Lab: Monitoring Active Directory Domain Services • Exercise 1: Monitor AD DS Using Event Viewer. • Exercise 2: Monitor AD DS Using Performance and Reliability Monitor[r]
(1)(2)Module Overview
• Monitoring Active Directory Domain Services Using Event Viewer
• Monitoring Active Directory Domain Servers Using Reliability and Performance Monitor
(3)Lesson 1: Monitoring Active Directory Domain Services Using Event Viewer
• Event Viewer Features
• Demonstration: Overview of the Event Viewer
• Active Directory Domain Services Logs
• What Are Custom Views?
• What Are Subscriptions?
(4)(5)Demonstration: Overview of the Event Viewer
(6)Active Directory Domain Services Logs
The following logs can provide specific information about Active Directory issues:
• Application log connections
• System Log
• DFS Replication log
• Directory Service Log
• DNS Server log
(7)What Are Custom Views? Event 1. Security log Event 2. System log Event 3: DFS log Event Viewer Event Viewer Custom views :
• Allow you to aggregate and filter information from multiple logs into a single view
• Are reusable
(8)What Are Subscriptions?
(9)Demonstration: Configuring Custom Views and Subscriptions
In this demonstration, you will see how to:
• Create a custom view and add the AD DS specific logs to the view
(10)Lesson 2: Monitoring Active Directory Domain
Servers Using Reliability and Performance Monitor • Reliability and Performance Monitor Features
• Demonstration: Overview of the Reliability and Performance Monitor
• Monitoring AD DS Using Performance Monitor
• What Is an Active Directory Baseline?
• Monitoring Service Availability with Reliability Monitor
• Monitoring Active Directory Domain Services Using Data Collector Sets
(11)Reliability and Performance Monitor Features
Reliability and Performance Monitor allows you to:
Perform real-time monitoring
Track performance of applications and services
Collect data Generate alerts
Take action when thresholds are reached
Generate reports
(12)Demonstration: Overview of the Reliability and Performance Monitor
(13)Monitoring AD DS Using Performance Monitor
Useful NTDS Counters for Monitoring Active Directory: NTDS\ DRA Inbound Bytes Total/sec
NTDS\ DRA Outbound Bytes Total/sec
NTDS\ DRA Inbound Object
NTDS\ DRA Pending Replication Synchronizations
NTDS\ Kerberos Authentications/sec
NTDS\ NTLM Authentications
(14)What Is an Active Directory Baseline?
A baseline defines what a server looks like under normal workload conditions
Baseline measurements should include basic server counters and function specific counters
Servers performing different functions will have different baselines measurements
Problems areas can be identified by comparing baseline measurements to current statistics
(15)(16)Monitoring Active Directory Domain Services Using Data Collector Sets
• Organizes multiple data collection points into a single component
• Can be grouped with other data collection sets
• Can be incorporated into logs
• Can be created individually or from templates
Data Collector Sets can contain the following types of data collectors:
• Performance counters
• Event trace data
(17)Demonstration: Monitoring AD DS
(18)Lesson 3: Configuring Active Directory Domain Services Auditing
• What Is Active Directory Domain Services Auditing?
• Demonstration: Configuring an Audit Policy
• Types of Events to Audit
(19)What Is Active Directory Domain Services Auditing?
• Active Directory auditing can show old values and new values of changed attributes in audit entries
• Active Directory audit policy is divided into four subcategories
Directory service access Directory service changes Directory service replication
Detailed Directory service replication
• Only directory service access is enabled for success by default
(20)Demonstration: Configuring an Audit Policy
(21)Event ID Category Event
4662 Directory service access An operation was performed on an Active Directory object 4722 User account management A user account was enabled
4726 User account management A user account was deleted 4738 User account management A user account was changed
5136 Directory service changes An Active Directory object was modified 5137 Directory service changes A new Active Directory object was created
5138 Directory service changes An Active Directory object was undeleted
(22)Demonstration: Configuring AD DS Auditing
(23)Lab: Monitoring Active Directory Domain Services • Exercise 1: Monitor AD DS Using Event Viewer
• Exercise 2: Monitor AD DS Using Performance and Reliability Monitor
• Exercise 3: Configure AD DS Auditing
Logon information
Virtual machine NYC-DC1, NYC-DC2 User name Administrator
(24)Lab Review
• You want to enable the Directory Service Changes
subcategory without enabling a global audit policy How could you this?
• What services must be running on a source computer in order to provide information to a subscription?
(25)Module Review and Takeaways • Review questions
(26)Beta Feedback Tool
• Beta feedback tool helps:
Collect student roster information, module feedback, and
course evaluations
Identify and sort the changes that students request, thereby
facilitating a quick team triage
Save data to a database in SQL Server that you can later
query
(27)Beta Feedback
• Overall flow of module:
Which topics did you think flowed smoothly, from topic to
topic?
Was something taught out of order? • Pacing:
Were you able to keep up? Are there any places where the
pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?
• Learner activities:
Which demos helped you learn the most? Why you think
that is?
Did the lab help you synthesize the content in the module?
Did it help you to understand how you can use this knowledge in your work environment?
Were there any discussion questions or reflection questions