detailed information about the selected site. When the Site Information tab is displayed, the following tabbed pages are available at the bottom of the page:

• Inter Site Connections• Global Catalogs

This tab displays the following information about the selected site:

Site Information

The top-most pane displays the following information about the selected site:

Universal Group Membership CachingThis field indicates whether universal group membership caching is enabled. If enabled, the Reference Caching site will be shown.

Inter Site Topology GenerationThis field indicates whether automatic Inter Site Topology Generation is enabled.

Intra Site Topology GenerationThis field indicates whether automatic Intra Site Topology Generation is enabled.



Inter Site Topology GeneratorThis field displays the name of the server designated as the Inter Site Topology Generator (ISTG).

Domain Controllers

This pane displays the following information for all of the domain controllers in the selected site:

Status

This column displays a symbol representing the current operating status of each server:

Running

Not Responding

No DA Agent

ServerThis column displays the names of all the servers in the selected site.

DomainThis column displays the name of the domain to which each server belongs.

GCA check mark in this column indicates that the server is hosting a Global Catalog (GC).

DNSA check mark in this column indicates that the server is a DNS server.

Preferred BHThis column displays the type of transport being used by this preferred bridgehead server. Only administrator configured transports are displayed. Valid transport types are:

• IP• SMTP• SMTP/IP

PDCA check mark in this column indicates that the server is the PDC Emulator Operations Master for its domain.

RIDA check mark in this column indicates that the server is the RID Operations Master for its domain.

InfraA check mark in this column indicates that the server is the Infrastructure Operations Master for its domain.

SchemaA check mark in this column indicates that the server is the Schema Operations Master for the enterprise.



NameA check mark in this column indicates that the server is the Domain Naming Operations Master for the enterprise.

Site AgentA check mark in this column indicates the server is a DirectoryAnalyzer Site Agent.

Agent VersionThis column displays the version number of the DirectoryAnalyzer agent installed on each server listed.

Inter Site Connection TabThe Inter Site Connection tab is displayed at the bottom of the Site Information tab. This tab displays the following information about the selected site:

Site Link NameThis column displays the name of the site link.

To SiteThis column displays the site to which the selected site is linked.

CostThis column displays the relative cost of using the link, as defined by the administrator.

Scheduled linkThis column shows whether the inter-site link is connected at all times or not. Valid values for this column are:

• Permanent - the link is connected all of the time. DirectoryAnalyzer displays this value if you have not assigned a schedule to this connection, in which case Active Directory treats the link as always being connected.

• Scheduled - the link is connected occasionally. DirectoryAnalyzer displays this value if you have assigned a schedule to this connection and there is at least some scheduled time when the link is connected.

• Disabled - the link is never connected. DirectoryAnalyzer displays this value if you have assigned a schedule to this connection but there is no scheduled time when the link is connected.



Global Catalogs TabThe Global Catalogs tab, located at the bottom of the Site Information tab, provides a list of all the servers in the selected site that contain a copy of the Global Catalog (GC).

DNS NameThis table displays a list of all the servers that contain a copy of the Global Catalog in the selected site.

DC Information TabThe DC Information Tab displays information about the currently selected domain controller. This tab is displayed whenever a DC is selected in the Enterprise Explorer. The statistics on this page are retrieved "on demand", therefore, DirectoryAnalyzer’s impact on network bandwidth has been greatly reduced. To retrieve the latest statistics, use the Refresh button.



The top pane on this tab displays the following information about the selected DC:

DomainThis field displays the name of the domain to which the DC belongs.

SiteThis field displays the name of the site to which the DC belongs.

GCThis field indicates whether a copy of the Global Catalog is stored on the selected DC.

OS VersionThis field displays the Microsoft Windows operating system version (and Service Pack) being used on the selected server.

System Up TimeThis field displays how long its been since the DC was last rebooted.

Last Update TimeThis field displays the date and time the statistics for the server were last gathered by DirectoryAnalyzer.

RODCThis field indicates whether the selected domain controller is a Windows Server 2008 Read-Only Domain Controller.

Usage Statistics

The Usage Statistics pane contains the following details:

Agent Information

Agent TypeThis field displays the whether this agent is a DC Agent or a Site Agent.

Agent VersionThis field displays the version number of the DirectoryAnalyzer agent.

DIT

DIT Disk Space UsedThis field displays the percentage of total available disk space used by the DS (directory service) database files.

DIT Disk Space AvailableThis field displays the total amount of disk space available for the DS database files.

DIT Size on DiskThis field displays the size of the DS database.



SysVol

SYS Vol Space UsedThis field displays the percentage of total disk space used by the System Volume.

SYS Vol Space AvailableThis field displays the total amount of disk space available on the System Volume.

LDAP

LDAP LoadThis field displays the aggregation of the Read, Write and Search load on LDAP.

LDAP Last ErrorThis field displays the last error returned to DirectoryAnalyzer by LDAP.

LDAP Response TimeThis field displays the amount of time it took to perform a simple LDAP query to the DC.

LSASS

LSASS CPU LoadThis field displays the CPU load for the LSASS (Local Security Authority Subsystem Service) service.

LSASS Virtual MemoryThis field displays the amount of virtual memory allocated to the LSASS service.

LSASS Working SetThis field displays the amount of working set memory allocated to the LSASS service.

NTFRS

NTFRS CPU LoadThis field displays the CPU load for the NTFRS (File Replication Service) service.

NTFRS Virtual MemoryThis field displays the amount of virtual memory allocated to the NTFRS service.

NTFRS Working SetThis field displays the amount of working set memory allocated to the NTFRS service.

RID

RID Pool HighThis field displays the high value assigned to the allocated RID pool on the selected DC.

RID Pool LowThis field displays the low value assigned to the allocated RID pool on the selected DC.

Next RID AvailableThis field displays the number of the next RID available in the allocated RID pool on the selected DC.



Operating System Summary

OS VersionThis field displays the Microsoft Windows operating system version (and Service Pack) being used on the selected server.

Physical Memory UsedThis field displays the percentage of total memory used on the selected server.

Physical Memory AvailableThis field displays the amount of memory available on the selected server.

DSA StatusThis field displays the current status of the Directory Service Agent (DSA) on the selected server:

• Running• Not Responding

CPU LoadThis field displays the CPU load for the selected server.

SMB ConnectionsThis field displays the number of SMB (Server Message Block) connections in use on the selected server.

Cache Hit RateThis field displays the percentage of disk reads satisfied by the cache.

Page Fault RateThis field displays the number of processor page faults taken per second.

Adapter Summary TabThe Adapter Summary tab, located at the bottom of the DC Information tab, provides information about the network adapters installed on the selected domain controller.

DescriptionThis column displays the type of adapter being used.

Domain This column displays the name of the domain where each network adapter resides.



NOTE: The Domain field in the Adapter Information table may be blank. DirectoryAnalyzer enumerates all installed adapters; however, this field is only applicable to DNS-enabled TCP/IP Adapters.

IP Addresses/Name ServersThis list displays all of the IP addresses that are bound to the adapters listed.

Hot Fixes TabA Hot Fix report is available per server, listing all hot fixes installed on a given server with details such as description, type, installation date, and who installed the hot fix. You can also access the hot fix’s corresponding Microsoft knowledge base article directly from the DirectoryAnalyzer client.

The Hot Fixes tab is displayed at the bottom of the page when you open the DC Information tab. This tab contains the following information:

NameThis field displays the name of the hot fix.

DescriptionThis field displays a brief description of the hot fix.

Installed ByThis field displays the user account that installed the hot fix.

Installed DateThis field displays the date when the hot fix was installed.



To access a hot fix’s corresponding Microsoft knowledge base article, double-click on a hot fix entry or right-click an entry and select the View KB Article command. This will launch your browser and display the Hot Fix Knowledge Base article from Microsoft’s website.

Replication Information TabThe Replication Information Tab is displayed when a domain controller is selected in the Enterprise Explorer. This tab displays information about the selected domain controller’s replication partners. The information on this page is retrieved "on demand", therefore DirectoryAnalyzer’s impact on network bandwidth has been greatly reduced. To retrieve the latest information, use the Refresh toolbar button.

NOTE: When a domain controller in an application directory partition is selected, this tab displays the replication partners for any application partition that the selected DC hosts.

This tab displays the following information for the selected domain controller:

Naming ContextThis column displays the name of the naming context(s) that the selected server replicates and the name of the replication partner(s) for each naming context.

Last AttemptFor each replication partner and naming context, this column displays the date and time when the last replication was attempted.



Last SuccessFor each replication partner and naming context, this column displays the date and time when the last successful replication took place.

Consecutive FailuresFor each replication partner and naming context, this column displays the number of consecutive failures encountered during the replication process.

ErrorFor each replication partner and naming context, this column displays the last replication error encountered.

LatencyThis column displays the elapsed time (HH:MM:SS) between changing an object in the naming context and the time the change appears on each domain controller. This value is only displayed for the Configuration naming context and the local domain. It only shows the latency time for direct replication partners.

NOTE: N/A will be displayed for the Schema NC as well as for partial (read-only) replicas on global catalogs.

DNS Information TabFrom the DNS Information tab, located at the bottom of the Replication Information tab, you can obtain additional DNS information about the selected DNS server.

This tab displays the following information for the selected DNS server:

ZoneThis column displays the name of the zone.

TypeThis column displays the zone type for each zone:

• Active Directory-Integrated - the dynamic DNS zone is stored in Active Directory and replicated to all domain controllers.

• Primary - the DNS server is designated as the master server for this zone.• Secondary - the DNS server is designated as one of the secondary servers for this

zone.



• Forwarding - the DNS server is used to forward queries to other DNS servers, based on the DNS domain names contained in the queries.

• Stub - the DNS server is designated as a stub zone, i.e., a copy of a zone that contains only those records necessary to identify the authoritative DNS servers for that zone. (Windows Server 2003)

StorageThis column displays where the zone information is stored (AD represents Active Directory integrated):

• AD-Custom• AD-Domain• AD-Forest• AD-Legacy• File

Replication ScopeThis column displays the name of the partition where the zone is hosted.

Serial #This column displays the serial number for each DNS server, which is used to determine if a zone transfer is needed to update the zone.

Allow Update This column indicates whether the zone is a dynamic DNS zone. Only Secure means that the ability to restrict updates to a specific set of authorized users or systems has been enabled.

Domain ControllersThis pane lists the server names and IP addresses for all the domain controllers in the selected zone.



Chapter 5: Browsing Exchange onActive Directory

DirectoryAnalyzer’s Exchange View displays critical Active Directory components and information about how they relate to Exchange. This view provides insight on how Active Directory may be impacting your Exchange organization. This view is particularly helpful in understanding Active Directory’s impact on your Exchange service levels and can help you eliminate user-impacted downtime.

If you do not have access to the Exchange information directory (e.g., you are not a member of the Domain Admins Group or are logged in outside the forest), you will be required to enter the appropriate Active Directory credentials to view Exchange information.

To browse Exchange:

1. Select/expand the Exchange View node in the Enterprise Explorer.

2. If the LDAP Connection dialog is displayed, enter the appropriate Active Directory credentials to access the Exchange view.

Browsing Exchange on Active Directory


Enter the Server for LDAPUse the drop-down menu or enter the name of the server to be used.

DomainUse the drop-down menu or enter the name of the domain to be used.

UserUse the drop-down menu or enter the user name to be used.

PasswordEnter the password associated with the user name.

Once you have entered the Active Directory credentials, select the Connect button to browse Exchange information.

3. On the Enterprise Explorer, select/highlight the object to be browsed.

When the Exchange View node is selected, the following tab is displayed:

• Exchange View

When an Administrative Group is selected, the following tab is displayed:

• Administrative Group

When a Routing Group is selected, the following tabs are displayed:• Routing Group• Routing Group Connectors• SMTP Connectors

When an Exchange Server is selected, the following tabs are displayed:• Exchange Server Summary• Current Exchange Alerts

• Alert Details• Alert Configuration• DT• ChangeAuditor



Exchange TabThe Exchange Tab displays the global settings for the Microsoft Exchange organization. This tab is displayed whenever the Exchange View node is selected in the Enterprise Explorer.

If you do not have access to the Exchange information directory (e.g., you are not a member of the Domain Admins Group or are logged in outside the forest), you will be required to enter the appropriate Active Directory credentials to view Exchange information. The first time you select to browse Exchange, the LDAP Connection dialog will be displayed allowing you to enter the appropriate credentials to access the Exchange information.

The Exchange Tab displays the following information:

ModeThis field displays the mode Exchange is running as. Valid modes are: Native or Mixed.

NOTE: Native mode can not contain Exchange Server 5.0 or 5.5, only Exchange 2000 or later.

GC CountThis field displays the number of Global Catalogs in the Active Directory enterprise.

Exchange Servers

This table displays the following details for the Exchange servers that belong to the selected Exchange organization.

ServerThis column displays the names of Exchange servers which belong to the Microsoft Exchange organization.

Exchange VersionThis column displays the version of Exchange installed on each of the Exchange servers listed.

Administrative GroupThis column displays the name of the Administrative Group to which each Exchange server has been assigned.

Routing GroupThis column displays the name of the Routing Group to which each Exchange server belongs.



SiteThis column displays the name of the Active Directory site where each Exchange server resides.

DomainThis column displays the name of the Active Directory domain to which each Exchange server belongs.

Administrative Group TabThe Administrative Group Tab displays details about the selected Exchange Admin Group. An Exchange Admin Group contains a collection of Exchange objects which have been grouped together for the purpose of permission management. This tab is displayed whenever an Exchange Admin Group is selected in the Enterprise Explorer.

The Administrative Group Tab displays the following information about the selected Exchange Admin Group:

No of ServersThis field displays the total number of Exchange servers in the specified Exchange Admin Group.

Exchange Server Info

ServerThis column displays the names of Exchange servers assigned to this Exchange Admin Group.

Exchange VersionThis column displays the version of Exchange installed on each Exchange server.

# Storage GroupsThis column displays the number of active storage groups on each Exchange server.

# Private StoresThis column displays the total number of Private Information Stores (databases) in the storage groups on each Exchange server.

# Public StoresThis column displays the total number of Public Information Stores (databases) in the storage groups on each Exchange server.



Routing Group TabThe Routing Group Tab displays information about the members that belong to the selected routing group. This tab is displayed whenever a routing group is selected in the Enterprise Explorer.

The Routing Group Tab displays the following information:

MasterThis field displays the name of the routing master in charge of coordinating link state updates to/from the servers in the routing group.

Members

MemberThis column displays the collection of Exchange servers that belong to the specified routing group.

Administrative GroupThis column displays the name of the Exchange Admin Group to which the selected routing group belongs.

SiteThis column displays the name of the Active Directory site where the routing group resides.

DomainThis column displays the name of the Active Directory domain to which the routing group belongs.



Routing Group Connectors TabThe Routing Group Connectors tab displays details about the routing group connectors established for the selected routing group. A routing group connector allows users at one Microsoft Exchange Server site to connect to users at other sites. This tab is displayed whenever a routing group is selected in the Enterprise Explorer.

The Routing Group Connectors tab displays the following information:

NameThis field displays the name of the routing group connector, which was assigned when the connector was added to the routing group.

Connected Routing GroupThis field displays the name of the routing group to which the connector is linking.

CostThis field displays the cost associated with each connector. This value is also assigned when the connector is added to the routing group. The valid range for cost is 1 to 100.

Oversized Message LimitThis field displays the upper limit for mail messages that are sent over the connector.

Public ReferralsThis field indicates whether the Public Folder Referrals functionality is enabled. If enabled, MAPI, Outlook Web Access (OWA) and IMAP clients can access public folders in remote Exchange routing groups.



Originating Bridgehead(s)

This table displays the name of the local bridgehead server(s), the Administrative Group to which it belongs, and the virtual SMTP server being used.

If this list is empty, all servers in the routing group act as local bridgehead servers.

Exchange ServerThis column displays the name of the local bridgehead server(s).

Administrative GroupThis column displays the administrative group to which each local bridgehead server belongs.

Virtual SMTP ServerThis column displays the virtual SMTP server being used.

Remote Bridgehead(s)

This table displays the name of the server(s) in this routing group to which this Exchange server is connected.

Exchange ServerThis column displays the name of the server(s) in this routing group to which this Exchange server is connected.

Administrative GroupThis column displays the administrative group to which each remote bridgehead server belongs.

Virtual SMTP ServerThis column displays the virtual SMTP server being used.

Connected Routing Group(s)

This table provides information about the remote routing group(s) that are connected to the specified routing group. It contains the following information:

OrganizationThis column displays the Exchange Organization to which a routing group belongs.

Routing GroupThis column displays the name of the routing group connector(s), which were assigned when the connectors were added to the routing group.

Administrative GroupThis column displays the name of the Exchange Admin Group to which a routing group belongs.



SMTP Connectors TabThe SMTP Connectors Tab displays connectors that provide connectivity to non-Exchange systems or the Internet. SMTP connectors transfer mail messages from local bridgehead servers to remote servers. This tab is displayed whenever a routing group is selected in the Enterprise Explorer.

The SMTP Connectors Tab contains the following information:

NameThis field displays the name of the SMTP connector entered when the SMTP connector was installed.

Connector ScopeThis field displays the scope of the message connector, which controls how the connector routes messages. One of the following scopes were defined during the installation of the connector:

• Enterprise - to connect independent Exchange Organizations• Routing Group - to transfer messages within an organization (connect routing

groups)

RoutingThis field displays the type of routing assigned to the selected routing group: DNS or Smart Host.

Public ReferralsThis field indicates whether the Public Folder Referrals functionality is enabled. If enabled, MAPI, Outlook Web Access (OWA) and IMAP clients can access public folders in remote Exchange routing groups.

Oversize Message LimitThis field displays the upper limit for mail messages that are sent over the connector.



Allow Message RelayThis field indicates whether the “Allow Messages to be Relayed to These Domains” options was selected when the connector was installed. If the value is YES, the connector will allow the local server to relay messages to domains in other organizations or routing groups.

Configured Smarthost(s)

This table displays the fully qualified domain name or IP address of the remote server designated as the smart host. A smart host acts as a relay station for the Exchange Server. That is, the Exchange Server sends mail to the smart host and it sends the mail on to the designated domain or routing group.

Local Bridgehead(s)

This table lists the server(s) that serve as local bridgehead server(s) for the SMTP connector. (NOTE: At least one local bridgehead server must be specified during the installation of the connector.)

Connected Routing Group(s)

This table provides information about the remote routing group(s) that are connected to the specified routing group. It contains the following information:

OrganizationThis column displays the Exchange Organization to which a routing group belongs.

CostThis column displays the cost associated with each routing group listed. This value is assigned when the connector is added to the routing group. The valid range for cost is 1 to 100.

Routing GroupThis column displays the name of the routing group assigned when the connector was added to the routing group.

Administrative GroupThis column displays the name of the Exchange Admin Group to which a routing group belongs.



Exchange Server Summary TabThe Exchange Server Summary Tab displays general information about the selected Exchange Server. This tab is displayed whenever an Exchange Server is selected in the Enterprise Explorer.

The Exchange Server Summary Tab displays the following information:

Server NameThis field displays the name of the selected Exchange Server.

Exchange VersionThis field displays the version of Exchange installed on the selected server.

Front-end ServerThis field indicates whether the selected server is acting as a front-end Server. (True or False)

TypeThis field displays the type of server. Valid types are:

• domain controller• member server

OS VersionThis field displays the version of the operating system installed on the selected Exchange Server.

Storage Groups

This table displays information about the storage groups on the selected Exchange Server.

Storage Group NameThis column lists the names of the storage groups.

# Private StoresThis column displays the number of Private Information Stores on the selected Exchange Server.

# Public StoresThis column displays the number of Public Information Stores on the selected Exchange Server.



Current Exchange Alerts TabThe Current Exchange Alerts Tab is displayed when an Exchange Server is selected in the Exchange View. This tab displays a list of all the current alerts for the domain controllers used by the selected Exchange server to access Active Directory information.

To display this information, a WMI query is sent to the server hosting Exchange. This query retrieves the set of domain controllers that this Exchange server is using for directory access. By default, WMI can only be remotely used by members of the Domain Admins group. When you select the Current Exchange Alerts tab, the Exchange WMI Connection dialog will be displayed, which allows you to enter the necessary credentials.

Enter the appropriate credentials to access the Exchange Server:

Enter the Server for Exchange WMIUse the drop-down menu or enter the name of the server to be used.

Credentials

DomainUse the drop-down menu or enter the name of the domain to be used.

UserUse the drop-down menu or enter the user name to be used.

PasswordEnter the password associated with the user name.

Once the appropriate credentials have been entered, use the Connect button to retrieve the Exchange Server information.



The Current Exchange Alerts Tab displays the following information about the selected Exchange server:

DS Access Servers

This table displays information regarding the domain controllers that are currently being used by the selected Exchange server to access Active Directory information.

ServerThis column displays the DNS name of the server.

Config TypeThis column displays whether this server has been selected manually by the user or automatically by DS Access. Valid types are: Manual or Automatic.

Working TypeThis column displays the role this domain controller is fulfilling for the selected Exchange server. Valid types are: Config, GC, or DC.

Is FastThis column indicates whether a server’s response time is less than two seconds. A check mark indicates that a server is considered to be fast.

In SyncThis column indicates whether a server is synchronized with the global catalog and with the configuration domain controller. A check mark indicates that a server is synchronized.



Is UpThis column indicates whether a server was available the last time Exchange attempted to access it. A check mark indicates that a server was up and running.

Current Alerts

This table displays details regarding all the current alerts associated with the servers listed in the DS Access Servers section located at the bottom of this tab.

SeverityThis column displays a symbol representing the severity of all the alerts for the configured DS Access servers.

TypeThis column displays the type of object that generated the alert:

• Domain Controller• Enterprise• Exchange• Naming Context• Replica• Site

SubjectThis column displays the name of the server generating the alert.

Start TimeThis column displays the date and time the alert threshold was violated.

DescriptionThis column provides a text description for the current alert. Refer to Appendix A: DirectoryAnalyzer Alert Messages on page 165 for more information on the alerts that can be generated.

When the Current Exchange Alerts tab is displayed, the following tabs are available at the bottom of the page. For a detailed description of these tabs, please refer to the appropriate chapter in this guide:

• Alert Details - Chapter 3: Monitoring Active Directory• Alert Configuration - Chapter 7: Configuring Alerts, Statistics and Alert Notifications• DT - Chapter 10: DirectoryTroubleshooter Integration• ChangeAuditor - Chapter 11: ChangeAuditor Integration



Chapter 6: Troubleshooting Active Directory

In addition to continuous monitoring, DirectoryAnalyzer gives you the ability to execute specific troubleshooting tests designed to help you determine what problems exist in the directory. You can use these troubleshooters to pinpoint directory problems. The following troubleshooting tests can be executed directly from within the DirectoryAnalyzer Client:

• Server Connectivity Test via the Connectivity Troubleshooter• FRS Troubleshooter Test

The connectivity and FRS tests require DirectoryAnalyzer agents to be deployed in order to execute them.

Connectivity TroubleshooterThe Connectivity Troubleshooter allows you to perform the following connectivity tests:

• the connectivity between selected domain controllers hosting a replica of an application partition

• the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in the selected domain(s)

• the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in the selected site(s)

Use the Diagnostics | Connectivity menu command or tool bar button to launch the Connectivity Troubleshooter. Follow the directions provided in the wizard to perform a connectivity test.

Troubleshooting Active Directory


Test Selection PageThe Test Selection page is the first page displayed. From this page select the type of connectivity test to be executed.

Select the type of connectivity test to be executed:

Application Partition (default)Select this option to test the connectivity between selected DCs hosting a replica of an application partition.

Domain TroubleshooterSelect this option to test the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected domain(s).

Site TroubleshooterSelect this option to test the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected site(s).

Perform ICMP Ping TestBy default, the DirectoryAnalyzer connectivity tests are pre-qualified by an ICMP ping test to avert lengthy timeouts. In highly secure environments where ICMP traffic is prohibited, connectivity tests fail before the "native" protocol (e.g., LDAP and DNS) is reached. Therefore, by unchecking the Perform ICMP Ping Test option, DirectoryAnalyzer will bypass this pre-qualifying test to prevent the connectivity tests from failing.



Select Source Domain Controller PageOn this page, select/highlight the source domain controller. Only domain controllers with a DC or Site Agent deployed will be displayed.

Choose a Target Selection Filter PageOn the Choose a Target Selection Filter page, select (check) the domain controller search filter(s) to be used.



Show All ServersThis option is selected by default and will include all server.

Target Server Selection FilterWhen the Show All Servers option is not selected (unchecked) the following options will become available:

• Show DNS Servers • Show Operations Masters

Connectivity Targets PageFrom the Connectivity Targets page, select (check) the target application partitions, domains or sites depending on the connectivity test selected for execution.



Connectivity Results PageOnce the Connectivity Results loads all of the selected targets, select the Start Test button to execute the connectivity test. As the results become available, they will be displayed on the Connectivity Results page.

The connectivity results include the following information:

Server NameThis field displays the name of the destination server(s) included in the connectivity test.

ICMP TestThis field displays the time it took to perform the ICMP Test between each of the domain controllers.

LDAP QueryThis field displays the time it took to perform a LDAP Query between each of the domain controllers.

DNS QueryThis field displays the time to took to perform a DNS Query between each of the domain controllers.

NOTE: If a test is performed in less than 10 milliseconds, < 10 ms will be displayed; otherwise the actual length of the test will be displayed.



FRS Troubleshooter TestThe FRS Troubleshooter test checks to see if the File Replication Service (FRS) is functioning and replicating properly. To execute a FRS Troubleshooter Test:

1. Select the Diagnostics | NTFRS | New Test command, which will display the Create New FRS Troubleshooter Test dialog.

2. From the Create new FRS Troubleshooter Test dialog, enter a descriptive name for the test and select the originating server to be tested. Select the Start button.

3. A message box will be displayed informing you that the test has been started. Select OK.

4. Select the Diagnostics | NTFRS | View Test Results command. This will display the NTFRS Tests dialog, which displays a list of FRS Troubleshooter tests available for viewing.

5. From the NTFRS Tests dialog, select/highlight the test to be viewed and select the View Test button.

Create New FRS Troubleshooter Test DialogThe Create New FRS Troubleshooter Test dialog is displayed when you select the Diagnostics | NTFRS | New Test menu command.

From this dialog, select the domain controller to be tested.

Test NameEnter a descriptive name for the FRS Troubleshooter test.

Originating ServerFrom the displayed topology, select/highlight the originating server to be tested.

Once you have entered a test name and selected a server, use the Start button to initiate the FRS Troubleshooter test. A message box will be displayed stating that the NT File Replication System Test has been started. Select OK.



NTFRS Tests DialogThe NTFRS Tests dialog displays all of the FRS Troubleshooting tests previously defined for execution. This dialog is displayed when you select the Diagnostics | NTFRS | View Test Results menu command.

The NTFRS Tests dialog displays the following information:

Test NameThis column displays the name assigned to the test on the Create New FRS Troubleshooter Test dialog.

Domain NameThis column displays the name of the domain where the selected server resides.

Originating ServerThis column displays the name of the originating server selected for testing.

Date of TestThis column displays the date and time when the test was executed.

Use the buttons as described below to view test results or delete a test from the list:

View ResultsSelect/highlight a test from the list and select the View Results button to display the NTFRS Test Results dialog which displays the results of the selected test.

Delete TestSelect/highlight a test from the list and select the Delete Test button to delete the selected test from the list.

CancelUse the Cancel button to close the dialog.



NTFRS Tests Results DialogThe NTFRS Tests Results dialog is displayed when the View Results button is selected on the NTFRS Tests dialog.

This dialog displays the following information about the selected test:

Test NameThis field displays the name of the test.

DomainThis field displays the name of the domain where the originating server is located.

ServerThis field displays the name of the originating server the test was run against.

Start TimeThis field displays the date and time when the test was executed.

In addition, the following results are displayed on the NTFRS Test Results dialog:

Server NameThis column lists the names of the servers that are replication partners to the originating server.

Site NameThis column displays the site where each of the replication partners reside.

Latency (HH:MM:SS)This column displays the latency time for direct replication partners. That is, the elapsed time between changing an object on the originating server and the replication partner.



Chapter 7: Configuring Alerts, Statistics andAlert Notifications

The configuration feature allows you to customize DirectoryAnalyzer for your Active Directory environment. DirectoryAnalyzer allows you to define alert thresholds and sampling interval rates for gathering Active Directory statistics. When an object is recognized by DirectoryAnalyzer, its configuration is derived from the default settings. You can, however, modify these default settings for any individual object. This has the effect of “overriding” the default setting.

Periodically, DirectoryAnalyzer gathers and stores various statistics about Active Directory in order to assess alert conditions. The configuration feature of DirectoryAnalyzer allows you to view or change the default sampling interval rate for gathering these statistics.

Continuous monitoring of the important aspects of Active Directory is just one piece of DirectoryAnalyzer. Alerting and notification is another fundamental piece – because when problems occur somewhere in Active Directory, you need to be notified. Once a warning or critical alert has occurred, DirectoryAnalyzer can notify you in the following ways:


• SNMP - Notification of problems via SNMP traps.• Event Log - Notification of problems via entries in the Application Event Log of the server

hosting the Enterprise Agent.• SMTP (email) - Notification of problems via email based on user-defined email rules.

Alert ThresholdsDirectoryAnalyzer alerts have two levels of severity: warning and critical. As a situation escalates, a warning alert will be generated, indicating that a lower priority threshold has been violated. As the severity of the error increases, a critical alert will be generated, indicating that the higher priority threshold has been exceeded. A number of attributes can be customized for each of these levels, including the threshold value, duration before an alert occurs and the duration before an alert clears.

Configuring Alerts, Statistics and Alert Notifications


Configuring Alert ThresholdsDirectoryAnalyzer allows you to establish alert thresholds for an individual object or define an enterprise default threshold that is to be applied globally across your entire enterprise.

The DirectoryAnalyzer Client provides different Alert Configuration Tabs which allows you to view and/or modify the alert thresholds.

• Alert Configuration Tab, located at the bottom of the Current Alerts tab, allows you to view/modify the current threshold settings for the alert selected in the Current Alerts tab. From this tab, you can either apply your changes to the subject of the selected alert only or to all subjects of the selected type (e.g., all domain controllers).

• The Alert Configuration Tab, located at the top of the screen, is displayed when the Configuration | Alerts menu command is selected. From this tab you can view the complete set of alerts for the subject type selected in the Enterprise Agent.

When the Forest View is selected, this tab displays the defaults for all the domain controller alerts. When the Domain View is selected, this tab displays the defaults for all the naming content alerts. When the Site View is selected, this tab displays the defaults for all the site alerts. From these three views, you can only apply your changes to all the subjects of the selected type (e.g., all sites).

When an individual subject is selected, e.g., a domain controller, this tab displays the complete set of alerts for that particular subject. From this tab, you can either apply your changes to the selected subject only or to all subjects of the selected type (e.g., all domain controllers).

Alert Configuration Tab (bottom of Current Alerts Tab)Whenever the Current Alerts tab is displayed, the Alert Configuration tab will become available at the bottom of the screen. From this tab, you can view and/or modify the alert thresholds for the alert selected in the Current Alerts tab. Any changes made from this tab can either be applied to the individual subject of the selected alert or to all subjects of the selected type (e.g., all domain controllers).



The Alert Configuration tab contains the following information for the alert selected in the Current Alerts tab:

Alert EnabledThis check box indicates whether this alert is enabled or disabled. A check mark indicates that the alert is enabled.

DescriptionThis area of the tab provides a brief description for the alert.

WarningUse the up/down controls to modify the warning threshold settings.

ThresholdThis field displays the current warning threshold value for the current alert. (N/A for boolean type alerts.)

Time before alert (sec)This field displays how long an alert condition has to exist (in seconds) before issuing a warning alert.

Time before clear (sec)This field displays how long an alert condition must no longer exist (in seconds) before clearing a warning alert.

Critical Use the up/down controls to modify the critical threshold settings.

ThresholdThis field displays the current critical threshold value for the current alert. (N/A for boolean type alerts.)

Time before alert (sec)This field displays how long an alert condition must exist (in seconds) before issuing a critical alert.

Time before clear (sec)This field displays how long an alert condition must no longer exist (in seconds) before clearing a critical alert.

Use the buttons to the right of this tab to perform the following functions:

Use this button to display the details for the first alert listed on the Current Alerts tab.

Use this button to display the details for the previous alert listed on the Current Alerts tab.

Use this button to display the alert details for the next alert listed on the Current Alerts tab.



Use this button to display the details for the last alert listed on the Current Alerts tab.

Apply | This ObjectUse Apply | This Object to apply the changes made to the alert threshold settings to the selected object only.

Apply | AllUse Apply | All to apply the changes made to the alert threshold settings to all objects of the selected type.

Apply | Previous DefaultUse Apply | Previous Default to reset the modified settings and apply the previous default.

ResetUse the Reset button to reset the controls to the values displayed when the tab was opened. Selecting this button has no affect on the actual alert settings.

More InfoUse the More Info button to access the knowledge base entry for the selected alert.

Alert Configuration Tab (Complete Set of Alerts)The Alert Configuration Tab at the top of the screen displays the complete set of alert threshold settings for the subject selected in the Enterprise Explorer. To display this tab, select a subject in the Enterprise Explorer and use the Configuration | Alerts menu command, which will then display all of the alerts and current settings that pertain to subject selected. A check mark to the left of this command indicates that this Alert Configuration tab will be displayed.

When the Domain View is selected in the Enterprise Explorer, the following commands are available to further define the alerts to be displayed:

• Alerts | All NCs• Alerts | Schema• Alerts | Configuration



This Alert Configuration tab consists of a table listing all of the alerts available for the selected object (DC, NC, site, etc.). The table displays the following information:

OverrideThis column indicates whether the alert setting is the default setting or if it has been changed/set for this subject. (Override settings supersede default settings.) A blue dot in the column indicates that an override setting was explicitly set for the selected object.

EnabledThis column indicates whether this alert is enabled or disabled. A green dot in the column indicates that the alert is enabled and a red dot indicates that the alert is disabled.

DescriptionThis column provides the name of each alert.

TypeThis column indicates the type of setting for each alert. Valid types are: Threshold or Boolean.

WT (Warning Threshold)This column displays the current warning threshold value for each threshold alert. (N/A for boolean type alerts.)

SBW (Seconds Before Warning)This column displays how long an alert condition has to exist (in seconds) before issuing a warning alert.



SBWC (Seconds Before Warning Clear)This column displays how long an alert condition must no longer exist (in seconds) before clearing a warning alert.

CT (Critical Threshold)This column displays the current critical threshold value for each threshold alert. (N/A for boolean type alerts.)

SBC (Seconds Before Critical)This column displays how long an alert condition must exist (in seconds) before issuing a critical alert.

SBCC (Seconds Before Critical Clear)This column displays how long an alert condition must no longer exist (in seconds) before clearing a critical alert.

Modifying Alert Threshold SettingsThe configuration feature allows you to set default alert thresholds or individual thresholds to override the default setting(s).

To modify the alert threshold for a selected domain controller, naming context or site:

1. Select/highlight the object to be modified in the Enterprise Explorer.

2. Open the Current Alerts tab for that subject and open the Alert Configuration tab, at the bottom of the page.

If the alert to be modified is not displayed on the Current Alerts tab, use the Configuration | Alerts menu command to display the Alert Configuration tab, which contains a list of all the alerts that pertain to the object selected in the Enterprise Explorer.

3. Select/highlight the alert to be modified.

4. On the Current Alert - Configuration tab, at the bottom of the page, modify the alert settings as described below:

• Select the Alert Enabled check box to enable (check) or disable (remove check) the selected alert.

NOTE: A green dot in the Enabled column of the Alert Configuration tab indicates that the alert is enabled, a red dot indicates that the alert is disabled.

• Use the Warning settings to specify the threshold that must be violated for a warning alert (yellow) to be generated, the amount of time (in seconds) the alert condition must exist before a warning alert is generated, and the amount of time (in seconds) the alert condition must no longer exist before clearing a warning alert.

• Use the Critical settings to specify the threshold that must be violated for a critical alert (red) to be generated, the amount of time (in seconds) the alert condition must exist before a critical alert is generated, and the amount of time (in seconds) the alert condition must no longer exist before clearing a critical alert.



5. After making your changes to the alert threshold settings, select Apply | This Object to apply your new settings to the selected object only.

NOTE: The Apply | This Object option is not available when the Forest View, Site View, or Domain View are selected in the Enterprise Explorer. From these three views, you can only apply your changes to all the subjects of the selected type (e.g., all domain controllers, all domains or all sites).

Use Apply | All to apply the new settings to all subjects of the selected type (e.g., all domain controllers).

NOTE: When you change the default setting(s) for a subject, this change affects all subjects of the selected type except those that have been explicitly configured to override the default setting.

Use Apply | Previous Default to reset the alert setting(s) to the previous default setting(s) for the selected alert.

NOTE: To reset ALL alert thresholds to the factory default settings, use the Configuration | Reset Factory Defaults menu command. This change affects all subjects except those that have been explicitly configured to override the default setting.



Statistics Sampling Rate SettingsPeriodically, DirectoryAnalyzer gathers and stores Active Directory statistics in order to assess alert conditions. A statistic’s sampling rate specifies how often this process is to occur. DirectoryAnalyzer allows you to define these sampling intervals for individual objects or globally across the enterprise. Refer to Appendix B: DirectoryAnalyzer Statistics for a description of each statistic.

NOTE: Statistics Sampling Rate Settings do not apply to naming contexts.

To modify the sampling rate setting for a domain controller or site:

1. Select a domain controller or site in the Enterprise Explorer.

2. Select the Configuration | Sampling Rate menu command to display the Sampling Rates tab which contains a list of all the sampling interval rates available for the object selected in the Enterprise Explorer.

3. Select/highlight the sampling rate to be modified.

4. On the Current Setting - Configuration section, at the bottom of the page, modify the interval as required.

5. Use Apply | All to apply your change to all objects.

Use Apply | This Object to apply your change to the selected object only.

Use Apply | Previous Default to reset the modified settings and apply the previous default value.



Enabling Replication Latency AlertsThe analysis of replication latency is initially disabled to reduce replication traffic. However, it can be enabled using the Configuration | Replication Latency menu command. This command will display the Replication Latency dialog allowing you to enable and configure replication latency analysis (and the Replication Latency Threshold Exceeded and GC Replication Latency Threshold Exceeded alerts).

The following information is contained on this dialog.

Evaluate Replication LatencySelect (check) this check box to enable replication latency analysis. Checking this check box will enable the replication latency analysis, including the replication latency alerts and information tabs.

Replica TypesSelect (check) the appropriate check box(es) to evaluate the different types of replicas (Application Partition, Configuration Naming Context, and/or Domain Naming Context). When this feature is enabled, all of the replica types are selected (checked) by default.

Use the dialog buttons as described below:

OKUse the OK button to save the settings on this dialog.

CancelUse the Cancel button close the dialog without saving the settings.

ResetUse the Reset button to revert to the default settings.



Configuring Authoritative Source for RODC AlertsBy default, DirectoryAnalyzer assigns an authoritative source for the known domains in your Windows 2008 environment. To specify the read-only domain controller server to be used as the authoritative source for a domain use the Configuration | RODC Alerts menu command. Selecting this command will display the Configure RODC Alerts dialog allowing you to select the domain and the read-only domain controller to be used as the authoritative source to base consistency against.

The following information is contained on this dialog:

DomainUse the drop-down arrow to select a domain from the list of known domains in your Windows 2008 environment.

Authoritative ServerUse the drop-down arrow to select the read-only domain controller to be used as the authoritative source for the allowed and denied password replication lists for the selected domain.

Use the dialog buttons as described below:

OKUse the OK button to save your selection and close the dialog.

CancelUse the Cancel button to close the dialog without saving your selections.

ApplyUse the Apply button to save your selection but not close the dialog. Using the Apply button allows you to configure all available domains from this one dialog.



Configuring Alert NotificationsContinuous monitoring of the important aspects of Active Directory is just one piece of DirectoryAnalyzer. Alerting and notification is another fundamental piece – because when problems occur somewhere in Active Directory, you need to be notified. Once a warning or critical alert has occurred, DirectoryAnalyzer can notify you in the following ways:


• SNMP - Notification of problems via SNMP traps.• Event Log - Notification of problems via entries in the Application Event Log of the server

hosting the Enterprise Agent.• SMTP (email) - Notification of problems via email based on user-defined email rules.

The first method, on-screen alerts does not require any configuring; however, the remaining three methods must be enabled and/or configured to work properly.

Enabling SNMP AlertsUse the Configuration | SNMP Alerts menu command to indicate whether DirectoryAnalyzer is to report alerts via SNMP traps. A check mark in front of the command causes DirectoryAnalyzer alerts to be available through SNMP.

Enabling Event Log RecordingUse the Configuration | Event Log Recording menu command to specify whether DirectoryAnalyzer is to record alerts in the event log. A check mark in front of the command indicates that DirectoryAnalyzer will include the alerts that are encountered in the Application Event Log on the Enterprise Agent.

Configuring Email NotificationDirectoryAnalyzer allows you to dispatch alert notifications through email (SMTP). An email is generated when an alert that is specified in the email rule first exceeds its configured threshold. When subsequent alerts (specified in the email rule) are issued, additional email notifications will NOT be sent. That is, only one email will be sent per rule until the rule is cleared. A rule is clear, when ALL alerts included in the rule have cleared.

In order to generate email notifications, you must first define the SMTP server configuration and credentials. Use the Configuration | Email Settings command to configure email notifications. This command will display the Configure Email Notification dialog, which allows you to define the SMTP server configuration and credentials to be used for email notifications.

Once the SMTP server configuration has been defined and tested, you must then create email rules to define the criteria to be used for generating an email alert. Use the Configuration | Email Rules command to define under what conditions an email notification is to be sent. This command will display the Manage Email Notification Rules dialog, which allows you to define new email rules, edit existing rules and delete rules.



Configure Email Notification DialogThe Configure Email Notification dialog is displayed when you select the Configuration | Email Settings menu command. From this dialog, specify the mail server and server authentication required to access the specified server.

DNS Name or IP Address of mail serverEnter the fully-qualified DNS name or IP address of the SMTP mail server to be used.

From addressEnter the email address from which you want the email to be sent from, i.e. an administrator’s address.

Use Authenticated ConnectionSelect (check) the Use Authenticated Connection check box if the specified mail server requires authentication. Checking this option will activate the authentication fields where you can enter the user account and password as described below:

User AccountEnter the account name to be used to authenticate to the specified mail server.

PasswordEnter the password associated with the user account entered above.

Use Non-Standard PortPort 25 is the standard port for the SMTP protocol. Select (check) the Use Non-Standard Port check box if your company does not use this standard port for SMTP. Checking this option will active the port field where you can enter the port number to be used.

PortWhen the Use Non-Standard Port check box is selected (checked), enter the port number to be used.



Test SettingsSelect the Test Settings button to verify the SMTP configuration specified. This button will display the Test SMTP Configuration Settings dialog where you can specify the address where a test email is to be sent.

Define Email RulesSelect the Define Email Rule button to display the Manage Email Notification Rules dialog where you can define new email rules, edit existing rules or delete rules.

Enable SummarySelect (check) the Enable Summary check box to enable the Email Summary Report feature.

This summary report will contain all of the alerts generated based on the email rules defined. Checking this option will activate the interval setting field.

Interval <nn> MinutesUse the arrow controls to specify how often the Email Summary Report is to be delivered. By default, the summary report will be generated every 60 minutes.

Manage Email Notification Rules DialogThe Manage Email Notification Rules dialog is displayed when the Configuration | Email Rules menu command is selected or the Define Email Rules button is selected on the Configure Email Notification dialog. From this dialog, you can create new email rules, edit existing rules or deleted rules.



To create a new email rule:

1. Select the New Rule button to display the Email Rule Wizard.

2. On the Email Rule Wizard, follow the directions provided on each of the screens:

• Select the type of subject for which you would like to create an email rule.• Select the subject that this email rule should monitor.• Select the alert type that this email rule should monitor.• Define the email rule properties (e.g., rule name, email addresses where email

notifications are to be sent, email priority, alert severity, etc.)

3. Once you have defined your email rule, the wizard will display a summary of your rule. Review your settings and select the Finish button to save it and close the wizard. This new rule will now be displayed in the Email Rules list box on the Manage Email Notification Rules dialog.

To edit an existing email rule:

1. In the Email Rules list box, select the email rule to be edited.

2. Select the Edit Rule button to display the Email Rule Wizard.

3. In the wizard, modify the settings as required and select the Finish button to save your changes and close the wizard.

To delete an email rule:

1. In the Email Rules list box, select the email rule to be deleted.

2. Select the Delete Rule button.

3. Confirm that you want to remove the rule by selecting Yes on the Delete Rule dialog.

The rule will then be removed from the Email Rules list box on the Manage Notification Rules dialog.



Email Rule WizardThe Email Rule Wizard is displayed whenever you select the New Rule or Edit Rule button at the top of the Manage Email Notification Rules dialog. This wizard will step you through the process of defining new email rules or modifying existing rules for generating email notifications. The wizard contains the following pages:

Welcome Page

The Welcome page is the first screen of the Email Wizard. From this page, select the type of subject for which you would like to create an email rule.

The subject types include:

Naming Context(s)• Application Partition(s)• Configuration NC(s)• Schema NC(s)• Domain NC(s)

Server(s)• Global Catalog(s)• DNS Server(s)• Select Servers by Domain (default)• Select Servers by Site

Site(s)

After selecting the appropriate option, select Next to continue.



Select Subject Page

On the Select Subject page, select (check) the subject(s) that this email rule is to monitor. The topology/subjects displayed will depend on the subject type selected on the previous page.

After selecting (checking) the subjects to be monitored, select Next to continue.

Select Alert Type Page

From the list provided on the Select Alert Type page, select (check) the alert(s) to be monitored by this email rule. The alerts listed will depend on the subject type and objects selected on the previous pages.

After selecting the alert(s) to be monitored, select Next to continue.



Define Rule Information Page

From this page, further define the email rule as described below.

Enter the following information to define the email rule properties:

Rule Name Enter a descriptive name for this email rule.

To AddressEnter the email address(es) where notifications are to be sent. Separate multiple addresses with a semi-colon.

CC AddressEnter the email address(es) where copies of the notifications are to be sent. Separate multiple addresses with a semi-colon.

PriorityUse the drop-down menu to select the priority for this email notification: Normal, Low or High.

Alert SeverityUse the drop-down menu to select the alert severity that will trigger an email notification: Critical or Warning.

Notify of Clear Select (check) this check box to send an email notification when the alert is cleared.

Include this rule in Summary Select (check) this check box to include this email rule in the Email Summary report.

After entering the email rule definition information, select Next to continue.



Email Rule Summary Page

This final page of the wizard summarizes the email rule defined. Use the Back button to change any settings or use the Finish button to save this email rule and close the wizard.



Chapter 8: Alert History and Reporting

DirectoryAnalyzer stores all alerts generated by DirectoryAnalyzer in a SQL database. This alert history can then be used for reporting or exporting. An Alert History Report can then be saved to a file location or exported using one of the following formats: PDF, DOC, RTF and XLS.

NOTE: To generate reports, Microsoft Data Access Components (MDAC) version 2.6 or higher is required on the DirectoryAnalyzer client. MDAC is included in the Windows 2000 and 2003 installations. For more information or to download the latest MDAC refer to Microsoft’s website at http://www.microsoft.com/data/.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrator’s Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights.* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Alert History and Reporting


Generating an Alert History ReportUse the Reports | Alert History menu command or tool bar button to define the information to be included in the Alert History report.

If proper credentials are not already present or the SQL database is remote, the Database Connectivity dialog will be displayed prompting you to enter the appropriate credentials to access the SQL server database.

On this dialog, enter the following information:

SQL InstanceEnter the name of the SQL instance where the DirectoryAnalyzer database resides.

NOTE: It may be necessary to use the fully qualified domain name (FQDN) of the SQL Server host machine. For example: <FQDN>\NP$DIRANALYZER.

Use SQL AuthenticationSelect (check) this check box to use SQL authentication. If this box is not selected, Windows authentication will be used.

User IDEnter the user ID to be used to authenticate to the SQL server.

PasswordEnter the password associated with the user ID entered above.

Once you have entered the appropriate credentials, select the Connect button to close the Database Connectivity dialog and connect to the SQL database. The Alert Reports dialog will then be displayed.

The Alert Reports dialog consists of three property pages:

• Report Page - allows you to define what alerts are to be included.• Scope Page - allows you to refine your report by specifying the scope of the data to be

included and whether to include details.• Order Page - allows you to specify a sort order for your report.



Report PageUse the Report Page to specify what alerts are to be included in your Alert History Report.

Select/highlight the appropriate item in the list to define what alerts are to be included:

• All Alerts• Current Alerts• Alerts by Type (includes all of the alerts for the alert type specified in the Scope tab - NC,

Replica, Server, Site or System)• Alerts within NC (includes all of the alerts for the NC specified in the Scope tab)• Alerts within Site (includes all of the alerts for the site specified in the Scope tab)• Alerts by Server (includes all of the alerts for the DC specified in the Scope tab)

You must select one of these report options to proceed to the Scope and/or Order page. After selecting one of these report options, select Preview to display the report on the screen. From the displayed report, you can then print or export it to a file.

Select Close to close the Alert Reports dialog without generating a report.



Scope PageUse the Scope Page to define a time range to include only those alerts that occurred during the specified time, to select an “alert state”, and to specify whether to include the details from the history log in your report. Depending on the alert option selected on the Report Page, you may also specify a particular type, NC, site or server from the displayed list box.

The following fields are included on this screen depending on the option selected on the Report Page:

Alerts which occurred between...Use the first set of text boxes to define the start date and time for the time range. Use the second set of text boxes to define the end date and time. Enter the start/end date or use the arrow to access a calendar grid to select a date. Use the spin control buttons to change the time setting(s).

Alert StateSelect (check) the check box(es) that correspond to the alert severity or state to be included in your alert history report. All three options are selected by default.

• Critical - include alerts with a critical severity• Warning - include alerts with a warning severity• Clear - include alerts that have been cleared

Include DetailsSelect (check) this check box to include the alert details message. This is the same message that appears when you double-click on a current alert. This option is selected by default.



List BoxUse the list box to select the type, NC, site or server to be included in the report. By default, the first item in the list will be selected.

The information to be entered on this page differs depending on the report options selected on the Report Page:

• All Alerts - Start/End Time, Alert State and Details option• Current Alerts - Alert State and Details option• Alerts by Type - Type list box, Start/End Time, Alert State and Details option• Alerts within NC - Naming Context list box, Start/End Time, Alert State and Details

option• Alerts within Site - Site list box, Start/End Time, Alert State and Details option• Alerts by Server - Server list box, Start/End Time, Alert State and Details option

Order PageUse the Order Page to define the sort order for the information in the Alert History Report.



Select the appropriate radio button to define how the information being reported is to be sorted:

• Subject, Start Time Ascending • Subject, Start Time Descending (default)• Start Time Ascending• Start Time Descending

Printing or Exporting Alert History Once you have defined your Alert History report, you can display it on your screen using the Preview button at the bottom of the Alert Reports dialog. From this preview screen, you can then print the report or export it to a file.

The following sample report includes just critical alerts with the details omitted.

The following tool bar buttons are available at the top of the preview screen to page through the report as well as print or export it to a file:

Use this button to display the first page of the report.

Use this button to display the previous page of the report.

Use this button to display the next page of the report.

Use this button to display the last page of the report.

Use this button to display a specific page. This button will display the Goto Page dialog allowing you to specify the page number of the page you want to display.

Use this button to send the report to the designated printer.



NOTE: You must have a default printer defined before printing a report.

Use this button to export the report. This button will display the Export dialog allowing you to specify the file format and destination. The following formats are supported: PDF, DOC, RTF and XLS.

Use this button to zoom in on a specific area of the report. Use the drop-down arrow to specify the magnification of the zoom.

Use this button to search the text of the report. This button will display the Search Text dialog allowing you to specify the text to be located in the report.

Maintaining the Alert History DatabaseUse the Configuration | Database | Delete Alerts menu command to define what alerts are to be deleted from the alert history database. The Database Maintenance dialog will be displayed allowing you to enter a date. All alerts generated prior to the date entered will be deleted from the database.



Chapter 9: Launching External Applications

With DirectoryAnalyzer, you now have the ability to launch preconfigured Microsoft MMC snap-ins, additional NetPro products and user-defined applications from within the DirectoryAnalyzer Client. The Microsoft and NetPro applications that can be launched by default include:

• Event Viewer

• Remote Desktop

• Services• Sites and Services • Users and Computers • Domains and Trusts • DirectoryTroubleshooter• DNSAnalyzer• ChangeAuditor

To launch an external application, right-click an object in the Enterprise Explorer or an alert on the Current Alerts page. Right-clicking one of these objects/alerts will display a context menu that lists the applications available for the selected object. From this menu, select the application to be launched.

In addition, DirectoryTroubleshooter, DNSAnalyzer and ChangeAuditor can be launched using the appropriate Diagnostics menu command or toolbar button from the DirectoryAnalyzer Client.

Launching External Applications


Event ViewerThe Event Viewer is a Windows Microsoft MMC snap-in that allows a user to monitor and administer the event logs on the local and remote computers. The Event Viewer snap-in is available when a domain controller or Exchange server is selected in the Enterprise Explorer. Right-clicking and selecting the Event Viewer will open the event logs of the remote machine.

Remote DesktopThe Remote Desktop application allows you to remotely connect to a Windows 2000/2003/2008 server with Remote Desktop enabled. The Remote Desktop is available when a domain controller is selected in the Enterprise Explorer.

NOTE: The Remote Desktop client must be installed on Windows 2000 machines, and can be downloaded from Microsoft.

ServicesThe Services MMC snap-in displays all the services installed on a domain controller and allows a user to start, stop, pause and resume these services. The Services snap-in is available when a domain controller or Exchange server is selected in the Enterprise Explorer. Right-clicking and selecting Services will open the services of the remote machine, as long as logged in user has access.

Sites and ServicesThe Active Directory Sites and Services MMC snap-in allows a user to create and manage Active Directory sites and services to map to their organization’s physical network infrastructure. The Sites and Services snap-in can be launched when a domain controller, domain, naming context, application partition, site, Exchange admin group, routing group or server is selected in the Enterprise Explorer.

NOTE: The Adman tools must be installed on the local workstation.

Users and ComputersThe Active Directory Users and Computers MMC snap-in allows a user to create, manage and control the use of Active Directory objects. Using this tool, a user can set machine- and user-specific settings across domains. The Users and Computers snap-in can be launched when a domain controller, domain, naming context, application partition, site, Exchange admin group, routing group or server is selected in the Enterprise Explorer.

NOTE: The Adman tools must be installed on the local workstation.



Domains and TrustsThe Active Directory Domains and Trusts MMC snap-in provides a graphical view of all domain trees in the forest and allows you to perform the following:

• manage each domain tree in the forest• manage trust relationships between domains• configure the mode of operation (functional level) for each domain• configure alternate User Principal Name (UPN) suffixes for the forest

The Domains and Trusts snap-in can be launched when a domain controller, domain, naming context, application partition, site, Exchange admin group, routing group or server is selected in the Enterprise Explorer.

NOTE: The Admin tools must be installed on the local workstation.

DirectoryTroubleshooterIf installed, DirectoryTroubleshooter can be launched from within the DirectoryAnalyzer client. DirectoryTroubleshooter enables administrators to troubleshoot enterprise-wide problems quickly and repair Active Directory automatically. It provides a comprehensive set of troubleshooting tests and utilities previously available only through Microsoft command-line utilities and analyzes and displays definitive output without time-consuming troubleshooting. Use the Diagnostics | DirectoryTroubleshooter menu command or toolbar button to launch the DirectoryTroubleshooter product.

NOTE: DirectoryTroubleshooter must be installed on the local workstation.

DNSAnalyzerIf installed, DNSAnalyzer QuickDiagnose enables you to quickly perform an in-depth analysis of your DNS/Active Directory data and present the results in a clear and easy-to-understand format. Use the Diagnostics | DNSAnalyzer command or toolbar button to launch DNSAnalyzer QuickAnalyzer. The client launch button will open DNSAnalyzer QuickDiagnose only if DNSAnalyzer version 4.0 or higher is installed. Otherwise, the DNSAnalyzer Admin console will be opened.

NOTE: DNSAnalyzer must be installed on the local workstation.

ChangeAuditorIf installed, ChangeAuditor can be launched from within the DirectoryAnalyzer client. ChangeAuditor identifies changes to critical components of the Active Directory environment as they occur and provides the "five Ws" for each change: who, what, where, when and why. By tracking all configuration changes with ChangeAuditor, administrators can easily monitor, verify and respond to Active Directory configuration changes before they impact the service levels of the directory and the applications and services that rely on it. Use the Diagnostics | ChangeAuditor menu command or toolbar button to launch the ChangeAuditor product.

NOTE: ChangeAuditor must be installed and the ChangeAuditor Client must be installed on the local workstation.



External ToolsThe External Tools Configuration dialog allows you to define additional external applications (*.exe) that can be launched against the selected object type. Adding a new application through this dialog will also add that application to the menu contents for the selected object type.

To access the External Tools Configuration dialog, right-click on any of the objects previously listed and select the External Tools Config command.

The External Tools Configuration dialog contains the following fields and buttons:

Object TypeThis drop-down box displays the type of objects that can launch an external application. The object type of the selected object will be highlighted and the Menu Contents list box and fields on the dialog will be filled in differently depending on the object type selected. Object types include:

• Domain Controller• Site• Naming Context• Exchange Server• Admin Group• Routing Group• Default (Global setting for all objects)

Menu ContentsThis list box displays the external applications available for execution against the selected object. By default, the following applications are listed for the different object types:

• Domain Controller - Event Viewer, Remote Desktop and Services• Exchange Server - Event Viewer, Remote Desktop and Services• Default - Sites & Services, Users & Computers, and Domains & Trusts



CommandThis section of the dialog defines the application (*.exe) to be launched.

TitleThis field displays the name of the external application. This title will be added to the menu content for the selected object type.

CommandThis field specifies the file (*.exe) to be executed. To browse for a file, select the Add button, and from the Command field of the dialog that displays, use the button to the right to locate and select the file to be executed when this application is selected.

ArgumentsUse this field to specify any arguments that are required to run the selected application. To select common identifier arguments, select the Add button, and from the Arguments field of the dialog that displays, use the arrow key to the right of this field. Preconfigured arguments are: DNS Name, LDAP DN, GUID, and NetBios Name.

AddUse the Add button to add a new application to the menu contents for the selected type of object. The External Tool Configuration dialog will be displayed, allowing you to specify the title, command and/or arguments for the new application.

EditUse the Edit button to modify the title, command or arguments for the application selected in the Menu Contents list box. The External Tool Configuration dialog will be displayed, allowing you to make the necessary modifications.

DeleteUse the Delete button to remove the selected application from the menu contents.

CloseUse the Close button to close the External Tools Configuration dialog.



Adding an External ApplicationTo add an external application to a menu’s content:

1. In one of the Enterprise views on the DirectoryAnalyzer client, right-click an object to display the context menu. (Or right-click an alert in one of the current alert pages.)

2. Select the External Tools Config command to display the External Tools Configuration dialog.

3. The Object Type field on this dialog will display the type of object selected in the Enterprise view. To change this object type, use the drop-down arrow to select a different object type.

4. Select the Add button to display the External Tool Configuration dialog where you can define the title, command and arguments for the new application.

5. In the Title field, enter the name of external application to be launched (replace the [New Title] entry). Note that this title will be displayed in the context menu for the selected object type.

6. In the Command field, either enter or use the browse button to select the file (*.exe) to be executed.

Using the browse button to the right of this field, will display the Select Executable dialog where you can locate and select the location of the file to be opened when this command is selected.

7. In the Arguments field, optionally enter any command line arguments that are required to launch the selected file. Use the arrow key to display preconfigured arguments: DNS Name, LDAP DN, GUID, and NetBios Name.

8. Select Save to close this dialog and add this application to the menu contents for the selected object type. This will add the application to the Menu Contents list box on the External Tools dialog.

9. Back on the External Tools Configuration dialog, select Close to save your selection and close the dialog.



Editing an External ApplicationTo edit an external application:



3. The Object Type field on this dialog will display the type of object selected in the Enterprise view. To change this object type, use the drop-down arrow to select a different object type.

4. In the Menu Contents list box, select/highlight the application to be modified.

5. Select the Edit button to display the External Tool Configuration dialog where you can modify the title, command and arguments for the selected application.

6. After making the necessary modifications, select Save to close the External Tool Configuration dialog.

7. Back on the External Tools Configuration dialog, select Close to save your modifications and close the dialog.

Removing an External ApplicationTo remove an external application from a menu’s content:



3. In the Object Type field, select the object type from which the application is to be removed.

4. In the Menu Contents list box, select/highlight the application to be removed.

5. Select the Delete button. This will delete the application from the Menu Contents list box.

6. Select the Close button to close the External Tools Configuration dialog and remove the application from the menu.



Chapter 10: DirectoryTroubleshooter Integration

DirectoryTroubleshooter enables administrators to troubleshoot enterprise-wide problems quickly and repair Active Directory automatically. It provides a comprehensive set of troubleshooting tests and utilities previously available only through Microsoft command-line utilities and analyzes and displays definitive output without time-consuming troubleshooting.

The DirectoryTroubleshooter smartlink technology has been expanded to include intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer and MOM ADMP alerts with the troubleshooting capabilities provided by DirectoryTroubleshooter. By selecting an alert or domain controller in DirectoryAnalyzer, the product will:

• Recommend specific diagnostics tests and jobs that can help isolate and repair issues.• Provide a real-time diagnostics view that can highlight issues and bottlenecks.• Graphically display the replication topology and allow operators to force replication and

view replication activity/status.

DT TabThe DT Tab provides a variety of DirectoryTroubleshooter capabilities depending on the object selected in the Enterprise Explorer and the tab opened at the top of the page:

• From the Current Alerts tab, the DT tab will display all of the DirectoryTroubleshooter diagnostic tests that relate to the alert selected in the Current Alerts tab.

• From the DC Information tab, the DT tab will launch Real Time Diagnostics for the domain controller selected in the Enterprise Explorer.

• From the Replication Information tab, the DT tab will display the Replication View for the server selected in the Replication Information tab.

DirectoryTroubleshooter Integration


Diagnostic Tests When accessed from the Current Alerts tab, the DT Tab allows you to execute related DirectoryTroubleshooter tests to assist in diagnosing the issue that may have generated the selected alert. To view relevant tests, select/highlight an alert in the Current Alerts tab and open the DT tab at the bottom of the page. The DT Tab will display a list of related troubleshooting tests based on the alert selected.

The DT Tab displays the following information for DirectoryTroubleshooter tests that can be executed based on the alert selected:

RunThe check boxes in this column are selected (checked) by default and indicate that the corresponding test is to be executed. Click on this check box to deselected (uncheck) any tests that you do NOT want to execute.

SubjectThis column displays the name of the alerted subject from the Current Alerts tab.

TestThis column lists the test(s) that can be executed against the selected subject.

StatusThis column displays the status of each test listed:

• Configuration Available• Test Ready• Configuration Required



Select the Start/Configure Selected Tests button, located at the top of the DT Tab, to display the Test Progress window. From the Test Progress window, you can start and/or configure the tests listed.

This window contains the following information:

Test Progress InformationThe section at the top of the screen displays the following information:

• number of tests completed• total number of tests to be executed• progress bar illustrating the progress• date/time when the selected tests started• date/time when the test(s) completed• elapsed execution time

Test List Box

The list box at the bottom of the window displays the following information for each test selected for execution:

• Object - displays an icon indicating the current status and the name of the object being tested. The following icons are used to depict the status:

Processing/Queued

Configuration Available or Required

Completed

Cancelled

An Error Occurred• Test - displays the name of the test being executed.• Progress - displays the test’s current status:

• Ready - test is ready to be executed• Configuration Available - test contains default settings which can optionally

be changed• Configuration Required - test requires additional information before it can

be executed



• Processing - test is being executed• Queued - test is in the testing queue• Cancelled - test has been cancelled using one of the Cancel buttons• Completed - test has successfully executed• An Error Occurred - test encountered errors when executing

In addition, the following buttons are available on the toolbar:

Use the Start button to start executing the tests listed in the test list box.

Use the Configure button to set or modify the configuration settings for the selected test. Configurable tests are identified in the test list box by a Configuration Available or Configuration Required status in the Progress column. To configure a test, select/highlight the test in the test list box and select the Configure button. This will display a dialog allowing you to enter/specify the appropriate information/settings.

See Appendix B: Configurable Tests in the DirectoryTroubleshooter Administrator’s Guide, for a list of the configurable tests and a description of the settings/options available on their configuration dialogs.

Use the Cancel Test button to cancel the execution of a single test. To cancel an individual test, select/highlight the test from the test list box and select the Cancel button.

Use the Cancel All Tests button to cancel the execution of all the tests listed in the test list box.

When all of the tests listed have successfully executed, this window will automatically close and the corresponding test results will be displayed. The Test Results View contains the following information:

• test name and description• date and time of execution• report summary including links to test details and the DirectoryTroubleshooter

knowledge base• test details (the layout and content of the details will vary depending on the test that

was executed)• warnings/errors, if applicable



Throughout the results page, you will find Top, Hide All/Show All and Hide/Show links to the right of the page. These links allow you to control what is displayed on the screen. The Top link will jump you back to the Summary section; whereas the Hide/Show links will collapse or expand the corresponding report section.

Use the More Info button in the Report Summary of the Test Results Page to view the DirectoryTroubleshooter knowledge base entry for the displayed test.



Real-Time Diagnostics When accessed from the DC Information tab, the DT tab will display the real-time diagnostics view for the domain controller selected in the Enterprise Explorer. This console provides several diagnostic views into the selected domain controller, including core operating system views (CPU, memory, disk, and network utilization) and directory service views (File Replication Services, Active Directory replication).

The title bar, at the top of this tab, displays the name of the computer being monitored, a component selection drop-down box and a refresh progress bar (Next Update). The Next Update field at the top of the screen illustrates when the view will be refreshed with updated data.

Use the double arrows in the section headings to expand (down arrows) or collapse (up arrows) a section. Also, whenever your cursor turns into a pointing hand (e.g., placed over a graph) this indicates that a more detailed view is available. Clicking on the entry/graph will display the new view with more detailed information. The more detailed view will be displayed at the next update interval. To return to the previous view, click on the corresponding (underlined) link located under the title bar.

For a detailed description of each real-time diagnostic view that can be displayed, please refer to Chapter 5: Real-Time Diagnostics in the DirectoryTroubleshooter Administrator’s Guide. This chapter explains how to run diagnostics and describes all of the diagnostic views available.



Replication ViewWhen accessed from the Replication Information tab, the DT Tab will display the Replication view. The Replication View provides valuable information about the two domain controllers selected for data replication. The information consists of the immediate replication partners for the target server and the “recommended” (i.e., shortest) replication path between the two servers. From this console, you can also initiate an end-to-end data replication for these domain controllers.

The Replication View displays the following replication information:

Source Domain ControllerThis text box displays the source server where replication will originate.

Target Domain ControllerThis text box displays the destination server where replication will terminate.

Naming Context list boxFor a path to exist between two servers, they need to have at least one shared naming context. When you have two servers (source and target) selected, the Naming Context list box will show the shared naming contexts for the two servers. Selecting (checking)/unselecting (unchecking) them will show/hide the entries in the Recommended Replication Path list at the bottom of the console. All of the shared naming context(s) will be selected (checked) by default.

NOTE: (Read Only) will be appended to the naming context(s) that cannot be replicated because the source server has a read-only replica while the target server has a writable copy. Read-Only naming contexts cannot be selected (checked) for replication.



Target’s Immediate Replication Partners

This list shows the immediate replication partners for the target server. Each server in the list will have an entry for the naming context selected, containing the following information for each partner:

Naming ContextThis column displays the immediate replication partners for the target domain controller and the shared naming contexts that can be replicated.

By default, this information is sorted by domain controller with all applicable naming context(s) listed under their replication partner. To sort the list by naming context, right-click a naming context entry and select the Group by Naming Context command. This will then redisplay the list by naming context with the replication partners listed under each NC.

Last AttemptThis column displays the date and time when the last replication was attempted.

Last ResultThis column displays the results of the last replication process.

Last SuccessThis column displays the date and time of the last successful replication.

# Consecutive FailuresThis column displays the number of consecutive failures encountered during the last replication session.

Current USNThis column displays the current Update Sequence Number (USN).

ErrorThis column displays the last replication error encountered for each replication partner and naming context.

LatencyThis column displays the elapsed time (HH:MM:SS) between changing an object in the naming context and the time the change appears on each domain controller. This value is only displayed for the Configuration naming context and the local domain. It only shows the latency time for direct replication partners.

Recommended Replication Path

This list shows a calculation of the shortest number of hops between the source and target servers for each naming context. This is done by algorithmically calculating the shortest path, which should correlate to what Active Directory does. This list contains the following information:

SourceThis column displays the replication partners and the source naming context for the recommended replication path between the two selected servers.



DestinationThis column displays the destination naming context for the recommended replication path between the two selected servers.

StatusThis column displays the current replication status for a replication path. When a replication failure is detected, a balloon will appear that highlights the server that failed and offers to have DirectoryTroubleshooter locate an alternate replication path around the failed link. For more details, see Server Avoid List.

NOTE: In a multiple target scenario, the Target's Immediate Replication Partners list will be removed and the Recommended Replication Path window will be expanded to occupy the available space.

Server Avoid List

The Server Avoid List provides the ability to mark the connection object of a domain controller in the replication path as unavailable. The Replication View will then calculate the recommended path between the source and target servers excluding the domain controller(s) listed in the Avoid List. This feature can be used when a server is offline or when replication has failed for some other reason. It can also be used at the user's discretion without requiring a replication failure. For example, for experimental purposes or perhaps if a particular domain controller is across a slow link.

By default, the Avoid List window is docked and minimized on the far right-hand side of the current Replication View.

To add a server to the avoid list, use one of the following methods:

• From the Replication Failure Detected balloon, select the YES button. This will exclude that particular server from the recommended replication path. Select the Refresh button to recalculate the recommended path.

• From the Recommended Replication Path window, select the domain controller to be added to the avoid list, right-click and select the Add <server> to Avoid List command. Select the Refresh button to recalculate the recommended path excluding this particular domain controller.

• From the Recommended Replication Path window, drag the connection object of the domain controller to be excluded to the Avoid List Window. (Avoid List Window must be expanded/opened to use drag and drop functionality.) Select the Refresh button to recalculate the recommended path excluding this particular domain controller.

• On the Avoid List page on the Options dialog, select the domain controller to be added to the Avoid List. This would be a global setting and would be used as the default setting for all new Replication Views.

To view the list of domain controllers to be "ignored", expand the Avoid List window. From this window, you can also remove a domain controller from this list by selecting/highlighting the server, right-clicking and selecting the Remove command.



Replication Activity

The Replication Activity Window at the bottom of the page will be populated when an replication is performed through the Replication View. The following information will be displayed:

ServerThis column displays the servers involved in the replication session.

Inbound Bytes/secThis column displays the number of bytes transported to the destination server.

Outbound Bytes/secThis column displays the number of bytes replicated out from the source server.

For more information about the Replication View, including the Server Avoid List and Replication Activity window, please refer to Chapter 6: Replication View in the DirectoryTroubleshooter Administrator’s Guide.

DirectoryTroubleshooter OptionsUse the Configuration | DirectoryTroubleshooter Options menu command to display the Options dialog from DirectoryTroubleshooter, which allows you to customize many of the aspects of how DirectoryTroubleshooter works.

From the left-hand pane, you can select to view/modify options for the following objects:

• Diagnostics View - the top-level page includes default settings for gathering information.

• Alerts - this page allows you to define default alert conditions for new diagnostics views.

• Components - this page allows you to disable the gathering of diagnostics for individual components.

• File Locations - the top-level page allows you to define the default location for storing DirectoryTroubleshooter files.

• Logging - this page allows you to enable logging and define the location for storing the DirectoryTroubleshooter logs.



• Objects - the top-level page includes default settings for displaying DNS servers. • Forests - this page allows you to add (or remove) a forest to the Select Objects

dialog.• Performance Health Check - the top-level page includes default settings for refreshing

data and for starting the collection process. • Alerts - this page allows you to define alert conditions for new performance

health checks.• Templates - this page allows you to select or create the health template(s) to be

used for new performance health checks.

• Replication View - this page allows you to set the topology refresh period.

• Avoid List - this page allows you to mark domain controllers in the replication path as unavailable when calculating the recommended replication path between the source and target servers.

• Tests - the top-level Tests page includes options for automatically running custom tests and for retaining test result history.

• Running Reports and Jobs - this page allows you to define the maximum number of tests to be run simultaneously.

To display the options, select/highlight the object in the left-hand pane of the Options dialog. The page of options will then be displayed in the right-hand pane.

For more details regarding the DirectoryTroubleshooter options, please refer to Chapter 7: DirectoryTroubleshooter Options in the DirectoryTroubleshooter Administrator’s Guide.



Chapter 11: ChangeAuditor Integration

ChangeAuditor identifies changes to critical components of the Active Directory environment as they occur and provides the five “Ws” for each change:

• Who made the change• What the change was, including new and previous values• When the change was made• Where the change was made• Why the change was made

By tracking all configuration changes with ChangeAuditor, administrators can easily monitor, verify and respond to Active Directory configuration changes before they impact the service levels of the directory and the applications and services that rely on it.

The smartlink technology being used provides intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer, integration with MOM ADMP alerts, and the infrastructure change events captured with the ChangeAuditor real-time change auditing solution.

ChangeAuditor Integration


ChangeAuditor TabThe ChangeAuditor tab, located at the bottom of the Current Alerts tab, allows you to immediately determine if a DirectoryAnalyzer alert or MOM ADMP alert was caused by a change event captured with ChangeAuditor.

To view ChangeAuditor events:

1. Select/highlight an alert in the Current Alerts tab.

2. Select the ChangeAuditor tab to display the event query options.

3. Verify that the ChangeAuditor event query options are displayed and one or more ChangeAuditor facility is selected, as described below:

Events within the time frameUse the drop-down list to select the desired time frame:

• One hour before• Twelve hours before• One day before• Seven days before• Thirty days before

Subject name applicationThe criteria displayed in this field is DirectoryAnalyzer's attempt to match the name from the DirectoryAnalyzer Client with the ChangeAuditor object name, either through direct matching or by converting the DirectoryAnalyzer subject name to its DN. Use the drop-down list to select the subject selection criteria to be used :

• Events that contain the subject name• Events that contain the subject DN• Events that match either subject name or DN• Events that match the subject DN• Events that match the subject name• Ignore subject name

NOTE: Use the Ignore Subject Name option to find all changes of a particular type within the given time frame.

Matching ChangeAuditor FacilitiesUse the drop-down list to select the facility to be used in the search.

The relationship between a DirectoryAnalyzer alert and a ChangeAuditor event has been predetermined to target the facility in ChangeAuditor that relates to the alert in DirectoryAnalyzer.



4. Select the Find Events button to execute the query and display the results.

5. If no events are returned, you can attempt to broaden the scope of the query by selecting multiple facilities, expanding the subject selection criteria (e.g., Ignore Subject Name) and/or expanding the time range.

ChangeAuditor Search Results Window

When change events are returned, the following information will be displayed for each event:

TimeThe Time field displays the date and time when the change took place.

Changed ByThe Changed By field displays the name of the user who initiated the change.

Changed OnThe Changed On field displays the name of the server where the change occurred.

ChangeThe Change field displays what change was made to the object.

DescriptionThe Description field displays a brief description of the change.



Event Information DialogTo display the Event Information dialog which contains more detailed information about an individual event, double-click on an audited event in the ChangeAuditor Search Results Window.

This dialog provides the following details about the selected event:

Changed ByThis field specifies the name of the user who initiated the change.

Date/TimeThis field specifies the date and time when the change occurred.

Changed OnThis field displays the name of the server where the change occurred.

DescriptionThis field provides a brief description of the change that occurred.

Object TypeThis field defines the type of object that changed.



Object NameThis field specifies the name of the object that changed.

Sub-SystemThis field defines the subsystem, or area of auditing, where the change event occurred.

FacilityThis field defines the event class facility to which the change event belongs.

ActionThis field defines the action associated with the selected event.

AttributeIf an attribute has been modified, this field displays the name of the attribute.

Old ValueThis field lists the old value that was assigned to the object.

New ValueThis field lists the new value that is now assigned to the object.

Sorting Your ResultsBy default, the change events are sorted by time with the latest event being displayed at the top of the list. An arrow in the column heading identifies the sort criteria and order, ascending or descending. To change the sort criteria, click on another column heading. The sort order will be in ascending order, but can be changed to descending order by clicking on the heading a second time.



Chapter 12: DirectoryAnalyzer Web Portal

The DirectoryAnalyzer Web Portal allows you to connect to an alerting console using Internet

Explorer 5.01 or higher. The web portal technology allows you to view current alerts or alert history via an interactive web page.

Beginning with DirectoryAnalyzer version 3.5, the web portal provides you with the ability to view all Active Directory forest health alerts from a single web console. It provides this capability in situations where cross-forest trusts exist and where they do not exist. The enhanced web portal also provides an intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer and the infrastructure change events captured with the real-time ChangeAuditor solution.

NOTE: The DirectoryAnalyzer Web Portal is installed separately from the DirectoryAnalyzer product. Please refer to Chapter 5 in the DirectoryAnalyzer Installation Guide for complete instructions on how to install the web portal.

NOTE: MOM ADMP alerts are not displayed through the DirectoryAnalyzer web portal.

To access the DA Web Portal:

1. Enter the following command in the address field of your web browser: http://<server root>/DAPortal/

2. The first time you invoke the portal, you must add the forest(s) to be viewed. To add a forest, select the Admin Tab and enter the requested information on the Consolidator Administration dialog. See Configuring the DA Web Portal on page 148 for more information on entering the required information.

3. After adding the forest(s), select the Domain tab on the main screen and expand the top node in the left-hand pane to verify that the domain topology for the forests you entered are present.

NOTE: It may take several minutes for the information to become available.

DirectoryAnalyzer Web Portal


Configuring the DA Web PortalThe DA Web Portal communicates with a consolidator via TCP port 8085. This port is used by the Remoting classes of the .NET framework. The consolidator uses the credentials for each forest to connect to the DirectoryAnalyzer WMI provider running on the DirectoryAnalyzer Enterprise Agent. A forest’s credentials can either be a domain account within the forest or a local machine account on the Enterprise Agent. These credentials must have permission to access the Enterprise Agent machine’s WMI provider. Similarly, credentials must be provided for the ChangeAuditor Repository WMI provider. If cross-forest trusts are set up, one set of credentials will work for all forests linked by the cross-forest trust.

Selecting the Admin tab from the main screen will display the Consolidator Administration dialog. This dialog allows you to add, edit and/or remove forest(s) from the web portal display.

NOTE: If the Admin tab is not present, verify that you are a member of the DAWebAdmins group. The DAWebAdmins group is optionally created by the installer as a local group account on the IIS server running the web portal. If you did not allow the installer to create this group, it MUST be created if you want anyone to have administrative access to the web portal/consolidator.

NOTE: SSL must be enabled on the web portal server to ensure that forest credentials are encrypted between the client web browser and the web server itself.

If enabling SSL support is NOT an option for your environment, a consolidator configuration utility is provided as part of the web portal/consolidator installation. Please refer to Managing Your Forest Using the Consolidator Configuration Utility on page 160.



Adding a ForestWhen you first invoke the DA Web Portal, you must add the forest(s) you want to view through the portal. To add a forest:

1. Select the Add button on the Consolidator Administration dialog. This will expand the dialog allowing you to enter the forest information.

2. In the Forest Information section, enter the following information for the forest to be added:

NameEnter the DNS name of the forest to be included in the web portal view.

AliasEnter the name that is to appear in the tree display in the web portal tree view (left-hand pane).

3. In the Enterprise Agent section, enter the credentials to be used to access the Enterprise Agent to retrieve topology information, current alerts and alert details.

Enterprise Agent DNSEnter the DNS name of the Enterprise Agent to be used.

Enterprise Agent AliasEnter an alias for the Enterprise Agent which will be displayed in the tree view on the DA Web Portal.

Domain UserEnter the domain user account to be used to access the DirectoryAnalyzer WMI provider, which is installed on the Enterprise Agent.

Password / Confirm PasswordEnter the password associated with the domain user entered above.



4. If you want to retrieve ChangeAuditor events, in the ChangeAuditor section, enter the credentials to be used to access the ChangeAuditor Repository.

Repository DNSEnter the DNS name of the ChangeAuditor Repository to be used.

Repository AliasEnter an alias for the ChangeAuditor Repository which will be displayed in the tree view on the DA Web Portal.

Domain UserEnter the domain user account to be used to access the ChangeAuditor WMI provider, which is installed on the server hosting the Repository.

Password / Confirm PasswordEnter the password associated with the domain user entered above.

5. After entering the forest, enterprise agent and repository information, select the Save button at the bottom of the dialog.

6. Repeat steps 1 through 5 to add additional forests.

Editing Forest InformationTo edit an existing forest’s information:

1. From the Configured Forest drop-down list, at the top of the Consolidator Administration dialog, select the forest to be edited.

2. Select the Edit button . This will expand the Consolidator Administrator dialog, displaying the forest, Enterprise Agent and ChangeAuditor Repository information for the selected forest.

3. Modify the displayed information as necessary, re-enter your passwords and select the Save button.

Deleting a ForestTo remove a forest from the DA Web Portal view:

1. From the Configured Forest drop-down list at the top of the Consolidator Administration dialog, select the forest to be removed.

2. Select the Remove button .

3. Select the Save button.



DA Web Portal Main ScreenThe main screen of the web portal contains the following major components:

• Domain Tab - selecting this tab allows you to display the domain topology for the selected forest(s) in the Navigation panel.

• Site Tab - selecting this tab allows you to display the site topology for the selected forest(s) in the Navigation panel.

• Admin Tab - selecting this tab allows you to specify the forest(s) to be viewed, the Enterprise Agent to be used and the ChangeAuditor Repository to be used.

• Alert History Tab - selecting this tab allows you to display the alert history for the selected object.

• Tree View - the left-hand pane of the main screen contains a hierarchical view of the forests.

• Alerts Window - the right-hand pane of the main screen displays the current DirectoryAnalyzer alerts for the object selected in the Tree View.

• Alert Details Tab - selecting this tab, which located near the bottom of the screen, allows you to view details regarding the alert selected in the Alerts Window.

• ChangeAuditor Tab - selecting this tab, which is also located near the bottom of the screen, allows you to view any configuration change events associated with the alert selected in the Alerts Window.



Viewing Current AlertsTo view current DirectoryAnalyzer alerts through the DA Web Portal, select/highlight an object in the Tree View (left-hand pane) to populate the Alerts Window (right-hand pane) with the current alerts for that object.

Tree ViewThe left-hand pane of the main screen contains a hierarchical tree view of the forest(s) selected for viewing. The Show Only Managed command provides the option to display only sites and servers managed by the currently connected Enterprise Agent. You can use one of two views to display the tree:

• Domain view - selecting the Domain tab will display the tree hierarchy by domain.

• Site view - selecting the Site tab will display the tree hierarchy by site.



Alerts WindowThe right-hand pane of the main screen will display the current alerts for the object selected in the Tree View.

The following information is displayed in the Alerts Window:

Current Viewed AlertsThe Current Viewed Alerts field displays the total number of current alerts available for display.

SeverityThe Severity column displays a symbol representing the severity of all the alerted object(s) in your enterprise:

Critical

Warning

Alert TimeThe Alert Time column displays the date and time when the alert threshold was violated.

TypeThe Type column displays the type of object that is alerted:

• Server• Enterprise• Exchange• NC (Naming Context)• Replica• Site

SubjectThe Subject column displays the name of the alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert.

Alert NameThe Alert Name column displays the actual alert that was issued.



ForestThe Forest column displays the name of the forest where the alerted object resides.

The controls at the bottom of the alerts window indicates the alert page that is currently being displayed. These controls also allow you to scroll through multiple pages of alerts or display a specific page.

FirstUse the First link at the bottom of the alerts window to display the first page of alerts.

PreviousUse the Previous link at the bottom of the alerts window to display the previous page of alerts.

NextUse the Next link in the lower right-hand corner of this window to display the next page of alerts.

LastUse the Last link at the bottom of the alerts window to display the last page of alerts.

Alert DetailsTo view details for a particular alert, single-click on the alert with the left mouse button. This will populate the Alert Details tab at the bottom of the screen. Scroll down to display the alert details for the selected alert.

The Alert Details section contains the following information about the selected alert:

SubjectThe Subject field displays the name of the alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert.

Alert NameThe Alert Name field displays the actual alert that was issued.

SeverityThe Severity field displays the severity level of the alert: Critical or Warning

Start TimeThe Start Time field displays the date and time when the alert threshold was violated.



DetailsThe Details field displays a brief description of what caused the alert.

Alert ValueThe Alert Value field contains the value information for the alert.

Alert ThresholdThe Alert Threshold field displays the threshold value that was violated.

Viewing Alert History To view the alert history for an Active Directory object, select the Alert History tab, located above the Alerts Window. This will display the Alert History Window which allows you to specify a forest, subject and/or date range to customize your alert history report.

To define the scope of your alert history report:

1. On the Alert History tab, enter the following information:

ForestUse the drop-down list to select the forest to be searched.

SubjectUse the drop-down list, to select a type of object or an individual object to be included in the alert history report:

• All - includes all objects in your alert history (default)• NC - allows you to select an individual naming context• Site - allows you to select an individual site• Server - allows you to select an individual server

From / ToUse these fields to specify a date range for your alert history report. By default, the From date is one month prior to today’s date and the To date is today’s date.

To specify a date range, either enter the dates in the From and To fields or click on the small calendar icons to display a calendar and select the desired date from the displayed calendar.

2. Select the Search button.

Once the search is complete, the following information will be displayed in the Alert History Window:

Severity

The Severity column displays a symbol representing the severity of the alerted object(s).

Alert Time

The Alert Time column displays the date and time when the alert threshold was violated.



Clear Time

If an alert was cleared, the Clear Time column will display the date and time when the alert was cleared.

Type

The Type field displays the type of object that is alerted:

• Server• Enterprise• Exchange• NC (Naming Context)• Replica• Site

Subject

The Subject column displays the name of the alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert.

Alert Name

The Alert Name column displays the actual alert that was issued.

Viewing ChangeAuditor Events and DetailsChangeAuditor identifies changes to critical components of the Active Directory environment as they occur and provides the five “Ws” for each change:

• Who made the change• What the change was, including new and previous values• When the change was made• Where the change was made• Why the change was made

The DA Web Portal allows you to immediately determine if a DirectoryAnalyzer alert was caused by a change event captured with ChangeAuditor.

To view ChangeAuditor events:

1. Select/highlight an alert in the Alert or Alert History window.

2. Select the ChangeAuditor tab, located under the Alerts Window. This will display the event query options.



3. Verify that the ChangeAuditor event query options are displayed and one or more ChangeAuditor facilities are selected, as described below:

Search for events within the following time frame

Use the drop-down list to select the desired time frame:

• One hour before• Twelve hours before• One day before• Seven days before• Thirty days before

Subject selection criteria

Use the drop-down list to select the subject selection criteria to be used :

• Events that contain the subject name• Events that contain the subject DN• Events that match either subject name or DN• Events that match the subject DN• Events that match the subject name• Ignore subject name

Search for events matching the selected ChangeAuditor facilities

Use the drop-down list to select the facility to be used in the search:

The relationship between a DirectoryAnalyzer alert and a ChangeAuditor event has been predetermined to target the facility in ChangeAuditor that relates to the alert in DirectoryAnalyzer.

4. Select the Get ChangeAuditor Events button to execute the query and display the results.



5. Scroll to the bottom of the page to verity that the events are returned or the “No events located” message is displayed.

If no events are returned, you can attempt to broaden the scope of the query by selecting multiple facilities and expanding the time range.

6. Use the page controls at the bottom of the results to scroll through multiple pages of events or display a specific page of events.

ChangeAuditor Search Results WindowWhen change events are returned, the following information will be displayed for each event:

TimeThe Time field displays the date and time when the change took place.

Changed ByThe Changed By field displays the name of the user who initiated the change.

Changed OnThe Changed On field displays the name of the server where the change occurred.

ChangeThe Change field displays what change was made to the object.

DescriptionThe Description field displays a brief description of the change.



Event Information DialogTo display the Event Information dialog which contains more detailed information about an individual event, single-click on an audited event in the ChangeAuditor Search Results Window.

This dialog provides the following details about the selected event:

Changed ByThis field specifies the name of the user who initiated the change.

Date/TimeThis field specifies the date and time when the change occurred.

Changed OnThis field displays the name of the server where the change occurred.

DescriptionThis field provides a brief description of the change that occurred.

Object TypeThis field defines the type of object that changed.



Object NameThis field specifies the name of the object that changed.

Sub-SystemThis field defines the subsystem, or area of auditing, where the change event occurred.

FacilityThis field defines the event class facility to which the change event belongs.

ActionThis field defines the action associated with the selected event.

AttributeIf an attribute has been modified, this field displays the name of the attribute.

Old ValueThis field lists the old value that was assigned to the object.

New ValueThis field lists the new value that is now assigned to the object.

CommentsThis field contains any comments pertaining to the selected event, such as why an event occurred.

Sorting Your ResultsBy default, the alerts and change events are sorted by time with the latest alert/event being displayed at the top of the list. An arrow in the column heading identifies the sort criteria and order, ascending or descending. To change the sort criteria, click on another column heading. The sort order will be in ascending order, but can be changed to descending order by clicking on the heading a second time.

Managing Your Forest Using the Consolidator Configuration UtilityIf enabling SSL support is NOT an option, a Consolidator Configuration utility (ConsolidatorConfiguration.exe) is provided as part of the web portal/consolidator installation. This utility will be placed in a separate directory under the consolidator directory on the web portal server, (e.g., c:\inetpub\wwwroot\daportal\consolidator\configmanager).

The Consolidator Configuration utility can be run on a machine other than the web portal server, providing the following files are present:

• ConsolidatorConfiguration.exe• Consolidator.dll• Dotnetmagic.dll• Dataprotection.dll

To run this utility on a machine other than the web portal server, be sure to copy over the entire directory (which contains all these files).



Executing the ConsolidatorConfiguration.exe will launch the Consolidator Configuration dialog which allows you to specify the DA Consolidator to be configured.

From the Consolidator Configuration dialog, select the consolidator to be configured and select the Connect button. Selecting this button will populate the list box with the forest(s) specified for monitoring. Use the buttons to the right of the list box to configure forests for monitoring.



Adding a ForestTo add a forest for monitoring:

1. Select the Add button to display the DA Consolidator Credentials dialog.

2. Enter the required information as described below:

Forest Name

Enter the DNS name of the forest to be monitored

Forest Alias

Enter the name that is to appear in the tree display in the web portal tree view.

Use Same Credentials for EA and ChangeAuditor

Select/check this check box to use the same credentials for the Enterprise Agent and the ChangeAuditor repository. This box is unchecked by default, and additional fields for entering the ChangeAuditor repository credentials are displayed unless checked.

Enterprise Agent DNS

Enter the DNS name of the Enterprise Agent to be used.

Enterprise Agent Alias

Enter an alias for the Enterprise Agent which will be displayed in the tree view on the DA Web Portal.

Domain User

Enter the domain user account (<domain>\<username>)to be used to access the DirectoryAnalyzer WMI provider, which is installed on the Enterprise Agent.



Password/Confirm Password

Enter the password associated with logon account entered above, then confirm the password in the field below.

ChangeAuditor Repository DNS

If the Use Same Credentials check box is unchecked, enter the DNS name of the ChangeAuditor Repository to be used.

ChangeAuditor Repository Alias

If the Use Same Credentials check box is unchecked, enter an alias for the ChangeAuditor Repository which will be displayed in the tree view on the DA Web Portal.

Domain User

If the Use Same Credentials check box is unchecked, enter the domain user account (<domain>\<username>) to be used to access the ChangeAuditor WMI provider., which is installed on the server hosting the Repository.

ChangeAuditor Password

If the Use Same Credentials check box is unchecked, enter the password associated with the domain user entered above.

3. Select the Test Credentials button to verify the credentials are valid.

4. Select the OK button to add the forest for monitoring.



Editing Forest InformationTo edit an existing forest’s information:

1. From the forest list box, on the Consolidator Configuration dialog, select/highlight the forest to be edited.

2. Select the Edit button. This will display the DA Consolidator Credentials dialog, displaying the forest, Enterprise Agent and ChangeAuditor Repository information for the selected forest.

3. Modify the displayed information as necessary and re-enter your passwords

4. Select the Test Credentials button to verify the credentials entered.

5. Select the OK button to save your modifications and close the dialog.

Deleting a ForestTo remove a forest from the DA Web Portal view:

1. From the forest list box on the Consolidator Configuration dialog, select/highlight the forest to be removed.

2. Select the Remove button.

3. Select the OK button remove the forest and close the dialog.



Appendix A: DirectoryAnalyzer Alert Messages

When DirectoryAnalyzer detects that an alert threshold has been exceeded, it sends an alert to the DirectoryAnalyzer client, the Event Log (if the Event Log option is set) and SNMP (if the SNMP option is set).

NOTE: Several DirectoryAnalyzer alerts depend upon information gathered from various performance data objects. Occasionally, a performance data object may not load properly and may have to be loaded manually in order to enable the associated alert. The following table lists the DirectoryAnalyzer alerts and their associated performance data objects:

DirectoryAnalyzer Alert Performance Data ObjectDC CPU Load ProcessorDC Page Faults MemoryDC LDAP Load NTDSGC Load NTDSDC Cache Hits CacheDC Prop Drop NTDSDC SMB Connections ServerDC FRS Staging Area Disk Space FileReplicaSet

This appendix briefly describes each of the DirectoryAnalyzer alert messages. The alerts are listed in alphabetical order for the different types of alerts. The alert message descriptions include the type of alert and the default threshold settings for both levels: warning and critical.

DirectoryAnalyzer Alert Messages


Domain Controller Alerts Domain Controller: Cache Hit Rate Below Threshold

This alert indicates that the performance of the server may be degraded because of too few Cache Read hits.

Domain Controller: CPU Load Threshold ExceededThis alert indicates that the CPU for the domain controller is too busy. This can indicate a problem with DS (directory service) or it can indicate a problem may occur because the DC cannot respond to requests quickly enough.

Domain Controller: DC Agent Not RespondingThis alert indicates that the DC Agent is not responding within the configured threshold.

Domain Controller: DC Time is Different Than Its Time SourceThis alert is generated if the DC’s time differs from one of its reference sources by more than the configured threshold.

Set by: DC Cache HitsDefaults: Warning Threshold: 25%

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 15%

Set Dur: 240 seconds Clear Dur: 240 seconds

Set by: DC CPU LoadDefaults: Warning Threshold: 20%

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 80%


Set by: DC Agent Not RespondingDefaults: Warning Threshold: 500 milliseconds

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 1000 milliseconds


Set by: DC Time Sync LostDefaults: Warning Threshold: 30 seconds

Set Dur: 0 seconds Clear Dur: 0 secondsCritical Threshold: 120 seconds




Domain Controller: DIT Disk Space Below ThresholdThis alert indicates that the amount of disk space available on the volume Active Directory uses for its database is less than or equal to the specified threshold.

Domain Controller: DIT Log File Disk Space Below ThresholdThis alert indicates that the amount of disk space available on the volume Active Directory uses for it log files is less than or equal to the specified threshold.

Domain Controller: DNS Bad IP AddressThis alert indicates that the DNS service is reporting one or more invalid IP addresses for DCs in the domain in which the DNS server is located. An invalid IP address can cause the DC to be unreachable by some or all clients.

Domain Controller: DNS Resolver Missing SRV RecordsThis alert is active when one or more of the configured DNS resolvers for a DC is missing key service locator records.

Set by: DC DIT Disk SpaceDefaults: Warning Threshold: 500 MB

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 250 MB


Set by: DC DIT Log File Disk SpaceDefaults: Warning Threshold: 500 MB



Set by: DNS Bad IP AddressDefaults: Warning Threshold: N/A

Set Dur: 600 seconds Clear Dur: 0 secondsCritical Threshold: N/A


Set by: DNS Resolver Missing SRV RecordsDefaults: Warning Threshold: N/A





Domain Controller: DNS Resolver Not RespondingThis alert is active when one or more of the configured DNS resolvers for a DC is not responding in a timely manner.

Domain Controller: DNS Server Hosts Domain With Missing SRV Records This alert is generated when one or more requisite DNS SRV (Service Locator) entries are not defined. DNS SRV entries are vital to the proper functioning of Active Directory.

Domain Controller: DNS Service Not RespondingThis alert indicates that the DNS service is not responding to queries within a given period of time. An unresponsive DNS server can have an adverse effect on the performance of Active Directory.

Domain Controller: DNS Service Not RunningThis alert indicates that a server hosting DNS is running, but the DNS service itself is not. A DNS service not running can affect the ability of clients to access Active Directory.

Set by: DNS Resolver Not RespondingDefaults: Warning Threshold: 1000 milliseconds

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 10000 milliseconds


Set by: DNS Server Hosts Domain with Missing SRV RecordsDefaults: Warning Threshold: N/A



Set by: DNS Not RespondingDefaults: Warning Threshold: 100 Milliseconds

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 500 Milliseconds


Set by: DNS Not RunningDefaults: Warning Threshold: N/A





Domain Controller: Duplicate Connection ObjectsThis alert is generated when there are duplicate connection objects found within the replication partner object for the given domain controller.

Domain Controller: File Replication Service Not RunningThis alert is generated if the File Replication Service is currently not running on the DC.

Domain Controller: FRS Staging Area Disk Space Below ThresholdThis alert indicates that the amount of disk space allocated for staging files during replication is less than or equal to the specified threshold.

Domain Controller: GC Load Threshold ExceededThis alert indicates that the amount of LDAP traffic serviced by the domain controller that hosts the Global Catalog is above the configured threshold value. This threshold is based on the number of LDAP writes and LDAP searches performed per second.

Set by: Duplication Connection ObjectsDefaults: Warning Threshold: N/A



Set by: File Replication Service Not RunningDefaults: Warning Threshold: N/A



Set by: DC FRS Staging Area Disk SpaceDefaults: Warning Threshold: 300 MB



Set by: GC LoadDefaults: Warning Threshold: 75 per second

Set Dur: 60 seconds Clear Dur: 60 secondsCritical Threshold: 100 per second




Domain Controller: Global Catalog Response Too SlowThis alert indicates that the response time of the servers that host the replica of the Global Catalog equals or exceeds the configured threshold value.

Domain Controller: Group Policy Object InconsistentThis alert is generated when the Group Policy Object (GPO) for a given policy has fallen out of sync with the representation stored on the local SYSVOL share.

Domain Controller: Inter-site Replication Partner Not RespondingThis alert is active if an Inter-site replication partner is not responding.

Domain Controller: Intra-site Replication Partner Not RespondingThis alert is active if an Intra-site replication partner is not responding.

Set by: GC Response Too SlowDefaults: Warning Threshold: 250 Milliseconds



Set by: GPO InconsistentDefaults: Warning Threshold: N/A



Set by: Inter-site Replication Partner Not RespondingDefaults: Warning Threshold: 500

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 1000


Set by: Intra-site Replication Partner Not RespondingDefaults: Warning Threshold: 250





Domain Controller: KDC Service Not RunningThis alert is generated if the Kerberos Key Distribution Center (KDC) Service is not currently running on the DC.

Domain Controller: LDAP Load Threshold ExceededThis alert indicates that the amount of LDAP traffic serviced by the domain controller equals or exceeds the threshold set by the administrator. This threshold is based on the number of LDAP writes and LDAP searches performed per second.

Domain Controller: LDAP Response Too SlowThis alert indicates that the response time of the domain controller to an LDAP request equals or exceeds the administrator-defined threshold.

Domain Controller: LSASS CPU Load Threshold ExceededThis alert indicates that the CPU for the LSASS service is too busy.

Set by: KDC Service Not RunningDefaults: Warning Threshold: N/A



Set by: DC LDAP LoadDefaults: Warning Threshold: 75 per second

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 100 per second


Set by: DC LDAP Response Too SlowDefaults: Warning Threshold: 500 Milliseconds



Set by: LSASS CPU LoadDefaults: Warning Threshold: 25





Domain Controller: LSASS Virtual Memory Threshold ExceededThis alert indicates that the virtual memory allocated to the LSASS service is too high.

Domain Controller: LSASS Working Set Memory Threshold ExceededThis alert indicates that the working set memory allocated to the LSASS service is too high.

Domain Controller: Net Logon Service Not RunningThis alert is generated if the Net Logon Service is currently not running on the DC.

Domain Controller: NETLOGON Not SharedThis alert is generated when the NETLOGON folder is not shared. File Replication Service requires this folder to be shared on Windows 2000 DCs for replication to work correctly.

Set by: LSASS Virtual MemoryDefaults: Warning Threshold: 500



Set by: LSASS Working SetDefaults: Warning Threshold: 500



Set by: Net Logon Service Not RunningDefaults: Warning Threshold: N/A



Set by: NETLOGON Not SharedDefaults: Warning Threshold: N/A





Domain Controller: Not RespondingThis alert indicates that the domain controller is not responding within the configured threshold.

Domain Controller: NTFRS CPU Load Threshold ExceededThis alert indicates that the CPU for the NTFRS service is too busy.

Domain Controller: NTFRS Virtual Memory Threshold ExceededThis alert indicates that the virtual memory allocated to the NTFRS service is too high.

Domain Controller: NTFRS Working Set Memory Threshold ExceededThis alert indicates that the working set memory allocated to the NTFRS service is too high.

Set by: DC Not RespondingDefaults: Warning Threshold: 500 Milliseconds



Set by: NTFRS CPU LoadDefaults: Warning Threshold: 15



Set by: NTFRS Virtual MemoryDefaults: Warning Threshold: 75



Set by: NTFRS Working SetDefaults: Warning Threshold: 75





Domain Controller: Page Fault Threshold ExceededThis alert might indicate that the performance of the server may be degraded because of too many page faults.

Domain Controller: PDC Role Owner in Root Domain Has No External Time SourceThis alert is generated if the PDC Role Owner of the root domain in the forest is not configured to use an external time source. All DCs in the forest synchronize their time by the PDC Role Owner’s clock.

Domain Controller: Properties Dropped Threshold ExceededThis alert occurs when directory property updates were dropped during replication.

Domain Controller: Replication Partner Count Too HighThis alert indicates that the total number of replication partners for this domain controller is greater than the administrator configured threshold value.

Set by: DC Page FaultsDefaults: Warning Threshold: 500 faults per second

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 1000 faults per second


Set by: Root PDC Role Owner Has No External Time SourceDefaults: Warning Threshold: N/A



Set by: DC Properties DroppedDefaults: Warning Threshold: 100 dropped

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 200 dropped


Set by: Replication Partner CountDefaults: Warning Threshold: 25 Objects

Set Dur: 10 seconds Clear Dur: 10 secondsCritical Threshold: 50 Objects




Domain Controller: Replication Partner Not RespondingThis alert is active if the replication partner is not responding.

Domain Controller: Replication Topology ClosureThis alert is generated when the server’s copy of the replication topology for either the Default Naming Context or the Enterprise Configuration Naming Context is not transitively closed. Not all changes to the unclosed NC will propagate to all domain controllers holding replicas of the naming context.

Domain Controller: Replication Topology Not Closed Within Parent SiteThis alert is generated when the server’s copy of the replication topology for either the Default Naming Context or the Enterprise Configuration Naming Context is not transitively closed within its parent site. Changes to the unclosed NC will have to go offsite to be completed.

Domain Controller: RID Pool Below ThresholdThis alert is generated when the available pool of Relative Identifiers (RIDs) on this server is less than or equal to the configured threshold.

Set by: Replication Partner Not RespondingDefaults: Warning Threshold: 250 Milliseconds



Set by: Replication Topology ClosureDefaults: Warning Threshold: N/A



Set by: Intra-Site Replication Topology ClosureDefaults: Warning Threshold: N/A



Set by: DC RID Pool LowDefaults: Warning Threshold: 10 (# available in RID Pool)

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 5 (# available in RID Pool)




Domain Controller: RODC Allowed Password Replication Policy InconsistentThis alert allows a user to verify that every read-only domain controller has the same password replication allow policy (i.e., a list of accounts whose passwords WILL be saved locally to the read-only domain controllers in the domain).

This alert is generated when the allowed password replication policy for a server is not consistent with the selected authoritative server for the domain.

Domain Controller: RODC Denied Password Replication Policy InconsistentThis alert allows a user to verify that every read-only domain controller has the same password replication deny policy (i.e., a list of accounts whose passwords will NOT be saved locally to the read-only domain controllers in the domain).

This alert is generated when the denied password replication policy for a server is not consistent with the selected authoritative server for the domain.

Domain Controller: SMB Connections Threshold ExceededThis alert occurs when the number of SMB (Server Message Block) connections in use on the domain controller equals or exceeds the threshold set by the administrator.

Domain Controller: SYSVOL Disk Space Below ThresholdThis alert indicates that the available disk space on the volume host SYSVOL is less than or equal to the configured threshold.

Set by: RODC Allowed Password Replication Policy InconsistentDefaults: Warning Threshold: N/A


Set Dur: 900seconds Clear Dur: 0 seconds

Set by: RODC Denied Password Replication Policy InconsistentDefaults: Warning Threshold: N/A



Set by: DC SMB ConnectionsDefaults: Warning Threshold: 20 (# of connections)

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 40 (# of connections)


Set by: DC SYSVOL Disk SpaceDefaults: Warning Threshold: 500 MB





Domain Controller: SYSVOL Not SharedThis alert is generated when the SYSVOL folder is not shared. File Replication Service requires this folder to be shared on Windows 2000 DCs for replication to work correctly.

Domain Controller: Unable to Verify TrustThis alert is active when a domain controller is unable to authenticate to one or more of its direct inbound uplevel trust partners.

Domain Controller: W32Time Service Not RunningThis alert is generated if the Windows Time (W32Time) Service is not currently running on the DC.

Naming Context Alerts Naming Context: Domain Naming and Schema Operations Masters Differ

DirectoryAnalyzer issues this alert when the Domain Naming and Schema Operations Masters reside on separate domain controllers.

Set by: SYSVOL Not SharedDefaults: Warning Threshold: N/A



Set by: Trust Relationship Not FunctionalDefaults: Warning Threshold: N/A



Set by: W32Time Service Not RunningDefaults: Warning Threshold: N/A



Set by: Domain Naming and Schema Operations Masters DifferDefaults: Warning Threshold: N/A





Naming Context: Domain Naming Operations Master InconsistentDirectoryAnalyzer issues this alert when the Domain Naming Operations Master is not consistent between all domain controllers in the enterprise.

Naming Context: Domain Naming Operations Master Not a GCDirectoryAnalyzer issues this alert when the Domain Naming Operations Master does not host a Global Catalog.

Naming Context: Domain Naming Operations Master Not RespondingThis alert indicates that the Domain Naming Operations Master is not responding within the configured threshold.

Naming Context: Infrastructure Operations Master Hosts GCDirectoryAnalyzer issues this alert when the Infrastructure Operations Master (IOM) also hosts a Global Catalog. This is an alert condition when more than one DC exists for the domain AND all other DCs do NOT themselves host Global Catalogs.

Set by: Domain Naming Operations Masters ConsistencyDefaults: Warning Threshold: N/A



Set by: Domain Naming Operations Master Not a GC Defaults: Warning Threshold: N/A



Set by: Domain Naming Operations Master Not RespondingDefaults: Warning Threshold: 500 Milliseconds



Set by: Infrastructure Operations Master Hosts GCDefaults: Warning Threshold: N/A





Naming Context: Infrastructure Operations Master InconsistentDirectoryAnalyzer issues this alert when the Inter-Domain Daemon Operations Master (commonly called the Infrastructure Operations Master) is not consistent between all domain controllers in the domain.

Naming Context: Infrastructure Operations Master Not Responding This alert indicates that the Infrastructure Operations Master is not responding within the configured threshold.

Naming Context: PDC Operations Master InconsistentDirectoryAnalyzer issues this alert when the Domain PDC (Primary Domain Controller) Operations Master is not consistent between all domain controllers in the domain.

Naming Context: PDC Operations Master Not RespondingThis alert indicates that the PDC Operations Master is not responding within the configured threshold.

Set by: Infrastructure Operations Master ConsistencyDefaults: Warning Threshold: N/A



Set by: Infrastructure Operations Master Not RespondingDefaults: Warning Threshold: 500 Milliseconds



Set by: PDC Operations Master ConsistencyDefaults: Warning Threshold: N/A



Set by: PDC Operations Master Not RespondingDefaults: Warning Threshold: 500 Milliseconds





Naming Context: Replication Latency Threshold ExceededThis alert is generated when the time it takes to replicate changes from one domain controller to all other domain controllers in the naming context equals or exceeds the administrator-defined threshold.

NOTE: This alert is disabled initially; however, it can be enabled using the Configuration | Replication Latency command.

Naming Context: RID Operations Master InconsistentDirectoryAnalyzer issues this alert when the Domain RID (Relative ID) Operations Master is not consistent between all domain controllers in the domain.

Naming Context: RID Operations Master Not RespondingThis alert indicates that the RID Operations Master is not responding within the configured threshold.

Naming Context: Schema Operations Master InconsistentDirectoryAnalyzer issues this alert when the Schema Operations Master is not consistent between all domain controllers in the enterprise.

Set by: Replication LatencyDefaults: Warning Threshold: 600 minutes

Set Dur: 0 seconds Clear Dur: 0 secondsCritical Threshold: 1200 minutes


Set by: RID Operations Master ConsistencyDefaults: Warning Threshold: N/A



Set by: RID Operations Master Not RespondingDefaults: Warning Threshold: 500 Milliseconds



Set by: Schema Operations Master ConsistencyDefaults: Warning Threshold: N/A





Naming Context: Schema Operations Master Not RespondingThis alert indicates that the Schema Operations Master is not responding within the configured threshold.

Naming Context: Schema Version InconsistentThis alert is generated when the Schema Version is not consistent across the domain controllers of the enterprise.

Replica: Conflict Encountered During ReplicationThis alert indicates that conflicting objects were encountered during replication, which was reported by Active Directory.

Replica: Consecutive Replication Failures Threshold ExceededThis alert is generated when the number of consecutive replication failures equals or exceeds the configured threshold.

Set by: Schema Operations Master Not RespondingDefaults: Warning Threshold: 500 Milliseconds



Set by: Schema Version ConsistencyDefaults: Warning Threshold: N/A



Set by: Conflict Encountered During ReplicationDefaults: Warning Threshold: N/A



Set by: Consecutive Replication FailuresDefaults: Warning Threshold: 1





Replica: GC Replication Latency Threshold ExceededThis alert indicates that the replication latency of the server that hosts a replica of the Global Catalog equals or exceeds the configured threshold.

NOTE: This alert is disabled initially; however, it can be enabled using the Configuration | Replication Latency command.

Replica: Objects Exist in the Lost and Found ContainerThis alert is generated when DirectoryAnalyzer discovers objects in the Lost and Found container of a naming context.

Site Alerts Site: Exchange Server to GC ratio exceeded

Each site in an Active Directory enterprise should have at least one Global Catalog for every four Exchange Servers. This alert indicates that the number of Exchange Servers exceeds the configured threshold of Global Catalog servers in a given site.

Site: Inter-Site Replication ManagerThis alert is generated when the Inter-site Replication Manager determines that a server other than the Preferred Bridgehead server has a connection object replicating to a server outside of its current site.

Set by: GC Replication LatencyDefaults: Warning Threshold: 1800 seconds

Set Dur: 0 seconds Clear Dur: 0 secondsCritical Threshold: 3600 seconds


Set by: NC Lost And FoundDefaults: Warning Threshold: 1 (# of objects)

Set Dur: 120 seconds Clear Dur: 0 secondsCritical Threshold: 10 (# of objects)


Set by: Too Many Exchange Servers Per GCDefaults: Warning Threshold: 4 (# of Exchange Servers)

Set Dur: 600 seconds Clear Dur: 0 secondsCritical Threshold: 8 (# of Exchange Servers)


Set by: Inter-site Replication ManagerDefaults: Warning Threshold: N/A





Site: Inter-Site Replication Topology Generation DisabledThis alert is generated when the inter-site replication topology generation for a site is disabled.

Site: Intra-Site Replication Topology Generation DisabledThis alert is generated when the intra-site replication topology generation for a site is disabled.

Site: No Authority in Site to Resolve Universal Group MembershipsThis alert is issued when a site has no Global Catalog and Universal Group Membership caching is disabled.

Site: Site Agent Not UpdatingThis alert indicates that the Site Agent is not responding within the configured threshold.

Set by: Inter-Site Replication Topology Generation DisabledDefaults: Warning Threshold: N/A



Set by: Intra-Site Replication Topology Generation DisabledDefaults: Warning Threshold: N/A



Set by: No Universal Group Membership Authority in SiteDefaults: Warning Threshold: N/A



Set by: Site Agent Not UpdatingDefaults: Warning Threshold: N/A





Site: Too Few Global Catalogs in SiteThis alert indicates that the number of Global Catalog servers in a given site is less than or equal to the configured threshold.

Enterprise Agent AlertEnterprise: Alternate Enterprise Agent Not Updating

This alert is issued when DirectoryAnalyzer is configured with two Enterprise Agents and they cannot synchronize with one another.

Exchange Server AlertsExchange Host Server: Not Responding

This alert indicates that the member server that hosts the Exchange Server is not responding within the configured threshold.

Domain Controller: Exchange Server is Running on a Domain ControllerThis alert indicates that an Exchange Server is running on a domain controller.

Set by: Too Few Global Catalogs In SiteDefaults: Warning Threshold: 1 (# of GCs)

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 0 (# of GCs)


Set by: Not ConfigurableDefaults: Warning Threshold: N/A



Set by: Exchange Host Not RespondingDefaults: Warning Threshold: 500 (milliseconds)

Set Dur: 120 seconds Clear Dur: 120 secondsCritical Threshold: 1000 (milliseconds)


Set by: Exchange Server is Running on a Domain ControllerDefaults: Warning Threshold: N/A





Appendix B: DirectoryAnalyzer Statistics

DirectoryAnalyzer gathers and stores various statistics about Active Directory. The sample rate (or sampling interval) specifies how often this process is to occur. This appendix lists the statistics gathered by DirectoryAnalyzer and the default sample rates for each statistic. These statistics are listed here in alphabetical order for each of the different types of alerts:

• DC Alerts

• Site Alerts

DC AlertsThe Sampling Rate Settings tab displays the following statistics for DC alerts.

DC Policy Miner IntervalThe frequency (in seconds) with which the DC Agent gathers policy information.

Default Interval in seconds: 300

DC Status Miner Interval The frequency (in seconds) with which the DC Agent checks the status of various services.


DC Structure Miner IntervalThe frequency (in seconds) that the DC Agent refreshes local Active Directory structural information.


DC Topology Miner IntervalThe frequency (in seconds) with which the DC Agent examines its local copy of the replication topology.


DirectoryAnalyzer Statistics


DNS Resolver Miner IntervalThe frequency (in seconds) with which the DC Agent gathers information about the DNS resolver.


DNS Structure Miner IntervalThe frequency (in seconds) with which the DC Agent on a DNS server gathers structural information for it’s DNS service.


IP Address Miner IntervalThe frequency (in seconds) with which the DC Agent on a DNS server checks IP names/addresses in it’s DNS service.


Latency Miner IntervalThe frequency (in seconds) with which the DC Agent gathers latency information.


LDAP Response Time Miner IntervalThe frequency (in seconds) with which the DC Agent checks local LDAP response time.


Replica LDAP Miner IntervalThe frequency (in seconds) with which the DC Agent gathers replication information.


Replica Trust Miner IntervalThe frequency (in seconds) with which the DC Agent gathers trust information.


Server Statistics Miner IntervalThe frequency (in seconds) between checks of general server statistics, such as CPU load, Page Fault rate, disk space statistics, etc.


Service Locator Miner IntervalThe frequency (in seconds) with which the DC Agent on a DNS server checks the validity of its service locator records.


Time Sync Miner IntervalThe frequency (in seconds) with which the DC Agent examines its SNTP time source.




Site AlertsThe Sampling Rate Settings tab displays the following statistic for site alerts:

Site Information Miner Interval The frequency (in seconds) with which the Site Agent gathers site information.


Exchange Structure Miner Interval The frequency (in seconds) with which the Site Agent gathers Exchange information.




Glossary

This section provides an alphabetical listing of terms important to Active Directory and DirectoryAnalyzer.

Active DirectoryThe directory service introduced by Microsoft with Windows 2000.

Application Directory PartitionBeginning with Windows Server 2003, Active Directory provides support for Application Directory Partitions. Application directory partitions can contain a hierarchy of any type of objects except security principals. These partitions can be configured to replicate to any set of DCs in the forest, not just the DCs in a domain (like in a domain partition). By enabling you to control the scope of replication and the placement of replicas, application directory partitions enable you to use the directory to store dynamic data without significantly impacting network performance.

BHS (Bridgehead Server)Bridgehead servers are DCs that serve as the connection point for routing directory information between sites. A local BHS serves as the originator of message traffic. The remote BHS serves as the destination for message traffic.

ConnectorAn Exchange connector is a software service that allows users at one Exchange server site to connect to users at other sites.

DC (Domain Controller)A Windows 2000 server that contains a replica of a domain.

DC AgentA DC Agent is a DirectoryAnalyzer service that runs on each domain controller within Active Directory and does the bulk of the monitoring work. The DC Agent detects alert conditions and passes them to the Site Agent.

DirectoryAnalyzer ClientThe user interface for managing all aspects of DirectoryAnalyzer.

Glossary


DIT (Directory Information Tree)The file that actually stores the directory database (called NTDS.DIT).

DNS (Domain Name System)A distributed namespace used on the Internet to resolve computer and service names to TCP/IP addresses and vice versa. Active Directory uses DNS as the location service.

DomainA domain is a subtree of the directory namespace that can be replicated to multiple domain controllers. A domain is the unit of replication within Active Directory.

Domain TreeA hierarchical organization of domains with contiguous names.

DSAcronym for the general term directory service.

Enterprise (a.k.a. Forest)A collection of one or more domain trees organized as peers, that share a common schema, configuration and global catalog.

Enterprise AgentThe Enterprise Agent communicates with the Site Agent(s) to build a model of the directory. The Enterprise Agent services client requests and refers them to the appropriate Site Agent or DC Agent. It also maintains DirectoryAnalyzer configuration and threshold settings.

Exchange Admin GroupThe Exchange Admin Group is a collection of Exchange objects that are grouped together to simplify the management of permissions. This group defines the logical structure of the Exchange organization.

FRS (File Replication Service)The File Replication Service replicates the SYSVOL between domain controllers. The SYSVOL contains login scripts and group policy files that should be replicated along with Active Directory. If the FRS is not running on a domain controller, it will not replicate the most recent copies of the files stored in the SYSVOL.

Global CatalogA DC within Active Directory that contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well.

KDC (Key Distribution Center) ServiceThe Key Distribution Center Service provides Kerberos authentication and Kerberos keys to Windows 2000 processes. It is a key component in the Windows 2000 security system. If the KDC Service is not running, users may not be able to logon and domain controllers will not replicate with each other.

LDAP (Lightweight Directory Access Protocol)The core protocol Active Directory uses to communicate between directories and applications.

Glossary


MOM (Microsoft Operations Manager)The event and performance management element of Microsoft’s Windows Server System. It allows monitoring of numerous computers interconnected by one or more communications networks. Server products, including Active Directory, Microsoft SQL Server, Microsoft Exchange Server and MOM itself can be monitored with MOM.

NamespaceAny logical bounded area in which a given name can be resolved.

Naming ContextA unit of replication. In Windows 2000, Active Directory always has at least three naming contexts:

• The schema, which defines the object class and attributes contained in Active Directory.

• The configuration context, which identifies the domain controllers, replication topology and other related information about the domain controllers within a specific implementation of Active Directory.

• One or more domains that contain the actual directory object data.A domain controller always stores the naming contexts for the schema, configuration and (only) its domain.

Net Logon ServiceThe Net Logon Service handles network requests for authentication. Therefore, when a machine or process tries to authenticate with a domain controller it will communicate with the Net Logon Service. If this service is not running, the domain controller will not process any authentication requests.

Operations MasterDCs that control critical single master updates that cannot easily be resolved using multi-master replication. These operations include:

• schema operations - only one DC, per enterprise, can perform schema operations at a time.

• domain naming assignments - one DC, per enterprise, assures that duplicate domain naming does not occur.

• RID (Relative ID) pool allocations - one DC, per domain, manages handing out new RID pool assignments.

• PDC functions - one DC, per domain, acts as the PDC (Primary Domain Controller) for downlevel domain controllers, member servers and clients.

• Infrastructure management - one DC, per domain, is responsible for updating an object’s DN (Distinguished Name) and SID (Security ID) in cross-domain object references.

PDC (Primary Domain Controller)In NT 3.5x and NT 4, the computer that hosts the master writable copy of the security accounts manager database.

Glossary


ReplicationThe process of duplicating naming context information to multiple domain controllers.

Replication latencyThe elapsed time between changing an object in the naming context and the time the change appears on each domain controller.

RID (Relative Identifier)RIDs are used by domain controllers to identify security principals (users, groups or computers) within a domain.

Routing GroupA routing group defines connectivity and communication channels between a collection of Exchange servers.

Routing Group MasterThe Routing Group Master is the server responsible for coordinating link state updates (link up/down) to/from the other servers in the routing group.

SchemaThe formal definition of all object types that can be stored in the directory. Active Directory keeps its schema in the schema naming context.

Site A location within a network that contains Active Directory servers, as defined by one or more TCP/IP subnets. Sites define the Active Directory replication topology.

Site AgentThe DirectoryAnalyzer Site Agent manages and configures DC Agents in a particular site and builds a partial model of the directory. The Site Agent passes its model, as well as relevant changes, events and alerts to the requesting Enterprise Agent.

TreeA hierarchical structure of domains that form a contiguous namespace.

W32Time (Windows Time) ServiceThe W32Time Service on a DC is responsible for maintaining the accuracy of the DC’s clock with respect to the DC’s time sources. If their clocks are not synchronized, the update conflict resolution algorithm in Active Directory will not work properly.

Glossary


Index

A

About command 18Accessing the knowledge base 36Active Directory 189Adapter Summary Tab 68Adding a forest 149, 162Adding external applications 126Administrative Group Tab 76Alert Configuration Tab

bottom of Current Alerts Tab 96Complete Set of Alerts 98

Alert defaultsDomain Controller alerts 166Naming Context alerts 177Site alerts 182

Alert Details Tab 34DA Web Portal 154

Alert Historycommand 17, 114database maintenance 119exporting data 118generating reports 114printing reports 118tool bar button 19viewing via DAWeb 155

Alert messages 165Domain Controller alerts 166Naming Context alerts 177Site alerts 182

Alert notifications 105Alert Summary Graph 36alert thresholds 95

configuring 96Alerts command 15, 98Alternate credentials 12Alternate Enterprise Agent Not Updating alert 184Application Directory Partition 189Application Directory Partitions monitoring 28

Application Partitionbrowsing the directory 40information 55view 20, 40

Authoritative server 104Avoid List 137

B

Bridgehead Server 189Bridgehead Servers Tab 61Browsing Exchange 73Browsing the directory 39

by application partition 40by domain 40by site 42

C

Cache Hit Rate Below Threshold alert 166ChangeAuditor

ChangeAuditor tab 142command 18Event Information dialog 144, 159integration 141launching 123tool bar button 19viewing events 142viewing events via DA Web Portal 156

ChangeAuditor tab 142Client 6, 11

components 13Collapse All command 15Collapse Object command 15Configuration Menu commands 15Configure Email Notification dialog 106Configure RODC Alerts dialog 104configuring alerts and statistics 95configuring server for RODC alerts 104Configuring the DA Web Portal 148Conflict Encountered During Replication alert 181

Index


Connectcommand 14tool bar button 19

Connection dialog 11Connectivity

command 17, 87tool bar button 19Troubleshooter 87

Consecutive Replication Failures ThresholdExceeded alert 181

Consolidatorconnecting to 12

Consolidator Administration dialog 148Consolidator Configuration dialog 161

adding a forest 162deleting a forest 164editing forest information 164

Consolidator Configuration Utility 160Contents command 18CPU Load Threshold Exceeded alert 166Creat New FRS Troubleshooter Test dialog 92creating an email rule 108Current Alerts command 18Current Alerts Tab 31Current Exchange Alerts Tab 83

D

DA Consolidator Credentials dialog 162DA Web Portal 147

adding a forest 149alert details 154alerts window 153configuring 148deleting a forest 150editing forest information 150main screen 151tree view 152viewing alert history 155viewing ChangeAuditor events 156viewing current alerts 152

Database commands 16Database Connectivity dialog 114Database Maintenance dialog 119DC (domain controller) 189DC Agent 6, 189DC Agent Not Responding alert 166DC Information Tab 65DC Not Responding alert 173DC Policy Miner Interval 185DC Status Miner Interval 185DC Structure Miner Interval 185DC Summary Tab 59DC Time is Different Than Its Time Source alert 166DC Topology Miner Interval 185Delete Alerts command 16, 119

Deleting a forest 150, 164deleting an email rule 108Diagnostic tests 130Diagnostics Menu commands 17DirecotryTroubleshooter Options command 17DirectoryAnalyzer

alert messages 165benefits 4Client 11, 189features 2knowledge base 36statistics 185system overview 6web portal 147

DirectoryTroubleshootercommand 17diagnostic tests 130integration 129launching 123options 138real-time diagnostics 134replication view 135tab 129tool bar button 19

Disconnectcommand 14tool bar button 19

DIT (Directory Information Tree) 190DIT Disk Space Below Threshold alert 167DIT Log File Disk Space Below Threshold alert 167DNS (Domain Naming System) 190DNS Bad IP Address alert 167DNS Information Tab 71DNS Resolver Miner Interval 186DNS Resolver Missing SRV Records alert 167DNS Resolver Not Responding alert 168DNS Server Hosts Domain with Missing SRV Records168DNS servers monitoring 28DNS Service Not Responding alert 168DNS Service Not Running alert 168DNS Structure Miner Interval 186DNS Summary Tab 57DNSAnalyzer

command 18launching 123tool bar button 19

Domain 190view 20, 40

Domain Controller 189Domain Controller alerts 166

Cache Hit Rate Below Threshold 166CPU Load Threshold Exceeded 166DC Agent Not Responding 166DC Not Responding 173DC Time is Different Than Its Time Source 166

Index


DIT Disk Space Below Threshold 167DIT Log File Disk Space Below Threshold 167DNS Bad IP Address 167DNS Resolver Missing SRV Records 167DNS Resolver Not Responding 168DNS Server Hosts Domain with Missing SRV Re-

cords 168DNS Service Not Responding 168DNS Service Not Running 168Duplicate Connection Objects 169File Replication Service Not Running 169FRS Staging Area Disk Space Below Threshold

169GC Load Threshold Exceeded 169Global Catalog Response Too Slow 170Group Policy Object Inconsistent 170Inter-site Replication Partner Not Responding 170Intra-site Replication Partner Not Responding 170KDC Service Not Running 171LDAP Load Threshold Exceeded 171LDAP Response Too Slow 171LSASS CPU Load Threshold Exceeded 171LSASS Virtural Memory Threshold Exceeded 172LSASS Working Set Memory Threshold Exceeded

172Net Logon Service Not Running 172NETLOGON Not Shared 172NTFRS CPU Load Threshold Exceeded 173NTFRS Virtual Memory Threshold Exceeded 173NTFRS Working Set Memory Threshold Exceeded

173Page Fault Threshold Exceeded 174PDC Role Owner in Root Domain Has No External

Time 174Properties Dropped Threshold Exceeded 174Replication Partner Count Too High 174Replication Partner Not Responding 175Replication Topology Closure 175Replication Topology Not Closed

Within Parent Site 175RID Pool Below Threshold 175ROCD Denied Password Replication Policy

Inconsistent 176RODC Allowed Password Replication Policy

Inconsistent 176SMB Connections Threshold Exceeded 176SYSVOL Disk Space Below Threshold 176SYSVOL Not Shared 177Unable to Verify Trust 177W32 Time Service Not Running 177

Domain Controller monitoring 27Domain Naming and Schema Operations Masters Differ177Domain Naming Operations Master Inconsistent alert178Domain Naming Operations Master Not a GC alert 178Domain Naming Operations Master Not Responding178

Domain Summary Tab 49Domain Tree 190Domains and Trusts MMC snap-in 123Doman Role Owners Tab 46DT tab 129

diagnostic tests 130real-time diagnsotics 134replication view 135

Duplicate Connection Objects alert 169

E

Edit Menu commands 14Find 14

editing an email rule 108Editing external applications 127Email notification 105Email Rule Wizard 109Email rules

creating a new rule 108deleting a rule 108editing a rule 108

Email Rules command 17, 105Email Settings command 17, 105Enable ICMP Ping command 16enabling replication latency alerts 103enabling SNMP Alerts 105enalbing Event Log Recording 105Enterprise 190Enterprise Agent 6, 190

connecting to 12Enterprise Explorer 20

expanding/collapsing views 22icons 21right-click functionality 22searching for object 20

Enterprise Search dialog 20Event Information dialog 144, 159Event Log Recording command 16, 105Event Viewer 122Exchange Admin Group 190Exchange connector 189Exchange Host Server Not Responding alert 184Exchange monitoring 29Exchange Server alerts

Exchange Host Server Not Responding 184Exchange Server is running on a DC 184

Exchange Server is running on a DC alert 184Exchange Server Summary Tab 82Exchange Server to GC ratio exceeded alert 182Exchange Structure Miner Interval 187Exchange Tab 75Exchange view 20, 73Exchange WMI Connection dialog 83Exit command 14Expand All command 15

Index


Expand Object command 15Exporting alert history 118External application

adding 126editing 127removing 127

External tools 124External Tools Config command 124External Tools Configuration dialog 124

F

File Menu commands 14File Replication Service 190File Replication Service Not Running alert 169Filter Empty Domains/Sites command 15Find

command 14, 20tool bar button 20

Forest 190information 45statistics 44

Forest Role Owners Tab 47Forest Summary Tab 44Forest view 39FRS (File Replication Service) 190FRS Staging Area Disk Space Below Threshold alert169FRS Troubleshooter test 92

G

GC Load Threshold Exceeded alert 169GC Replication Latency Threshold Exceeded alert 182Generating reports 113Global Catalog 190Global Catalog Response Too Slow alert 170Global Catalogs Tab 65Group Policy Object Inconsistent alert 170

H

Harvest Partial NCs command 16Help Menu 18Hot Fixes Tab 69

I

IconsEnterprise Explorer 21

Information Pages 24, 43Infrastructure Operations Master Hosts GC alert 178Infrastructure Operations Master Inconsistent 179Infrastructure Operations Master Not Responding 179Inter Site Connection Tab 64Inter-site Replication Manager alert 182Inter-site Replication Partner Not Responding aler 170Inter-Site Replication Topology Generation Disable 183Intra-site Replication Partner Not Responding aler 170Intra-Site Replication Topology Generation

Disabled alert 183IP Address Miner Interval 186

K

KDC (Key Distribution Center) Service 190KDC Service Not Running alert 171

L

Latency Miner Interval 186Latency Times Tab 48Launching

ChangeAuditor 123DirectoryTroubleshooter 123DNSAnalyzer 123external applications 121

LDAP (Lightweight Directory Access Protocol) 190LDAP Connection dialog 73LDAP Load Threshold Exceeded alert 171LDAP Response Time Miner Interval 186LDAP Response too Slow alert 171LSASS CPU Load Threshold Exceeded 171LSASS Virtual Memory Threshold Exceeded alert 172LSASS Working Set Memory Threshold Exceeded alert172

M

Maintaining the alert history database 119Manage Email Notification Rules dialog 107Managing your forest

Consolidator Configurtion Utility 160Menu bar 14MMC snap-ins

Domains and Trusts 123Services 122Sites and Services 122Users and Computers 122

MOM (Microsoft Operations Manager) 191Alert History Comments 33alert types 29Management Pack 38MOM Alerts Tab 32

MOM Alerts command 18Monitoring Active Directory 27

N

Namespace 191Naming context 191Naming Context alerts 177

Domain Naming and Schema Operations MastersDiffer 177

Domain Naming Operations Master Inconsistent178

Domain Naming Operations Master Not a GC 178Domain Naming Operations Master Not

Responding 178Infrastructure Operations Master Hosts GC 178Infrastructure Operations Master Inconsistent 179

Index


Infrastructure Operations Master Not Responding179

PDC Operations Master Inconsistent 179PDC Operations Master Not Responding 179Replication Latency Threshold Exceeded 180RID Operations Master Inconsistent 180RID Operations Master Not Responding 180Schema Operations Master Inconsistent 180Schema Operations Master Not Responding 181Schema Version Inconsistent 181

Naming Context Summary Tab 52Naming Contexts monitoring 27Net Logon Service 191Net Logon Service Not Running alert 172NETLOGON Not Shared alert 172NetPro

Technical Support 9NetPro Website command 19No Authority in Site to Resolve

Universal Group Membership 183Non-agented servers 22NTFRS commands

New Test 18, 92View Test Results 18, 92

NTFRS CPU Load Threshold Exceeded alert 173NTFRS Tests dialog 93NTFRS Tests Results dialog 94NTFRS Virtual Memory Threshold Exceeded alert 173NTFRS Working Set Memory Threshold Exceeded alert173

O

Objects Exist in the Lost and Found Container 182Operations Master 191Order page 117

P

Page Fault Threshold Exceeded alert 174PDC (Primary Domain Controller) 191PDC Operations Master Inconsistent alert 179PDC Operations Master Not Responding alert 179PDC Role Owner in Root Domain Has No External Time174Printing alert history 118Product Info command 19Product Support command 19Properties Dropped Threshold Exceeded alert 174

Q

Quest SoftwareContact information 10

R

Real-time diagnostics 134Refresh tool bar button 20

Remote Desktop 122Removing external applications 127Replica alerts

Conflict Encountered During Replication 181Consecutive Replication Failures Threshold

Exceeded 181GC Replication Latency Threshold Exceeded 182Objects Exist in the Lost and Found Container 182

Replica LDAP Miner Interval 186Replica Trust Miner Interval 186Replication 192Replication activity window 138Replication Information Tab 70Replication Latency 192

command 16dialog 103graph 46

Replication Latency Threshold Exceeded alert 180Replication Partner Count Too High alert 174Replication Partner Not Responding alert 175Replication Topology Closure alert 175Replication Topology Not Closed

Within Parent Site alert 175Replication view 135

Avoid List 137Report page 115Reporting problems 9Reports Menu commands 17Reset Factory Defaults command 17RID (Relative Identifier) 192RID Operations Master Inconsistent alert 180RID Operations Master Not Responding alert 180RID Pool Below Threshold alert 175RODC Alert Configuration command 104RODC Alerts

configuring server 104RODC Allowed Password Replication Policy Incosistentalert 176RODC Denied Password Replication Policy Inconsis-tent alert 176Role Owners Details Tab 58Routing Group 192Routing Group Connectors Tab 78Routing Group Master 192Routing Group Tab 77

S

Sampling Ratescommand 16, 102tab 102

Schema 192Schema Operations Master Inconsistent alert 180Schema Operations Master Not Responding alert 181Schema Version Inconsistent alert 181Scope page 116

Index


Server Avoid List 137Server connectivity tests 87Server Statistics Miner Interval 186Service Locator Miner Interval 186Services MMC snap-in 122Show DCs w/o Agents command 14, 22Show Full Screen command 15Show Only Managed command 15Site 192

view 20, 42Site Agent 6, 192Site Agent Not Updating alert 183Site alerts 182

Alternate Enterprise Agent Not Updating 184Exchange Server to GC ratio exceeded 182Inter-site Replication Manager 182Inter-Site Replication Topology Generation

Disabled 183Intra-Site Replication Topology Generation

Disabled 183No Authority in Site to Resolve

Universal Group Membership 183Site Agent Not Updating 183Too Few Global Catalogs in Site 184

Site and Services MMC snap-in 122Site deployment information 61Site Information Miner Interval 187Site Information Tab 62Site Summary Tab 60Sites monitoring 28SMB Connections Threshold Exceeded alert 176SMTP Connectors Tab 80SNMP Alerts command 16, 105Starting DirectoryAnalyzer 11Statistics

DC alerts 185Site alerts 187

statistics sampling rate settings 102System overview 6SYSVOL Disk Space Below Threshold alert 176SYSVOL Not Shared alert 177

T

Technical Support 9Time Sync Miner Interval 186Too Few Global Catalogs in Site alert 184Tool bar buttons 19Tree 192Troubleshooting Active Directory 87Trust list 54

U

Unable to Verify Trust alert 177Usage statistics 66Users and Computers MMC snap-in 122

V

View Menu commands 14Viewing alert details 34Viewing Alert History via DAWeb 155Viewing alerts 29

via DA Web Portal 152

W

W32Time (Windows Time) Service 192W32Time Service Not Running alert 177Web portal 147Windows Menu 18

Index

directory analyzer admin guide

Documents