6425a_08 implement ad domain services monitoring plan
TRANSCRIPT
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
1/25
Module 8:Implementing an Active
Directory DomainServices Monitoring
Tools
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
2/25
Module Overview
Monitoring AD DS Using Event Viewer
Monitoring Active Directory Domain Servers UsingReliability and Performance Monitor
Configuring AD DS Auditing
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
3/25
Lesson 1: Monitoring AD DS Using Event Viewer
Event Viewer Features
Demonstration: Overview of the Event Viewer
AD DS Logs
What Are Custom Views?
What Are Subscriptions? Demonstration: Configuring Custom Viewsand Subscriptions
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
4/25
Event Viewer Features
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
5/25
Demonstration: Overview of the Event Viewer
In this demonstration, you will see how to navigate theEvent Viewer
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
6/25
AD DS Logs
The following logs can provide specific information about AD DS
issues:
Application logconnections
System Log
DFS Replication log
Directory Service Log
DNS Server log Group Policy\Operational
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
7/25
What Are Custom Views?
Event 1.
Security log
Event 2.System log
Event 3:DFS logEvent ViewerEvent Viewer
Custom views:
Allow you to aggregateand filter informationfrom multiple logsinto a single view
Are reusable
Can be exported toother computers
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
8/25
What Are Subscriptions?
Subscriptions collectevents from multiplecomputers, and storethem locally
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
9/25
Demonstration: Configuring Custom Viewsand Subscriptions
In this demonstration, you will see how to:
Create a custom view, and then add the AD DS-specificlogs to the view
Create a subscription to collect logs from multipledomain controllers
AD monitor tools: SCOM: System Center OperationManager (Management Pack AD)
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
10/25
Lesson 2: Monitoring Active Directory DomainServers Using Reliability and Performance Monitor
Reliability and Performance Monitor Features
Demonstration: Overview of the Reliability andPerformance Monitor
Monitoring AD DS Using Performance Monitor
What Is an Active Directory Baseline?
Monitoring Service Availability with Reliability Monitor
Monitoring AD DS Using Data Collector Sets
Demonstration: Monitoring AD DS
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
11/25
Reliability and Performance Monitor Features
Reliability and Performance Monitor allows you to:
Perform real-time monitoring
Track performance of applications and services
Collect data
Generate alerts (Threshold alerts)
Take action when thresholds are reached
Generate reports
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
12/25
Demonstration: Overview of the Reliability andPerformance Monitor
In this demonstration, you will see an overview of theReliability and Performance monitor
NTDS: NT directory service
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
13/25
Monitoring AD DS Using Performance Monitor
Useful NTDS Counters for Monitoring Active Directory:
NTDS\ Directory replication Agent/DRA
Inbound Bytes Total/sec
NTDS\ DRA Outbound Bytes Total/sec
NTDS\ DRA Inbound Object
NTDS\ DRA Pending Replication Synchronizations
NTDS\ Kerberos Authentications/sec
NTDS\ NTLM Authentications
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
14/25
What Is an Active Directory Baseline?
A baseline defines what a server looks like under normalworkload conditions
Baseline measurements should include basic server countersand function specific counters
Servers performing different functions will have differentbaselines measurements
Problems areas can be identified by comparing baselinemeasurements to current statistics
M i i S i A il bili i h
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
15/25
Monitoring Service Availability withReliability and Performance Monitor
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
16/25
Monitoring AD DS Using Data Collector Sets
Organizes multiple data collection points into a
single component
Can be grouped with other data collection sets
Can be incorporated into logs
Can be created individually, or from templates
Data Collector Sets can contain the following types ofdata collectors:
Performance counters
Event trace data /event log
System configuration information (registry key values)
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
17/25
Demonstration: Monitoring AD DS
In this demonstration, you will see how to set up AD DSmonitoring
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
18/25
Lesson 3: Configuring AD DS Auditing
What Is AD DS Auditing?
Demonstration: Configuring an Audit Policy
Types of Events to Audit
Demonstration: Configuring AD DS Auditing
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
19/25
What Is AD DS Auditing?
AD DS auditing can show both the old values and newvalues of changed attributes in audit entries
AD DS audit policy is divided into four subcategories
Directory service access
Directory service changes
Directory service replication
Detailed Directory service replication
Only directory service access is enabled for success bydefault
Use the Auditpol.exe command-line tool to view or setaudit policy subcategories
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
20/25
Demonstration: Configuring an Audit Policy
In this demonstration, you will see how to configure anaudit policy
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
21/25
Event ID Category Event
4662 Directory service access An operation was performed on an AD DS
object
4722 User account management A user account was enabled
4726 User account management A user account was deleted
4738 User account management A user account was changed
5136 Directory service changes An AD DS object was modified
5137 Directory service changes A new AD DS object was created
5138 Directory service changes An AD DS object was undeleted
Types of Events to Audit
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
22/25
Demonstration: Configuring AD DS Auditing
In this demonstration, you will see how to configure the sitelink object to manage replication between sites
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
23/25
Lab: Monitoring AD DS
Exercise 1: Monitoring AD DS Using Event Viewer
Exercise 2: Monitoring AD DS Using Performance andReliability Monitor
Exercise 3: Configuring AD DS Auditing
Logon information
Virtual machine NYC-DC1, NYC-DC2
User name AdministratorPassword Pa$$w0rd
Estimated time: 60 minutes
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
24/25
Lab Review
You want to enable the Directory Service Changessubcategory without enabling a global audit policy. How
could you do this?
What services must be running on a source computer inorder to provide information to a subscription?
You have enabled a global audit policy to collect directory
service access events, but no events are showing up in thesecurity log. What might the problem be?
-
8/14/2019 6425A_08 Implement AD Domain Services Monitoring Plan
25/25
Module Review and Takeaways
Review questions
Considerations