Directory Analyzer Admin Guide

DirectoryAnalyzer
4.9
Administrators Guide
2008 Quest Software, Inc. ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc. If you have any questions regarding your potential use of this material, please contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com email: [email protected] Refer to our Web site for regional and international office information.
TRADEMARKS
Quest, Quest Software, the Quest Software logo, Aelita, Akonix, Akonix, AppAssure, Benchmark Factory, Big Brother, ChangeAuditor, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, GPOAdmin, I/Watch, Imceda, InLook, IntelliProfile, InTrust, Invertus, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, MessageStats, NBSpool, NetBase, Npulse, NetPro, PassGo, PerformaSure, Quest Central, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, vAnalyzer, vAutomator, vControl, vConverter, vEssentials, vFoglight, vMigrator, vOptimizer Pro, vPackager, vRanger, vRanger Pro, vReplicator, vSpotlight, vToad, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vEssentials, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.
Disclaimer
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.
DirectoryAnalyzer Administrators Guide Updated - October 2008 Software Version - 4.9
DirectoryAnalyzer
Table of Contents
Chapter 1: Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1
DirectoryAnalyzer Features - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 2 DirectoryAnalyzer Benefits - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 4 System Overview - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 6 Whats in this Manual - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 7 Reporting Problems - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 9 Contacting Quest Software - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 10
Chapter 2: DirectoryAnalyzer Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -11

Starting the Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 11 Client Components - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 13
Chapter 3: Monitoring Active Directory - - - - - - - - - - - - - - - - - - - - - - - - - - - -27

Viewing Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 29 Viewing Alert Details - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 34 Viewing Alert Summary Graphs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 36
Chapter 4: Browsing the Directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -39

Forest View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 39 Application Partition View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 40 Domain View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 40 Site View - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 42 Information Pages - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 43 Forest Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 44 Domain Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 49 Naming Context Summary Tab- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 52 Site Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 60 Site Information Tab- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 62 DC Information Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 65 Replication Information Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 70
Chapter 5: Browsing Exchange on Active Directory - - - - - - - - - - - - - - - - - -73

Exchange Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Administrative Group Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Routing Group Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Routing Group Connectors Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SMTP Connectors Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Exchange Server Summary Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Current Exchange Alerts Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 75 76 77 78 80 82 83
Table of Contents
DirectoryAnalyzer
Chapter 6: Troubleshooting Active Directory - - - - - - - - - - - - - - - - - - - - - - - 87

Connectivity Troubleshooter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 87 FRS Troubleshooter Test - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 92
Chapter 7: Configuring Alerts, Statistics and Alert Notifications - - - - - - - - 95

Alert Thresholds - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 95 Configuring Alert Thresholds- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 96 Modifying Alert Threshold Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 100 Statistics Sampling Rate Settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 102 Enabling Replication Latency Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 103 Configuring Authoritative Source for RODC Alerts- - - - - - - - - - - - - - - - - - - - - - - - - - - - 104 Configuring Alert Notifications- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105 Enabling SNMP Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105 Enabling Event Log Recording- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105 Configuring Email Notification - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 105
Chapter 8: Alert History and Reporting - - - - - - - - - - - - - - - - - - - - - - - - - - 113

Generating an Alert History Report - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 114 Printing or Exporting Alert History - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 118 Maintaining the Alert History Database - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 119
Chapter 9: Launching External Applications - - - - - - - - - - - - - - - - - - - - - - 121

Event Viewer - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Remote Desktop - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Services- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Sites and Services - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Users and Computers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Domains and Trusts- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - DirectoryTroubleshooter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - DNSAnalyzer - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ChangeAuditor- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - External Tools - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adding an External Application - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Editing an External Application - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Removing an External Application - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 122 122 122 122 122 123 123 123 123 124 126 127 127
Chapter 10: DirectoryTroubleshooter Integration - - - - - - - - - - - - - - - - - - - 129

DT Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 129 DirectoryTroubleshooter Options- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 138
Chapter 11: ChangeAuditor Integration - - - - - - - - - - - - - - - - - - - - - - - - - - 141

ChangeAuditor Tab - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 142 ChangeAuditor Search Results Window- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 143
Chapter 12: DirectoryAnalyzer Web Portal
- - - - - - - - - - - - - - - - - - - - - - - 147
148 151 152 155 156 160 160
Configuring the DA Web Portal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - DA Web Portal Main Screen - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Viewing Current Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Viewing Alert History - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Viewing ChangeAuditor Events and Details - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Sorting Your Results - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Managing Your Forest Using the Consolidator Configuration Utility - - - - - - - - - - - - - -
Table of Contents
DirectoryAnalyzer
Appendix A: DirectoryAnalyzer Alert Messages - - - - - - - - - - - - - - - - - - - -165

Domain Controller Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Naming Context Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Site Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Enterprise Agent Alert - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Exchange Server Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 166 177 182 184 184
Appendix B: DirectoryAnalyzer Statistics - - - - - - - - - - - - - - - - - - - - - - - - -185

DC Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 185 Site Alerts - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 187
Glossary - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -189 Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -193
Table of Contents
DirectoryAnalyzer
Chapter 1: Introduction
Since their inception, Windows 2000 and Active Directory have had a tremendous impact on enterprise networks worldwide. With the introduction of Windows Server 2003, the importance placed on Active Directory has increased. Ensuring a healthy and trouble-free directory is extremely vital. The directory is the heart of Windows 2000, Windows Server 2003 and Windows Server 2008 networks and directory problems can result in service disruptions and business-crippling downtime without warning. For this reason, it is important to assure optimal directory performance. DirectoryAnalyzer proactively monitors and troubleshoots Active Directory so that you can deploy Windows 2000, Windows Server 2003 and Windows Server 2008 with confidence. DirectoryAnalyzer plays an implemental role in the initial stage of deployment as well as during your ongoing management of Active Directory. DirectoryAnalyzer monitors domain controllers (DCs), naming contexts (NCs), sites, application directory partitions, DNS (Domain Name System) servers and Exchange servers for key conditions that are necessary to the health of Active Directory. It continuously analyzes Active Directory and alerts on error conditions that occur to give you better advantage in maintaining a stable environment.
Introduction
DirectoryAnalyzer
DirectoryAnalyzer Features
Proactive Monitoring DirectoryAnalyzer is a constant watchdog for Active Directory on your network. It continuously monitors all critical components of Active Directory to make sure that the directory is functioning properly. These components include domain controllers, naming contexts, replication, sites, Exchange, and DNS functions as they relate to Active Directory. Alerting and Notification Continuous monitoring of the important aspects of Active Directory is just one piece of DirectoryAnalyzer. Alerting and notification is another fundamental piece because when problems occur somewhere in Active Directory, you need to be notified. DirectoryAnalyzer provides two levels of alert thresholds: Critical - notifies you of a serious condition that should be investigated immediately. Warning - notifies you of a less severe condition that could potentially cause a directory problem if action is not taken to correct a situation.
Once a warning or critical alert has occurred, DirectoryAnalyzer can notify you in the following ways: Visual - On-screen alerts when a monitored attribute has breached either a warning or critical threshold. SNMP - Notification of problems via SNMP traps. Event Log - Notification of problems via entries in the Application Event Log of the server hosting the Enterprise Agent. SMTP (Email) - Notification of problems via email based on user-defined email rules.
Intuitive Client Interface The DirectoryAnalyzer client interface is designed to provide intuitive AD health management with summary views, drillable graphs, multi-forest alert console, and smartlink integration with DirectoryTroubleshooter, DNSAnalyzer and ChangeAuditor solutions. Troubleshooting In addition to continuous monitoring, DirectoryAnalyzer provides interactive tools designed to help you determine what problems exist in the directory. You can use these tools to pinpoint directory problems. The Connectivity Troubleshooter allows you to perform the following tests: Domain Connectivity Tests - A sequence of tests to investigate the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected domain(s). Site Connectivity Tests - A sequence of tests to analyze the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected site(s). Application Partition Connectivity Tests - A sequence of tests to analyze the connectivity between selected DCs in an Application Partition.
Introduction
DirectoryAnalyzer
Directory Browsing Microsoft offers several tools for managing Active Directory. But there is no single tool that provides a consolidated view of the entire directory and includes detailed information about each critical component, from NCs to sites to DCs to DNS servers. DirectoryAnalyzer provides that comprehensive view of the enterprises Active Directory. Browse Exchange on Active Directory DirectoryAnalyzers dedicated Exchange View displays critical Active Directory components and information about how they relate to Exchange. This view provides insight on how Active Directory may be impacting your Exchange organization. This view is particularly helpful in understanding Active Directorys impact on your Exchange service levels and can help you eliminate user-impacted downtime that may result in poor client experience and slow and incomplete messaging for your users. In addition to this Exchange View, DirectoryAnalyzer includes several alerts to notify you of potential Exchange related problems Knowledge Base Once DirectoryAnalyzer has uncovered a problem in Active Directory, you may need help solving it. When an alert occurs, you can access the DirectoryAnalyzer knowledge base for answers. The knowledge base explains what the problem means, states the likely cause(s) of the problem and recommends steps to take to repair the problem. Alert History and Reporting With DirectoryAnalyzer you can display and print alert history. In addition to displaying and printing the alert history log, DirectoryAnalyzer allows you to export these reports into PDF, DOC, RTF and XLS files. Enhanced Security DirectoryAnalyzer provides access control facilities that define who can monitor what. That is, by assigning and/or denying read access to different objects and/or DirectoryAnalyzer facilities, administrators can control who can view the Active Directory objects being monitored by DirectoryAnalyzer. By granting or denying write access, administrators can control who can configure DirectoryAnalyzer. See the DirectoryAnalyzer Security Administrators Guide for more information on DirectoryAnalyzers access control facility. Integration with MOM (Microsoft Operations Manager) DirectoryAnalyzers MOM integration features include MOM alert display within the DirectoryAnalyzer interface, and alert synchronization, which ensures timely information flow between the MOM server database and DirectoryAnalyzer Enterprise Agent Alert System. Launch External Applications External applications (such as the Microsoft Active Directory Management utilities), DirectoryTroubleshooter, ChangeAuditor and DNSAnalyzer, as well as user-defined applications, can be launched from the DirectoryAnalyzer client.
Introduction
DirectoryAnalyzer
Integration with ChangeAuditor The ChangeAuditor smartlink technology provides intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer, the MOM active directory management pack (ADMP), and the infrastructure change events captured with our realtime change auditing solution, and provides correlation of health and change events within the .Net client. Integration with DirectoryTroubleshooter The DirectoryTroubleshooter smartlink technology includes intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer and the MOM active directory management pack (ADMP) with the troubleshooting capabilities provided by DirectoryTroubleshooter. By selecting an alert or domain controller in DirectoryAnalyzer, the product will: Recommend specific diagnostics tests and jobs that can help isolate and repair issues. Provide a real-time diagnostics view that can highlight issues and bottlenecks. Graphically display the replication topology and allows operators to force replication and view replication activity/status.
DirectoryAnalyzer Benefits
DirectoryAnalyzer proactively identifies issues in real-time and troubleshoots Active Directory so that administrators can deploy and manage Windows 2000/2003/2008 with confidence. This section discusses some of the many benefits that DirectoryAnalyzer provides to Active Directory administrators. Ensures the Health of the Directory From replication latency and replication topology problems to high LDAP loads and DNS inconsistencies, DirectoryAnalyzer immediately alerts administrators to the problems they need to know about. Take DNS, for instance. As the name location service for Active Directory, DNS uses unique service location resource (SRV) records to articulate Active Directory service information. If SRV records are inaccurate or missing, DNS will point clients to the wrong location for a given resource. And thats only one example. Replication also poses potential problems. If the directory isnt replicating properly, new or updated group policies wont replicate to the domain controllers and users wont have access to new network resources and applications. DirectoryAnalyzers proactive diagnostics capabilities ensure the health of the directory and provide vital peace of mind to Active Directory administrators.
Introduction
DirectoryAnalyzer
Delivers Early Warning of Directory Infrastructure Problems DirectoryAnalyzer diagnoses all conditions critical to Active Directory. It notifies of alert conditions at the first sign of trouble by generating events in the Application Event Log of the Enterprise Agent, sending SNMP traps to configured receivers, and creating alert messages in the DirectoryAnalyzer Client. With DirectoryAnalyzer, administrators can set alert thresholds to meet the needs of their own environments. And DirectoryAnalyzer enables administrators to define two levels of alerts for each condition warning and critical. DirectoryAnalyzer provides early warning that an error condition has occurred and may be escalating. It also tells the administrator the exact location of the problem for fast, efficient resolution. Centralizes Access to Directory Information DirectoryAnalyzer displays a comprehensive, enterprise-level view of the Active Directory infrastructure, identifying relationships and disclosing detailed information about each component. When an administrator chooses a naming context, for example, they will see details concerning Operations Master Roles, including the status of each and their consistency across all agented servers in the enterprise. Or, when they select a site, everything from current alerts to inter-site connection and replication status is displayed. DirectoryAnalyzer provides a view of Active Directory that is unavailable from any other solution, allowing administrators to browse the entire directory from a single location. DirectoryAnalyzers right-click functionality allows you to launch preconfigured Microsoft MMC snap-ins, additional Quest products, and user-defined applications from within the DirectoryAnalyzer client. Trends and Reports on Active Directory Health Over Time DirectoryAnalyzer provides an alert history database that allows an administrator to report and trend Active Directory health. Understanding where the key problem areas in the directory are from a historical standpoint is key to your future directory planning. DirectoryAnalyzers alert history reporting capabilities allow you to run reports on current alerts and/or past alerts, selectable by domain, domain controller, site, etc. These reports can be printed or exported to a file. Pinpoints and Diagnoses Directory Problems DirectoryAnalyzer helps to research specific issues with timesaving troubleshooting tests that quickly perform in-depth diagnostic tests. Administrators can test connectivity to domains, application partitions and sites, and quickly measure everything from IP ping-time results and server status details to LDAP query time on all of the domain controllers. To conduct similar tests manually, troubleshooting from many locations across the network would be required. DirectoryAnalyzer troubleshoots problems in minutes that would take hours to troubleshoot manually.
Introduction
DirectoryAnalyzer
Provides a Consolidated Multi-Forest View The DirectoryAnalyzer Web Portal (DAWeb) allows administrators to view all Active Directory forest health alerts from a single Web console. This provides the power to quickly view issues that impact the Active Directory environment even in situations where crossforest trusts do not exist. This must-have tool for multi-forest environments, enables the administrator to know what is happening across the directory before it can have a negative impact. This multi-forest view is now also available through the Consolidator View in the DirectoryAnalyzer Client. Provides ChangeAuditor Integration DirectoryAnalyzer provides intelligent integration and correlation between the Active Directory alerts from DirectoryAnalyzer and the infrastructure change events captured with ChangeAuditor. Together, DirectoryAnalyzer and ChangeAuditor, provide administrators a comprehensive tool for identifying and resolving the root cause of AD issues. This translates into cost savings by reducing mean time to repair and improving directory uptime. Provides Error Resolution with Context-Sensitive Knowledge Base DirectoryAnalyzer proactively notifies administrators of directory trouble and it goes a step further. DirectoryAnalyzers comprehensive knowledge base provides contextsensitive solutions to Active Directory problems. To obtain answers to tough directory questions, administrators simply drill down on a given alert to access expert advice from the knowledge base. The product provides practical advice for both Active Directory experts and novices.
System Overview
DirectoryAnalyzer is made up of four primary components: Enterprise Agent - a service that resides on a Windows 2000/2003/2008 member server in the enterprise. It is responsible for monitoring forest-wide conditions and collecting alert conditions and information from the Site Agent(s) in order to generate notifications to administrators and display status to the client. Site Agent - a service that resides on a single domain controller within a site. In addition to performing all the actions of a standard DC Agent, it is responsible for monitoring sitelevel conditions and collecting alert conditions and information from all DC Agents in the same site to pass on to the Enterprise Agent. The Site Agent also includes the functionality of the DC Agent. DC Agent - a service that resides on each domain controller in the enterprise, except the one hosting the Site Agent at each site. The DC Agent is charged with monitoring that domain controller for alert conditions and passing them on to the Site Agent. Client - the user interface that manages all aspects of DirectoryAnalyzer.
Introduction
DirectoryAnalyzer
The following diagram shows how these components fit together to accomplish the task of monitoring Active Directory.
The above diagram represents the general flow of alert communications through DirectoryAnalyzer. The path that is followed when generating an alert is the same path that is used to clear an alert when the given threshold is no longer being violated. Although this is a simple example, the flow of communication works the same way in complex environments with many sites and levels of administration.
Whats in this Manual

This manual assumes you have a working knowledge of Active Directory. It consists of the following chapters: Introduction This chapter provides a review of the many features and benefits of DirectoryAnalyzer, an overview of DirectoryAnalyzer, a description of the contents of this manual, and information on obtaining additional assistance. The DirectoryAnalyzer Client Chapter 2 describes the layout of the client and the commands used to operate DirectoryAnalyzer. Monitoring Active Directory Chapter 3 provides information about how DirectoryAnalyzer monitors the different Active Directory components. It discusses how to view alerts, access the knowledge base and override alert thresholds. Browsing the Directory Chapter 4 describes the browsing capabilities of DirectoryAnalyzer and defines the information presented on each of the information tabs.
Introduction
DirectoryAnalyzer
Browsing Exchange in Active Directory Chapter 5 covers how to browse Exchange using DirectoryAnalyzer and provides details about each Exchange view information tab. Configuring Alerts, Statistics and Alert Notifications Chapter 6 discusses how to customize the alert thresholds and statistics for your Active Directory environment. It also explains how to enable and configure different alert notification methods, including SNMP, Event Log Recording and SMTP (email). Troubleshooting Active Directory Chapter 7 describes the Connectivity and FRS troubleshooter tests included in DirectoryAnalyzer and the test results provided to pinpoint problems that may exist in the directory. Alert History and Reporting Chapter 8 describes how to generate alert history reports and how to delete alerts from the alert history database. Launching External Applications Chapter 9 explains how to launch external Microsoft applications as well as user-defined applications from the DirectoryAnalyzer client. DirectoryTroubleshooter Integration Chapter 10 describes how DirectoryTroubleshooter solution integrates with DirectoryAnalyzer and provides a detailed description of the DT tabs. ChangeAuditor Integration Chapter 11 provides information about the ChangeAuditor integration and a detailed description of the ChangeAuditor tab. DirectoryAnalyzer Web Portal Chapter 12 describes the add-on which allows an administrator to view current alerts and alert history via an interactive web page. This chapter also explains how to manage your forest using the Consolidator Configuration utility. Appendix A: DirectoryAnalyzer Alert Messages Appendix A lists the DirectoryAnalyzer alerts and provides a brief description of each alert message and their default threshold settings. Appendix B: DirectoryAnalyzer Statistics Appendix B lists the DirectoryAnalyzer statistics and provides a description of each statistic and their default sampling interval. Glossary The glossary contains an alphabetical listing of terms used in DirectoryAnalyzer and Active Directory. Index The index provides an alphabetical subject listing for the contents of this manual.
Introduction
DirectoryAnalyzer
Reporting Problems
NetPro (now part of Quest Software) offers a variety of ways to get additional help. My.netpro.com My.netpro.com was designed to provide you with the best possible service and deliver it conveniently and quickly -- when you need it. Heres what you can do on my.netpro.com: submit and update support incidents view your product purchases view your maintenance purchases subscribe and/or unsubscribe from news list(s) request product information and literature request product evaluation software search our technical support knowledge base sign up to participate in the Beta Program
My.netpro.com is a completely secure site and you will need login credentials to access the area each time you visit. On your first visit, you will create the credentials to be used every time you return to the site. Telephone Support NetPro offers industry-leading technical support every business day throughout North America and Europe. Qualified support technicians can be reached at the numbers listed below: Email Problem reporting is also available at the following email address: Address NetPro Computing, Inc. (now part of Quest Software) 4747 N. 22nd Street Suite 400 Phoenix, AZ 85016-4774 USA [email protected] U.S.: 1 602 346 3670 or Toll Free 1 866 9 NETPRO Germany: 0800 180 2577 UK: 0 0800 047 0197 France: 0800 917881 Australia: 1 800 773 850 FAX: 1 602 346 3610
Introduction
10
DirectoryAnalyzer
Contacting Quest Software

Email [email protected] Mail Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA Web http://www.quest.com Refer to our web site for regional and international office information.
Introduction
DirectoryAnalyzer
11
Chapter 2: DirectoryAnalyzer Client

The DirectoryAnalyzer client provides the primary interface to all aspects of DirectoryAnalyzer. The client can run on Windows 2000 Professional, Windows Server 2000/2003/2008, Windows XP or Windows Vista workstations. The DirectoryAnalyzer client enables you to perform the following functions: monitor Active Directory and view current alert status access MOM alert details and update alert status and history browse the directory structure view detailed information about domain controllers (DCs), domains, naming contexts (NCs), application partitions, sites, and Exchange servers configure alert thresholds, sampling rate intervals and alert notifications troubleshoot server connectivity report alert history launch external applications, including DirectoryTroubleshooter, ChangeAuditor and DNSAnalyzer
Starting the Client

To start DirectoryAnalyzer, from the Start menu select Programs | NetPro | DirectoryAnalyzer | DirectoryAnalyzer Client. This will display the Connection dialog which allows you to select the Enterprise Agent or Consolidator to which you want to connect and enter the associated user credentials to be used.
DirectoryAnalyzer Client
12
DirectoryAnalyzer
Connecting to an Enterprise Agent

To connect to an Enterprise Agent, select the Enterprise Agent option at the top of the dialog and enter the server and user credentials as described below: Enterprise Agent Servers Use the drop-down menu or enter the name of the server where the Enterprise Agent is installed to which you wish to connect. Use Windows credentials as DA credentials By default, this option is selected (checked) and the current Windows credentials will be used to connect to the specified Enterprise Agent. To specify different user credentials, select the check box to remove the check mark. This will expand the dialog allowing you to enter alternate credentials.
Domain Use the drop-down menu to select a previously used Enterprise Agent server or enter the name of the Enterprise Agent server to be used. User ID Enter the user name to be used. Password Enter the password associated with the user name specified. Once the appropriate credentials have been entered, use the Connect button to connect to the specified DirectoryAnalyzer Enterprise Agent. Connecting to a Consolidator To connect to a consolidator, select the Consolidator option at the top of the dialog and enter the server to be used.
DirectoryAnalyzer
13
Consolidator Servers Use the drop-down menu or enter the name of the server where the DAWeb portal consolidator is installed. NOTE: See Chapter 12: DirectoryAnalyzer Web Portal for more information on configuring the consolidator server and viewing multiple forests.
Client Components
The DirectoryAnalyzer client display contains the following components: Menu Bar - displays the menus for accessing DirectoryAnalyzer commands. Tool Bar - provides quick access to commonly used commands. Enterprise Explorer - contains a hierarchical view of your network topology which can be used to navigate through the DirectoryAnalyzer client. Information Pages - displays specific information about the object selected in the Enterprise Explorer.
************************************************************* The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrators Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights. *************************************************************
14
DirectoryAnalyzer
Menu Bar
The DirectoryAnalyzer menus follow the same conventions as standard Windows menus. That is, commands are grouped under a menu on the menu bar. Some of these commands perform an action immediately; others display an additional dialog box where you select various options or specify additional information. The following sections describe the commands under each of the DirectoryAnalyzer menus.
File Menu
Use the File Menu commands to connect to or disconnect from an Enterprise Agent or Consolidator or to exit DirectoryAnalyzer. Connect Use the Connect command to connect to a different Enterprise Agent or Consolidator. This command will display the Connection dialog allowing you to specify the Enterprise Agent and associated user credentials (or Consolidator). Disconnect Use the Disconnect command to disconnect from the current Enterprise Agent or Consolidator. Exit Use the Exit command to close the DirectoryAnalyzer Client.
Edit Menu
Use the Edit Menu command to locate an object in the Enterprise Explorer. Find Use the Find command to locate an object in the network topology displayed in the Enterprise Explorer. This command will display the Enterprise Search dialog allowing you to enter the search criteria to be used to locate an object. When the object is located, the topology view will expand and the object will be selected/highlighted and the associated information pages will be displayed.
View Menu
Use the View Menu commands to control what is to be displayed when browsing the directory. Show DCs w/o Agents The Show DCs w/o Agents command is a toggle switch indicating whether to display servers that are not running a DirectoryAnalyzer Agent in the Enterprise Explorer. A check mark in front of the command means these servers will be displayed. Non-agented servers will be displayed with a grayed-out server icon. NOTE: This command is not available in the Consolidator view.
DirectoryAnalyzer
15
Filter Empty Domains/Sites The Filter Empty Domains and Filter Empty Sites commands are toggle switches that allow you to display or hide domains and sites that do not contain any servers in the Enterprise Explorer. A check mark in front of the command means these domains or sites will NOT be displayed. Show Only Managed (default) The Show Only Managed command is a toggle switch indicating whether to display only the sites and servers managed by the currently connected Enterprise Agent or to display the entire topology including sites/servers which wont be alerted on through the connected Enterprise Agent. A check mark to the left of this command indicates that only sites and servers managed by the currently connected Enterprise Agent will display in the Enterprise Explorer (default); no check mark indicates that ALL sites and servers in the topology will be displayed, though alerting will still only display for managed sites/servers. The default is set to Show UnManaged. NOTE: Managed refers to the existence of a site in an Enterprise Agents DA.ini file. Expand All Use the Expand All command to expand the tree view to display all of the objects. Collapse All Use the Collapse All command to collapse all of the items in the tree view to the top most level. Expand Object Use the Expand Object command to display subordinates of the selected object. Collapse Object Use the Collapse Object command to collapse all of the items directly under the selected object. Show Full Screen (F11) Use the Show Full Screen command or F11 to hide the Enterprise Explorer pane and fill the entire screen with the current information page. Use this command or F11 to redisplay the Explorer pane to the left of the information page.
Configuration Menu
Use the Configuration Menu commands to view and configure the settings (alert thresholds and sampling rate settings), enable and configuration alert notifications, perform database maintenance, enable replication latency, modify DirectoryTroubleshooter options, etc. NOTE: The Configuration menu is NOT available in the Consolidator view. Alerts Use the Alerts command to display the Alert Configuration tab (at the top of the page) to view/modify the complete set of DirectoryAnalyzer alert threshold settings for the object type selected in the Enterprise Explorer. A check mark in front of this command indicates that the Alert Configuration tab will be displayed.
16
DirectoryAnalyzer
When the Domain View is selected in the Enterprise Explorer, the following commands are available to further define the Alert Configuration tab to be displayed: Alerts | All NCs Alerts | Schema Alerts | Configuration
Sampling Rates Use the Sampling Rates command to display the Sampling Rates tab, which displays the sampling rates used for gathering Active Directory statistics used to assess alert conditions. A check mark in front of this command indicates that the Sampling Rates tab will be displayed. RODC Alerts Use the RODC Alerts command to display the Configure RODC Alerts dialog to select the authoritative source to base consistency against the selected domain. NOTE: If an authoritative source is not configured for a domain, DirectoryAnalyzer will select a default authoritative source for the domains in your Windows 2008 environment. SNMP Alerts The SNMP Alerts command is a toggle switch indicating whether DirectoryAnalyzer is to report alerts via SNMP. A check mark in front of the command will cause DirectoryAnalyzer alerts to be available through SNMP. Event Log Recording The Event Log Recording command is a toggle switch that specifies whether to include DirectoryAnalyzer alerts in the Application Event Log of the Enterprise Agent member server. A check mark in front of the command will cause the alerts to be recorded. Database | Delete Alerts Use the Database | Delete Alerts command to delete alerts from the database. This command will display the Database Maintenance dialog, allowing you to delete all alerts from the database prior to a specified date. Harvest Partial NCs Use the Harvest Partial NCs command to enable/disable the harvesting of partial NCs (a.k.a. partial replicas, read-only replicas) on global catalogs. A check mark in front of this command indicates that this feature is enabled. Replication Latency Use the Replication Latency command to enable replication latency. This command will display the Replication Latency dialog allowing you to enable and configure the analysis of replication latency. Enable ICMP Ping Use the Enable ICMP Ping command to enable/disable the use of ICMP pings. A check mark in front of this command indicates that this feature is enabled. The ability to disable the ICMP ping is provided to prevent environments that block the ICMP port from receiving false alerts.
DirectoryAnalyzer
17
Email Settings Use the Email Settings command to configure email notifications. This command will display the Configure Email Notification dialog, which allows you to define the SMTP server configuration and credentials to be used for email notifications. Email Rules Use the Email Rules command to define under what conditions an email notification is to be sent. This command will display the Manage Email Notification Rules dialog, which allows you to define new email rules, edit existing rules and delete rules. DirectoryTroubleshooter Options Use the DirectoryTroubleshooter Options command to display the Options dialog from DirectoryTroubleshooter, which allows you to customize many of the aspects of how DirectoryTroubleshooter works. Reset Factory Defaults Use the Reset Factory Defaults command to reset the default alert thresholds and sampling rate settings back to the products original defaults. NOTE: The Reset Factory Defaults command affects all objects except those that have been explicitly configured to override the default setting.
Reports Menu
Use the Reports Menu command to generate an alert history report. Alert History Use the Alert History command to generate an alert history report. This command will display the Alert Reports dialog allowing you to specify what is to be included in the alert history report.
Diagnostics Menu
Use the Diagnostics Menu commands to run server connectivity tests, launch other solutions to troubleshoot Active Directory and DNS issues, or run an FRS troubleshooter test. NOTE: The Diagnostics menu is NOT available in the Consolidator view. Connectivity Use the Connectivity command to launch the Connectivity Troubleshooter which allows you to perform the following connectivity tests: the connectivity between selected domain controllers hosting a replica of an application partition the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in a selected domain the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in the selected site
DirectoryTroubleshooter Use the DirectoryTroubleshooter command to launch DirectoryTroubleshooter product, if installed.
18
DirectoryAnalyzer
DNSAnalyzer Use the DNSAnalyzer command to launch DNSAnalyzer QuickAnalyzer, if version 4.0 is installed or the DNSAnalyzer Admin Console, if an earlier version of DNSAnalyzer is installed. ChangeAuditor Use the ChangeAuditor command to launch the ChangeAuditor solution, if installed. NTFRS | New Test Use the NTFRS | New Test command to define a new FRS Troubleshooter Test. This command will display the Create New FRS Troubleshooter Test dialog, which allows you to name the test and specify the originating server. After specifying a name and server, select the Start button to execute the test. NTFRS | View Test Results Use the NTFRS | View Test Results command to view the results of previously executed FRS Troubleshooter tests. This command will display the NTFRS Tests dialog which lists the FRS Troubleshooter tests available for viewing. From this dialog, select/highlight a test and select the View Results button to view the results for the selected test.
Windows Menu
Use the Windows Menu commands to enable current and MOM alerts and view details. NOTE: If Windows Menu command alerts are disabled, alerts will still generate, though the alert tabs will be hidden. Current Alerts(default) Use the Current Alerts command to enable (check) and display the Current Alerts tab to view alert details on its information page. MOM Alerts Use the MOM Alerts command to enable (check) and display the MOM Alerts tab to view alert details on its information page. This command is only available if MOM has been registered.
Help Menu
Use the Help Menu commands to launch the online help contents, display general information about DirectoryAnalyzer or access the Quest Software website. About Use the About command to display general information about DirectoryAnalyzer, including the version number, current license information, copyright information, contact information and DirectoryTroubleshooter version information. Contents Use the Contents command to display the DirectoryAnalyzer Overview and the table of contents for the DirectoryAnalyzer help system.
DirectoryAnalyzer
19
Product Info Use the Product Info command to display the DirectoryAnalyzer product page on Quests website. Product Support Use the Product Support command to display the technical support page on NetPros website. NetPro Website Use the NetPro Website command to display the home page of NetPros website.
Tool Bar
The tool bar buttons provide quick access to commonly used commands.
Use the Connect button to connect to a different Enterprise Agent or Consolidator. This command will display the Connection dialog allowing you to specify the Enterprise Agent and associated user credentials to be used (or Consolidator server).
Use the Disconnect button to disconnect from the current Enterprise Agent or Consolidator.
Use the Alert History button to generate an Alert History Report. This button will display the Alert Reports dialog, which allows you to define what is to be included in the Alert History report.
Use the Connectivity button to launch the Connectivity Troubleshooter, which allows you to perform server connectivity tests.
Use the DirectoryTroubleshooter button to launch the DirectoryTroubleshooter solution. This button is only available when DirectoryTroubleshooter is installed on the local machine.
Use the DNSAnalyzer button to launch the DNSAnalyzer product. This button is only available when DNSAnalyzer is installed on the local machine.
Use the ChangeAuditor button to launch the ChangeAuditor solution. Note: ChangeAuditor must be installed and the ChangeAuditor Client must be installed on the local machine.
20
DirectoryAnalyzer
Use the Refresh button to retrieve and display the latest domain controller or replication information. This button is only activated when the DC Information and Replication Information pages are active.
Use the Find button to locate an object in the Enterprise Explorer.
Enterprise Explorer
The left-hand pane of the DirectoryAnalyzer screen contains an enterprise view which provides a quick way to obtain the necessary information relating to a problem location (naming context, domain, site, application partition, or domain controller). When you know where a problem is located, this hierarchical list allows you to easily navigate through your enterprise to the desired location. To assist you in navigating, DirectoryAnalyzer provides the following views of your enterprise: The Application Partition View displays the application partitions in your enterprise in alphabetical order, without regard to hierarchy. This allows you to investigate application partition issues without navigating down the tree. The Domain View provides a quick way to get information regarding a domain/naming context and its domain controllers. The top level of this hierarchical list corresponds to the roots of the domain/naming context trees in the enterprise. You can then expand or collapse the trees to reveal the domain/naming context hierarchy. The Site View provides a quick way to get to the information about a site and the domain controllers in the site. The top level of the hierarchy is a list of sites in the enterprise. Underneath each site, the list displays the domain controllers located at that site. The Exchange View displays the Microsoft Exchange organization and its server components. This view provides insight on how Active Directory may be impacting specific Exchange servers. In addition, the Edit | Find menu command and toolbar button allow you to search for an object in the Enterprise Explorer. The Enterprise Search dialog displays when the Edit | Find command is selected.
From this dialog, you can specify the object to be located in the Enterprise Explorer.
DirectoryAnalyzer
21
Find what Enter the name of the object to be located. You can also enter partial names to initiate a search. Match whole word Select (check) the Match whole word option if you want to match the whole word entered in the Find what field. Search up By default the search will start from the object selected in the Enterprise Explorer and search "down" the tree. Select (check) the Search up option to search "up" the tree. Object type Select the type of object to be located: Application Partition Domain Domain Controller (default) Exchange Group Exchange Server Site
When the object is found, the topology will expand and the object will be selected/highlighted. Use the Find Next button to find continue searching through the topology. Use the Close button to stop the search and close the dialog.
Enterprise View Icons

The icons used in these views represent the following objects in your enterprise: Enterprise Site Naming Context (NC) Application Partition Domain Controller (DC) or Exchange Server DC with Global Catalog (DC/GC) DC with DNS Server (DC/DNS Server) DC with DNS Server and GC (DC/DNS/GC) Bridgehead Server
22
DirectoryAnalyzer
Bridgehead Server and GC Bridgehead Server with DNS Bridgehead Server with DNS and GC Exchange Organization Administrative Group Routing Group Non-Agented Server* * Servers without a DirectoryAnalyzer agent can be displayed in the enterprise view by selecting the View | Show DCs w/o Agents menu command. Non-agented servers will be displayed with a grayed-out server icon. To hide these servers, select this menu command to remove the check mark.
Expanding/Collapsing Views
The lines connecting objects represent a hierarchical relationship. The small box indicates the expansion state of the object. A plus sign (+) indicates there may be more objects to be displayed; a minus sign (-) indicates that all of the objects are being displayed; no box indicates that the object cannot be expanded. By using the View Menu commands, double-clicking the left mouse button on an object, or single-clicking on the plus sign (+) or minus sign (-), you can expand or collapse the displayed view of the enterprise.
Right-Click Functionality
Right-clicking some objects will display a context menu with commands that can be executed against the selected object. Commands include those associated with launching external applications, including DirectoryTroubleshooter. Depending on the object selected, the following commands are available: Show Alerts Use the Show Alerts command to display the Current Alerts tab for the selected object. Find Use the Find command to display the Enterprise Search dialog, which allows you to enter the search criteria to be used to locate an object in the Enterprise Explorer. Expand Use the Expand command to expand the tree view to display subordinate objects under the selected object.
DirectoryAnalyzer
23
Collapse Use the Collapse command to collapse all of the items directly under the selected object. Event Viewer Use the Event Viewer command to display the Event logs for the remote server. Remote Desktop Use the Remote Desktop command to connect to a Windows 2000, Windows 2003 or Windows 2008 server with remote desktop enabled. Preview Use the Preview command to view a brief description of the alert. Go To Subject (Site/Domain View) Use the Go To Subject command to display the information page for the location of the generated alert in domain or site view. Set Alert Resolution State Use the Set Alert Resolution State command to change a MOM alerts status. Alert History Comments Use the Alert History Comments command to add comments to a MOM alerts history. Services Use the Services command to launch the Services snap-in for a remote server. (Windows 2003 Server only) Users and Computers Use the Users and Computers command to launch the Active Directory Users and Computers snap-in. (NOTE: Admin tools must be installed on the local workstation.) Sites and Services Use the Sites and Services command to launch the Active Directory Sites and Services snap-in. (NOTE: Admin tools must be installed on the local workstation.) Domains and Trusts Use the Domains and Trusts command to launch the Active Directory Domains and Trusts snap-in. (NOTE: Admin tools must be installed on the local workstation.) DirectoryTroubleshooter Use the DirectoryTroubleshooter command to launch the DirectoryTroubleshooter product. (NOTE: DirectoryTroubleshooter must be installed on the local workstation.) External Tools Config Use the External Tools Config command to display the External Tools Configuration dialog allowing you to define additional external applications (*.exe) to be launched. Copy Use the Copy command to copy alert details for pasting into a document. Export Use the Export command to export and save alert details into an excel file.
24
DirectoryAnalyzer
Print Use the Print command to print alert details as they appear on the information pages. Print Preview Use the Print Preview command to preview and print alert details as they appear on the information pages. See Chapter 9: Launching External Applications for more information on these commands and the applications that can be launched directly from the DirectoryAnalyzer client.
Information Pages
The right-hand pane of the DirectoryAnalyzer screen contains tabbed information pages filled with data about the object selected in the Enterprise Explorer. Tabs are provided at both the top and bottom of the display to access different information relating to the selected object. The tabbed pages available at the bottom of the screen are different depending on the page being displayed using the tabs at the top of the page. Below is a list of the main (top) tabs that are available, with their supporting tabs (bottom) listed under them: Administrative Group (displayed when an Exchange Administrative Group is selected) Alert Configuration (displayed when the Configuration | Alerts menu command is enabled) Alert Summary Graph (displayed when any object is selected) Current Alerts (displayed when Current Alerts from the Windows menu is enabled and any object is selected) Alert Details Alert Configuration DT ChangeAuditor Current Exchange Alerts (displayed when a Exchange Server is selected) Alert Details Alert Configuration DT ChangeAuditor DC Information (displayed when a DC is selected) Adapter Summary Hot Fixes DT Domain Summary (displayed when the Domain View node is selected) Domain Role Owners Forest Role Owners Latency Times Exchange (displayed when the Exchange View node is selected) Exchange Server Summary (displayed when the Exchange Server is selected)
DirectoryAnalyzer
25
Forest Summary (displayed when the Enterprise node is selected) Domain Role Owners Forest Role Owners Latency Times MOM Alerts MOM Alert Details MOM Alert History DT ChangeAuditor Naming Context Summary (displayed when a domain, naming context or application partition is selected) DNS Summary Role Owners Details DC Summary Latency Times Replication Information (displayed when a DC is selected) DNS Information DT Routing Group (displayed when a Exchange routing group is selected) Routing Group Connectors (displayed when a Exchange routing group is selected) Sampling Rates (displayed when the Configuration | Sampling Rates menu command is enabled) Site Information (displayed when a site is selected) Inter Site Connections Global Catalogs Site Summary (displayed when the Site View node is selected) Bridgehead Servers SMTP Connectors (displayed when a Exchange routing group is selected)
DirectoryAnalyzer
27
Chapter 3: Monitoring Active Directory

DirectoryAnalyzer monitors all critical components of Active Directory on a continual basis to make sure that the directory is functioning properly. These components include domain controllers, naming contexts, sites, application directory partitions, Exchange servers, and DNS functions as they relate to Active Directory. ************************************************************** The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrators Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights. ************************************************************** Domain Controllers The domain controller (DC) is the basic physical building block of Active Directory. The DC is a Windows 2000/2003/2008 server that has been tasked with managing a replica of an Active Directory domain. An enterprises Active Directory could be comprised of a single DC or hundreds of DCs. The DC stores a copy of the directory. Clients logging into the directory authenticate to the DC and it is also where replication of the directory occurs. Without the DC, Active Directory cannot exist. For this reason, DCs are the most vital components that DirectoryAnalyzer monitors. DirectoryAnalyzer monitors the critical aspects of each DC, including: Server status CPU load LDAP load LDAP response time
Naming Contexts The naming context (NC) is a partition in the namespace. Active Directory is made up of a number of NCs. An NC can exist in more than one physical location by having replicas of the NC reside on DCs in various locations. The NC is also the basic unit of replication within Active Directory.
Monitoring Active Directory
28
DirectoryAnalyzer
DirectoryAnalyzer monitors all of the important attributes of each NC within Active Directory to ensure that all aspects of each NC function as they should, such as: Sites A site is a group of domain controllers that are connected via a high speed (greater than 10 Mb) network. Active Directory uses the site layout to create the best replication topology for the DCs in the forest. When a user logs on, the Active Directory client finds a DC in the same site as the user. Because site layout can have a significant effect on Active Directory replication, it is important for the processes carried out on a site to be monitored by DirectoryAnalyzer. Some of the important attributes of sites that DirectoryAnalyzer monitors include: Global Catalog status Status of each DC within the site Replication latency Replication topology issues Operations Master statuses
Application Directory Partitions Beginning with Windows Server 2003, Active Directory provides support for Application Directory Partitions. Application directory partitions can contain a hierarchy of any type of objects except security principals. These partitions can be configured to replicate to any set of DCs in the forest, not just the DCs in a domain (like in a domain partition). By allowing an administrator to control the scope of replication and the placement of replicas, application directory partitions allow the directory to store dynamic data without significantly impacting network performance. DirectoryAnalyzer monitors the following conditions for application directory partitions: Conflicts encountered during replication Consecutive replication failures Replication latency NC lost and found
DNS Servers Active Directory is tightly integrated with Domain Name System (DNS). Active Directory domain names are DNS domain names, and Active Directory uses DNS to locate DCs. When a client tries to log onto Active Directory, it uses DNS to locate the closest DC to authenticate with. If there is a problem in the interaction between Active Directory and DNS, clients cannot locate an appropriate DC. DirectoryAnalyzer provides important monitoring capabilities for DNS as it relates to Active Directory, including: Service status General consistency between DNS and Active Directory
DirectoryAnalyzer
29
Exchange Servers Microsoft Exchange Server is a powerful corporate messaging system for supporting an organizations e-mail. Exchange 2000/2003 uses Active Directory to store and replicate directory information, for user authentication, to manage Exchange mailbox and mailenabled objects, for global address lists (GAL), and to store Exchange configuration information. Exchange uses Active Directory to store all mail related attribute information for users including email addresses. Poor replication and DC outages will impact an Exchange servers ability to provide information to its users. If a users email address or name is changed, and these changes are not replicated in a timely fashion, some Exchange servers may render incorrect responses to client requests. DirectoryAnalyzer provides insight to help you understand Active Directorys impact on your Exchange service levels, by monitoring the following conditions: Exchange server to Global Catalog ratio Installation of an Exchange server on a DC Responsiveness of Exchange server
Viewing Alerts
DirectoryAnalyzer alerts have two levels of severity: warning and critical. As a situation escalates, a warning alert will be generated, indicating that a lower priority threshold has been violated. As the severity of the error increases, a critical alert will be generated, indicating that the higher priority threshold has been exceeded. A number of attributes can be customized for each of these levels, including the threshold value, duration before an alert occurs and duration before an alert clears. The DirectoryAnalyzer client provides on-screen alerts when a monitored aspect of Active Directory has violated either a warning or critical threshold. The red-light interface makes it easy to locate alerted objects in your enterprise: RED YELLOW - indicates a critical alert condition that should be investigated immediately. - indicates a warning alert threshold has been violated.
Alerts generated from MOM which display on the MOM Alerts tab display additional severity levels: - Service Unavailable. Identifies alerts generated for missed heartbeats and other events indicating that an application or service is unavailable to its users. - Security Issue. Identifies an alert that indicates a security compromise has occurred. Systems on the network are at risk. - Critical Error. Identifies an alert that indicates a serious problem needing attention immediately. - Error. Identifies an alert that is important and needs attention soon.
30
DirectoryAnalyzer
- Warning. Identifies an alert that might indicate future problems. - Information. Identifies an alert that simply provides information. - Success. Identifies an alert that indicates a successful event or operation.
Use the Current Alerts and MOM Alerts tabs to view current alert status for the object selected in the Enterprise Explorer. When the either tab is displayed, the following tabbed pages are also available at the bottom of the page: Alert Details - displays a brief description of the alert and additional information concerning the reason for the alert. MOM Alert Details - displays a brief description of the alert and additional navigational options. Alert Configuration - allows you to view or modify the alert threshold settings for an alert. MOM Alert History - displays brief details of the alert history. DT - displays all of the DirectoryTroubleshooter diagnostic tests that relate to the alert selected in the Current Alerts tab. ChangeAuditor - allows you to immediately determine if a DirectoryAnalyzer alert was caused by a change event captured with ChangeAuditor. Use the Alert Summary Graph to view a graphical display of the current alerts for the object selected in the Enterprise Explorer. This bar graph displays both critical and warning alerts.
DirectoryAnalyzer
31
Current Alerts Tab

The Current Alerts tab is displayed when the DirectoryAnalyzer Client is started or when the Windows | Current Alerts command is selected and an Enterprise node, a naming context, domain, site, application partition or domain controller is selected in the Enterprise Explorer. This tab displays a list of all the current alerts for the selected object.
The following information is displayed for each alert: Severity This column displays a symbol representing the severity of all the alerted object(s) in the selected site, on the selected server or within the selected naming context. Red is used to indicate a critical alert and yellow is used in indicate a warning alert. Type This column displays the type of object that generated the alert: Domain Controller Enterprise Exchange Naming Context Replica Site
32
DirectoryAnalyzer
Subject This column displays the name of alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert. Start Time This column displays the date and time the alert threshold was violated. Description This column provides a text description for the current alert. Refer to Appendix A: DirectoryAnalyzer Alert Messages on page 165 for more information on the alerts that can be generated. Forest This column displays the name of the forest where the alerted server resides. This column is only available when using the Consolidator to view multiple forests.
MOM Alerts Tab

When a problem is detected an alert is raised within the MOM operations console. At this time the MOM operator can assign the alert to the DirectoryAnalyzer console for diagnostics and repair. You can enable MOM alerts relating to DirectoryAnalyzer to display as they appear in the MOM console. From the MOM Alerts tab, you can change alert statuses. The MOM Alerts tab is displayed when the DirectoryAnalyzer Client is started or the Windows | MOM Alerts command is selected and an Enterprise node, a naming context, domain, site, application partition or domain controller is selected in the Enterprise Explorer. This tab displays a list of all the MOM alerts for the selected object.
DirectoryAnalyzer
33
The following information is displayed for each alert: Severity This column specifies the severity of the alert. Domain This column specifies the domain to which the computer belongs. Computer This column specifies the computer on which an agent generated the alert. Time Last Modified This column displays the time the alert state was last changed. Name This column specifies the name of the rule that generated the alert. Resolution State This column displays the status of the resolution process of the alert, such as New or Resolved. The resolution state indicates whether the resolution process has begun. To preview MOM alert descriptions, change alert statuses or add history comments, right-click a selected alert to view the following context menu commands. Preview Use the Preview command to view a brief description of the alert. Set Alert Resolution State Use the Set Alert Resolution State command to update the status of a MOM alert to one of the following available statuses: Resolved Acknowledged Level 4: Assigned to external vendor Level 3: Requires scheduled maintenance Level 2: Assigned to subject matter expert Level 1: Assigned to help desk or support New
Alert History Comments Use the Alert History Comments command to display the Alert History dialog and add optional comments to a MOM alerts history.
34
DirectoryAnalyzer
Viewing Alert Details

To display details for a particular alert, select/highlight an alert in the Current Alerts or MOM Alerts tab and select the corresponding alerts tab at the bottom of the page. This will display a brief description of the alert and additional information concerning the reason for the alert. In addition, from these tabs you can access the DirectoryAnalyzer knowledge base which explains what the problem means, what the likely cause(s) of the problem might be, and recommended steps to repair the problem.
Alert/MOM Alert Details Tabs

The Alert Details and MOM Alert Details tabs are displayed at the bottom of the page when the Current Alerts and MOM Alerts tabs are displayed, respectively. These tabs provide additional information about the selected alert.
The Alert Details tab displays the following information about the selected alert: Alert This field displays the alert text. Subject This field displays the name of the alerted object, such as the name of the domain controller, naming context or site that generated the alert. Type This field displays the type of object that generated the alert: domain controller, naming context, replica, enterprise or site.
DirectoryAnalyzer
35
Start Time This field displays the date and time the alert threshold was violated. Description This field displays a description of the alert. Details Some alerts include this section to provide detailed information about what caused the alert to be generated, e.g., the Consecutive Replication Failures alert lists the replication partners and their corresponding number of failures. The MOM Alert Details tab displays navigational options and the following about the alert: Description This field displays a brief description of the alert. Use the buttons to the right of the Alert Details and MOM Alert Details tabs to perform the following functions:
When viewing alerts from the Current Alerts tab, use this button to launch the DirectoryAnalyzer knowledge base to find details related to DirectoryAnalyzer functionality, tasks and alerts. When viewing alerts from the MOM Alerts tab, use this button to launch the DirectoryAnalyzer knowledge base to find information about MOM alerts.
Use this button to display the alert details for the first alert listed on the Current Alerts or MOM Alerts tabs.
Use this button to display the alert details for the previous alert listed on the Current Alerts or MOM Alerts tabs.
Use this button to display the alert details for the next alert listed on the Current Alerts or MOM Alerts tabs.
Use this button to display the alert details for the last alert listed on the Current Alerts or MOM Alerts tabs. More Info When viewing alerts from the Current Alerts tab, use this button to access the DirectoryAnalyzer knowledge base entry for the selected alert. When viewing alerts from the MOM Alerts tab, use this button to access the MOM knowledge base.
36
DirectoryAnalyzer
Viewing Alert Summary Graphs

To display a summary graph of alerts for a particular location, select/highlight an object from the Enterprise Explorer.
Alert Summary Graph

The Alert Summary Graph provides a bar graph indicating the total number of alerts, broken down by critical (red) and warning (yellow) severity, generated for the object selected in the Enterprise Explorer. When a container object is selected, this graph will include the child objects that belong to the selected container.
To display selected alert objects, the following context menu commands are available when you right-click inside the Alert Graph Summary pane: Include Non-Alerted Objects DCs Sub Domains All Objects Top 10 By Total By Critical
Accessing the Knowledge Base

DirectoryAnalyzer not only identifies problems within your enterprise, it also assists you in solving these problems through its comprehensive knowledge base. When configuring alerts or when an alert occurs, you can easily access the DirectoryAnalyzer knowledge base for answers. It explains what the problem means, what the likely cause(s) of the problem might be and recommends steps to take to repair the problem. The Alert Details tab, located at the bottom of the Current Alerts tab displays general information about the selected alert and provides access to the DirectoryAnalyzer knowledge base. From this tab, select the button to access the knowledge base.
You can also access the DirectoryAnalyzer knowledge base from the Alert Configuration tab. Select/highlight an alert and use the More Info button to display the knowledge base entry for the selected alert.
DirectoryAnalyzer
37
The MOM Alert Details tab, located at the bottom of the MOM Alerts tab, displays a brief description of an alert and provides access to the MOM knowledge base. From this tab, select the More Info button to access the MOM knowledgebas
To close the knowledge base and return to the previous DirectoryAnalyzer screen, use the Close button in the upper right-hand corner of the window.
38
DirectoryAnalyzer
MOM Management Pack

The MOM Management Pack included with DirectoryAnalyzer is responsible for changing the state on alerts as they transition for Warning, Critical and Clear. The pack allows you to configure DA alerts to become MOM alerts, and provides product and company knowledge concerning the selected alert.
The management pack provides the following details:
Product Knowledge Tab

Summary Displays summary details of the alert as described within MOM. Causes Displays causes for the alert as described within MOM. Resolutions Displays resolution details as described within MOM. External Knowledge Sources Displays additional links for more information about the alert. Company Knowledge The Company Knowledge tab displays information provided by Microsoft.
DirectoryAnalyzer
39
Chapter 4: Browsing the Directory

DirectoryAnalyzer provides a consolidated view of the entire directory and includes detailed information about each critical component, from naming contexts to sites to DCs to DNS servers. DirectoryAnalyzer provides a comprehensive view of the enterprises Active Directory, allowing you to easily navigate and obtain information about the different parts of the directory. You can view Active Directory by site, by domain or by application partition. ************************************************************** The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrators Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights. **************************************************************
Forest View
The Forest view provides summary information about the entire forest. When the Forest View node is selected, the following tabs are displayed: Forest Summary Domain Role Owners Forest Role Owners Latency Times Current Alerts Alert Details Alert Configuration DT ChangeAuditor Alert Summary Graph MOM Alerts ChangeAuditor DT MOM Alert Details MOM Alert History
Browsing the Directory
40
DirectoryAnalyzer
Application Partition View

When you know the name of the application partition where a problem is occurring, the Application Partition View provides a quick way to get to the information regarding that application partition and its DCs. You can expand or collapse the application partitions to reveal the parent/child hierarchy. Under each partition root is a list of the DCs pertaining to that application partition. To browse the directory by application partition: 1. Select/expand the Application Partition View node in the Enterprise Explorer. 2. Select/highlight the object to be browsed. When an Application Partition Naming Context Summary DNS Summary Role Owners Details DC Summary Latency Times Alert Details Alert Configuration DT ChangeAuditor is selected, the following tabs are displayed:
Current Alerts
Alert Summary Graph
Domain View
When you know the name of the naming context/domain where a problem is occurring, the Domain View provides a quick way to get to the information regarding that naming context/ domain and its DCs. The top level of this hierarchy corresponds to the trees in your enterprise. You can expand or collapse the trees to reveal the naming context hierarchy. Under each naming context is a list of the DCs pertaining to that naming context. To browse the directory by naming context/domain: 1. Select/expand the Domain View node in the Enterprise Explorer. 2. Select/highlight the object to be browsed. When the Domain View node is selected, the following tabs are displayed: Domain Summary Domain Role Owners Forest Role Owners Latency Times
DirectoryAnalyzer
41
Current Alerts Alert Details Alert Configuration DT ChangeAuditor MOM Alerts ChangeAuditor DT MOM Alert Details MOM Alert History Alert Summary Graph When a domain is selected, the following tabs are displayed:
Naming Context Summary DNS Summary Role Owners Details DC Summary Latency Times Current Alerts Alert Details Alert Configuration DT ChangeAuditor MOM Alerts ChangeAuditor DT MOM Alert Details MOM Alert History Alert Summary Graph When a DC is selected, the following tabs are displayed: DC Information Adapter Summary Hot Fixes DT Current Alerts Alert Details Alert Configuration DT ChangeAuditor
42
DirectoryAnalyzer
MOM Alerts ChangeAuditor DT MOM Alert Details MOM Alert History Alert Summary Graph Replication Information DNS Information DT
Site View
When you know the location of a directory problem, the Site View provides a quick way to get to the information about the site and the domain controllers in that site. The top level of the hierarchy is a list of sites in the enterprise. Indented underneath each site are the domain controllers located at that site. To browse the directory by site: 1. Select/expand the Site View node in the Enterprise Explorer. 2. Select/highlight the object to be browsed. When the Site View node is selected, the following tabs are displayed: Site Summary Bridgehead Servers Current Alerts Alert Details Alert Configuration DT ChangeAuditor Alert Summary Graph When a site is selected, the following tabs are displayed: Site Information Inter Site Connections Global Catalogs Current Alerts Alert Details Alert Configuration DT ChangeAuditor Alert Summary Graph
DirectoryAnalyzer
43
When a DC is selected, the following tabs are displayed: DC Information Adapter Summary Hot Fixes DT Current Alerts Alert Details Alert Configuration DT ChangeAuditor Replication Information DNS Information DT See the Information Tabs section that follows for a detailed description of all these tabs. See Chapter 3: Monitoring Active Directory for a detailed description of the alert tabs (Current Alerts and Alert Summary Graph. See Chapter 10: DirectoryTroubleshooter Integration for a detailed description of the DT tabs. See Chapter 11: ChangeAuditor Integration for a detailed description of the ChangeAuditor tab.
Information Pages
Different types of information is provided on the various Information tabs depending on the object selected/highlighted in the Enterprise Explorer. NOTE: Information tabs that include summary tabs and alert summary graph tabs will not contain information if DirectoryAnalyzer is set up with no DA agents and is only utilizing MOM ADMP alerts via the product connector. The information tabs appear in this section in the following order: Forest Summary Tab Domain Role Owners Tab Forest Role Owners Tab Latency Times Tab Domain Summary Tab Naming Context Summary Tab DNS Summary Tab Role Owners Details Tab DC Summary Tab Site Summary Tab Bridgehead Servers Tab Site Information Tab Inter Site Connections Tab Global Catalogs Tab
44
DirectoryAnalyzer
DC Information Tab Adapter Summary Tab Hot Fixes Tab Replication Information Tab DNS Information Tab
Forest Summary Tab

The Forest Summary Tab is displays whenever the forest (top-most) node is selected in the Enterprise Explorer. When the Forest Summary Tab is displayed, the following tabbed pages are available at the bottom of the page: Domain Role Owners Forest Role Owners Latency Times
The Forest Summary tab contains the following information:
Statistics Information
The Statistics Information section, at the top of this tab, provides the following statistics for all the objects contained in the forest: App Partitions This field displays the total number of application directory partitions in the forest.
DirectoryAnalyzer
45
Domains This field displays the total number of domains in the forest. Sites This field displays the total number of sites in the forest. Empty Sites This field displays the total number of empty sites in the forest. DCs This field displays the total number of domain controllers in the forest. DNS Servers This field displays the total number of DNS servers in the forest. GC Servers This field displays the total number of Global Catalog (GC) servers in the forest. Bridge Head Servers This field displays the total number of bridgehead servers in the forest. DCs not Agented or Responding This field displays the total number of domain controllers in the forest that do not have a DirectoryAnalyzer agent installed or are not responding. DCs Managed by This EA This field displays the total number of domain controllers the current Enterprise Agent. RODC Servers This field displays the total number of Windows Server 2008 Read-Only Domain Controllers in the forest. Exchange Servers This field displays the total number of Exchange servers in the forest.
Forest Information
The Forest Information section contains the following information: Operations Master Consistent This field indicates whether the Operations Master is consistent across all of the domain controllers in the enterprise. Schema Version Consistent This field indicates whether the schema version is consistent across all domain controllers in the forest. Functional Level Consistent This field indicates whether the forest functional level is consistent. Domain Naming Operations Master This field displays the name of the domain controller that is the Domain Naming Operations Master for the enterprise.
46
DirectoryAnalyzer
Schema Operations Master This field displays the name of the domain controller that is the Schema Operations Master for the enterprise. Forest Functional Level This field indicates the functional level of the entire forest: Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003 Windows 2008
Replication Latency
If the Replication Latency feature is enabled (Configuration | Replication Latency command), the bottom of the Forest Summary tab provides a graphical display of the latency times that fall into the clear, warning and/or critical categories. For more details on latency times, select the Latency Times tab at the bottom of the page.
Domain Role Owners Tab

The Domain Role Owners tab is displayed at the bottom of the Forest Summary and Domain Summary tabs.
This tab contains the following role owner information for all of the domains in the forest: DNS Name This column lists each domain in the forest, by DNS name. PDC Owner This column displays the name of the domain controller that is the PDC Operations Master for each domain listed. This is the domain controller that can act as a PDC for downlevel backup domain controllers (BDCs) and clients. RID Owner This column displays the name of the domain controller that is the RID Operations Master for each domain listed. This is the domain controller that can allocate RID pools to other domain controllers.
DirectoryAnalyzer
47
Infrastructure Owner This column displays the name of the domain controller that is the Infrastructure Operations Master for each domain listed. This is the domain controller that runs the inter-domain daemon process that resolves references to objects in other domains that have been moved or renamed. Domain Functional Level This column indicates the functional level of the entire domain. Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003 Windows 2008
Forest Role Owners Tab

The Forest Role Owners tab is displayed at the bottom of the Forest Summary and Domain Summary tabs.
This tab contains the following role owner information about the selected forest: DC Name This column lists all of the domain controllers in the forest. Domain Naming Operations Master This column displays the name of the domain controller that is the Domain Naming Operations Master for the enterprise. This is the one domain controller in the enterprise that can initiate domain naming operations. Schema Operations Master This column displays the name of the domain controller that is the Schema Operations Master for the enterprise. This in the one domain controller in the enterprise that can initiate changes to the schema. Schema Version This column displays the version number of the schema.
48
DirectoryAnalyzer
Forest Functional Level This column indicates the functional level of the entire domain. Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003 Windows 2008
Replication Latency Times Tab

The Replication Latency Times tab is located at the bottom of the Forest Summary, Domain Summary and Naming Context Summary tabs. This tab lists the replication latency times for the different replication partners. NOTE: The Replication Latency command (under the Configuration menu) must be checked to view this tab.
The table on this tab displays the following details: Clear Latency Times The information displayed in this column represents the latency times that are "clear" and did not exceed either the warning or critical threshold. DC (from server) This column lists the replication partner that fall into the "clear" category. Max Latency (HH:MM) This column displays the maximum about of time that elapsed when replicating a change out to each of the replication partners listed. Warning Latency Times The information displayed in this column represents the latency times that exceeded the warning threshold. DC (from server) This column lists the replication partner that fall into the "warning" category. Max Latency (HH:MM) This column displays the maximum amount of time that elapsed when replicating a change out to each of the replication partners listed.
DirectoryAnalyzer
49
Critical Latency Times The information displayed in this column represents the latency times that exceeded the critical threshold. DC (from server) This column lists the replication partner that fall into the "critical" category. Max Latency (HH:MM) This column displays the maximum about of time that elapsed when replicating a change out to each of the replication partners listed.
Domain Summary Tab

The Domain Summary tab is displayed whenever the Domain View node is selected in the Enterprise Explorer. When the Domain Summary Tab is displayed, the following tabbed pages are available at the bottom of the page: Domain Role Owners Forest Role Owners Latency Times
50
DirectoryAnalyzer
The Domain Summary tab displays the following information:
The Statistics Information section, at the top of this tab, provides the following statistics for all the objects contained in the forest: App Partitions This field displays the total number of application directory partitions in the forest. Domains This field displays the total number of domains in the forest. Sites This field displays the total number of sites in the forest. Empty Sites This field displays the total number of empty sites in the forest. DCs This field displays the total number of domain controllers in the forest. DNS Servers This field displays the total number of DNS servers in the forest. GC Servers This field displays the total number of Global Catalog (GC) servers in the forest. Bridge Head Servers This field displays the total number of bridgehead servers in the forest. DCs not Agented or Responding This field displays the total number of domain controllers in the forest that do not have a DirectoryAnalyzer agent installed or are not responding. DCs Managed by This EA This field displays the total number of domain controllers managed by the current Enterprise Agent. RODC Servers This field displays the total number of Windows Server 2008 Read-Only Domain Controllers in the forest. Exchange Servers This field displays the total number of Exchange servers in the forest.
DirectoryAnalyzer
51
Forest Information
The Forest Information section contains the following information: Operations Master Consistent This field indicates whether the Operations Master is consistent across all of the domain controllers in the enterprise. Schema Version Consistent This field indicates whether the schema version is consistent across all domain controllers in the forest. Functional Level Consistent This field indicates whether the forest functional level is consistent. Domain Naming Operations Master This field displays the name of the domain controller that is the Domain Naming Operations Master for the enterprise. Schema Operations Master This field displays the name of the domain controller that is the Schema Operations Master for the enterprise. Forest Functional Level This field indicates the functional level of the entire forest: Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003 Windows 2008
Replication Latency
If the Replication Latency feature is enabled (Configuration | Replication Latency command), the bottom of the Domain Summary tab provides a graphical display of the latency times that fall into the clear, warning and/or critical categories. Deployed DirectoryAnalyzer agents are required in order for this feature to be available. For more details on latency times, select the Latency Times tab at the bottom of the page.
52
DirectoryAnalyzer
Naming Context Summary Tab

The Naming Context Summary tab provides information specific to the domain/naming context or application partition selected in the Enterprise Explorer. When the Naming Context Summary tab is displayed, the following tabbed pages are available at the bottom of the page: DNS Summary Role Owners Details DC Summary Latency Times
This tab displays the following information for the selected domain/naming context or application partition:
Operations Master Status

When a domain or naming context is selected in the Enterprise Explorer, the Operations Master Status section will be displayed at the top of the Naming Context Summary tab. This pane contains the following information: Number of Domain Controllers This field indicates how many DCs are in the selected domain. This field is grayed out when the Enterprise Configuration or Enterprise Schema naming context is selected.
DirectoryAnalyzer
53
Functional Level This field displays the functional level of the selected domain or of the entire forest depending on the object selected in the Enterprise View. Valid values are: Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003 Windows 2008
Functional Level Consistent This field indicates whether the functional level is consistent throughout the forest. PDC Operations Master This field displays the name of the domain controller that is the PDC Operations Master for the selected domain. This is the domain controller in the domain that can act as a PDC for downlevel backup domain controllers (BDCs) and clients. RID Operations Master This field displays the name of the domain controller that is the RID Operations Master for the selected domain. This is the DC in the domain that can allocate RID pools to other domain controllers. Infrastructure Operations Master This field displays the name of the domain controller that is the Infrastructure Operations Master for the selected domain. This is the domain controller in the domain that runs the inter-domain daemon process that resolves references to objects in other domains that have been moved or renamed. Operations Master Consistent An Operations Master is a virtual "token" indicating that a single domain controller has the right to perform some directory operation. An Operations Master is represented by an object in the directory that contains the name of the domain controller that "owns" the master role. DirectoryAnalyzer periodically checks the consistency of the various Operations Masters across all of the domain controllers in the enterprise. This field indicates whether this naming contexts DC agrees with the other domain controllers regarding who owns each type of master. If this naming context has a differing value for any of the Operations Masters, this field will be set to NO. To obtain more detailed information about the Operations Master consistency for this naming context, select the Role Owners Details tab, at the bottom of the page.
Replication Latency
If the Replication Latency feature is enabled (Configuration | Replication Latency command), the middle portion of the Naming Context Summary tab provides a graphical display of the latency times that fall into the clear, warning and/or critical categories. For more details on latency times, select the Latency Times tab at the bottom of the page.
54
DirectoryAnalyzer
Trust List
The trust list is displayed when a domain or naming context is selected in the Enterprise Explorer. This section of the tab consists of the domains that trust this domain and the domains that this domain trusts. Domain Name This column lists the name(s) of the domain(s) that the selected domain has trust relationships with. Relationship This column describes the state of the trust relationship: Transitive This column indicates whether this is a transitive trust. Transitive trusts can only exist between domains within the same domain tree or forest. When a new domain controller is installed and a new child is created, a transitive trust relationship is automatically created between the parent and the new child domain. Transitive trust relationships flow upward through the domain tree as they are formed, subsequently creating transitive trusts between all domains in the domain tree. Direction This column indicates whether this domain trusts the partner, the partner trusts this domain or the trust is bi-directional. Valid entries are: Bi-Directional - the current domain trusts the target domain and vice versa Outgoing: Domain trusts partner - the current domain trusts the target domain Incoming: Partner trusts domain - the target domain trusts the current domain Trust disabled - the trust was created, but has been disabled Tree Root the trust relationship is between two tree root domains in the forest. Parent the trust relationship is from a parent domain to a child domain. Child the trust relationship is from a child domain to a parent domain. External the trust relationship is with a pre-Windows 2000 (NT) domain. Non-Windows Kerberos Realm the trust relationship is with a Kerberos realm, which is a standard security and authentication protocol. DCE Realm the trust relationship is with a DCE realm. Shortcut the trust relationship is between two domains in the same forest that are not directly related.
DirectoryAnalyzer
55
Application Partition Information

When an application partition is selected in the Enterprise Explorer, the Application Partition Information pane will be displayed at the top of the Naming Context Summary tab.
The Application Partition Information window displays information about the currently selected application directory partition. Distinguished Name This field displays the distinguished name of the application directory partition. Security Reference Domain This field displays the name of the domain used by the security system to interpret local domain references for default security descriptors that are attached to objects created in the selected application directory partition. Replication Notify Start Delay* This field specifies the delay (in seconds) between the opening change and the initial notification sent to the first replication partner. The default is five minutes. Replication Notify Subsequent Delay* This field specifies the delay (in seconds) between subsequent notifications to the partitions other (second, third, etc.) replication partners.
56
DirectoryAnalyzer
* The value in these two fields are from the directory. They apply to all domain controllers hosting a replica of the application directory partition and affect only the replication of the application directory partition. A registry entry on each domain controller can specify a similar value, which will override this value.
DC Summary
The DC Summary pane is displayed on the Naming Context Summary tab whenever an application partition is selected in the Enterprise Explorer. This pane provides the following information: Server This column displays the name of the server(s) where this application partition resides. GC This column displays whether a copy of the Global Catalog is stored on the replication partner. Site This column displays the name of the site to which the replication partner belongs. Managed By This column displays the name of the administrator responsible for this replication partner, if the Managed By attribute is set for the domain controller. Replication First Delay** This column specifies the delay (in seconds) between the originating change and the initial notification set to the first replication partner. The default is five minutes. Replication Subsequent Delay** This column specifies the delay (in seconds) between subsequent notifications to the partition's other (second, third, etc.) replication partners. The default is five minutes. ** The values in these two columns are from the registry of the domain controller and they override the values set in the directory. By default, the registry and directory values are NOT set; the default values are built into Active Directory. The directory settings enable an administrator to speed up replication for all replicas of an application directory partition, while the registry settings allow him/her to fine tune these settings for each individual domain controller in the application directory partition.
DirectoryAnalyzer
57
DNS Summary Tab

The DNS Summary tab, located at the bottom of the Naming Context Summary tab, provides a summary of the DNS servers that are authoritative for the selected domain.
This tab contains the following information about the selected domain: Server This column displays the name(s) of the DNS server(s) which are authoritative for the selected domain. Zone Type This column displays the zone type of each of the DNS servers: Primary - the server is designated as the master server for this zone. Secondary - the server is designated as one of the secondary servers for this zone. Active Directory Integrated - the DC obtains its DNS information from the directory, not from a specific DNS server. Stub - the server is designated as a stub zone, i.e., a copy of a zone that contains only those records necessary to identify the authoritative DNS servers for that zone (Windows Server 2003).
Zone This column displays the zones this server hosts that apply to the selected domain. Site This column displays the name of the site where the DNS servers reside. Serial Number This column displays the serial number for each DNS server, which is used to determine if a zone transfer is needed to update the zone. Allow Updates This column indicates whether the zone is a dynamic DNS zone.
58
DirectoryAnalyzer
Role Owners Details Tab

An Operations Master is a virtual "token" indicating that a single domain controller has the right to perform some directory operation. An Operations Master is represented by an object in the directory that contains the name of the domain controller that "owns" the master role. DirectoryAnalyzer periodically checks the consistency of the various Operations Masters across all of the DCs in the enterprise. The Operations Master Consistent field on the Naming Context Summary tab indicates whether the selected naming contexts DC agrees with the other DCs regarding who owns each type of master. From the Naming Context Summary tab, you can obtain more information about the Operations Master consistency for the selected naming context by selecting the Role Owners Details tab at the bottom of the screen.
This tab contains the following information. DC Name This column displays the name of each domain controller for the domain or naming context. PDC Operations Master This column displays the name of the domain controller that is the PDC (Primary Domain Controller) Operations Master for the domain, according to the server listed under DC Name. RID Operations Master This column displays the name of the domain controller that is the RID (Relative Identifier) Operations Master for the domain, according to the server listed under DC Name. Infrastructure Operations Master This column displays the name of the domain controller that is the Infrastructure Operations Master for the domain, according to the server listed under DC Name.
DirectoryAnalyzer
59
DC Summary Tab
The DC Summary Tab is located at the bottom of the Naming Context Summary tab.
The DC Summary tab provides the following information: Server This column displays the name of the server(s) where this replication partner resides. GC This column displays whether a copy of the Global Catalog is stored on the selected replication partner. A check mark indicates that the server is hosting a Global Catalog. Site This column displays the name of the site to which the replication partner belongs. Managed By This column displays the name of the administrator responsible for this replication partner, if the Managed By attribute is set for the domain controller.
60
DirectoryAnalyzer
Site Summary Tab

The Site Summary Tab is displayed when the Site View node is selected in the Enterprise Explorer. This tab contains summary information for the forest and for all the sites in the forest. When the Site Summary tab is displayed, the Bridgehead Servers tab is available at the bottom of the page.
This tab displays the following summary information:
The Statistics Information section, at the top of this tab, provides the following statistics for all the objects contained in the forest: App Partitions This field displays the total number of application directory partitions in the forest. Domains This field displays the total number of domains in the forest. Sites This field displays the total number of sites in the forest. Empty Sites This field displays the total number of empty sites in the forest. DCs This field displays the total number of domain controllers in the forest.
DirectoryAnalyzer
61
DNS Servers This field displays the total number of DNS servers in the forest. GC Servers This field displays the total number of Global Catalog (GC) servers in the forest. Bridgehead Servers This field displays the total number of bridgehead servers in the forest. DCs not Agented or Responding This field displays the total number of domain controllers in the forest that do not have a DirectoryAnalyzer agent installed or are not responding. Exchange Servers This field displays the total number of Exchange servers in the forest.
Site Deployment
The Site Deployment section displays the following information for each site in the forest: Site Name This column lists the names of all the sites in the forest. Site Agent This column displays the name of the Site Agent for each site listed. Site Agent Version This column displays the Site Agent's version number. # Agented DCs This column displays the number of agented domain controllers for each site. (That is, has a DC Agent installed). # UnAgented DCs This column displays the number of unagented domain controllers for each site. (That is, does not have a DC Agent installed.)
Bridgehead Servers Tab

The Bridgehead Servers Tab is displayed at the bottom of the page when the Site Summary tab is displayed. This tab contains the following information for each site in the forest: Site Name This column lists all the sites in the forest. Preferred Bridgehead Server This column displays the name of the preferred bridgehead server defined for each site listed. Inter Site Topology Generator This column displays the name of the server designated as the Inter Site Topology Generator (ISTG) for each site listed.
62
DirectoryAnalyzer
# Global Catalogs This column displays the number of Global Catalog (GC) servers located in each site listed.
Site Information Tab

The Site Information Tab is displayed when a site is selected in the Enterprise Explorer. This tab displays detailed information about the selected site. When the Site Information tab is displayed, the following tabbed pages are available at the bottom of the page: Inter Site Connections Global Catalogs
This tab displays the following information about the selected site:
Site Information
The top-most pane displays the following information about the selected site: Universal Group Membership Caching This field indicates whether universal group membership caching is enabled. If enabled, the Reference Caching site will be shown. Inter Site Topology Generation This field indicates whether automatic Inter Site Topology Generation is enabled. Intra Site Topology Generation This field indicates whether automatic Intra Site Topology Generation is enabled.
DirectoryAnalyzer
63
Inter Site Topology Generator This field displays the name of the server designated as the Inter Site Topology Generator (ISTG).
Domain Controllers
This pane displays the following information for all of the domain controllers in the selected site: Status This column displays a symbol representing the current operating status of each server: Running Not Responding No DA Agent Server This column displays the names of all the servers in the selected site. Domain This column displays the name of the domain to which each server belongs. GC A check mark in this column indicates that the server is hosting a Global Catalog (GC). DNS A check mark in this column indicates that the server is a DNS server. Preferred BH This column displays the type of transport being used by this preferred bridgehead server. Only administrator configured transports are displayed. Valid transport types are: PDC A check mark in this column indicates that the server is the PDC Emulator Operations Master for its domain. RID A check mark in this column indicates that the server is the RID Operations Master for its domain. Infra A check mark in this column indicates that the server is the Infrastructure Operations Master for its domain. Schema A check mark in this column indicates that the server is the Schema Operations Master for the enterprise. IP SMTP SMTP/IP
64
DirectoryAnalyzer
Name A check mark in this column indicates that the server is the Domain Naming Operations Master for the enterprise. Site Agent A check mark in this column indicates the server is a DirectoryAnalyzer Site Agent. Agent Version This column displays the version number of the DirectoryAnalyzer agent installed on each server listed.
Inter Site Connection Tab

The Inter Site Connection tab is displayed at the bottom of the Site Information tab. This tab displays the following information about the selected site: Site Link Name This column displays the name of the site link. To Site This column displays the site to which the selected site is linked. Cost This column displays the relative cost of using the link, as defined by the administrator. Scheduled link This column shows whether the inter-site link is connected at all times or not. Valid values for this column are: Permanent - the link is connected all of the time. DirectoryAnalyzer displays this value if you have not assigned a schedule to this connection, in which case Active Directory treats the link as always being connected. Scheduled - the link is connected occasionally. DirectoryAnalyzer displays this value if you have assigned a schedule to this connection and there is at least some scheduled time when the link is connected. Disabled - the link is never connected. DirectoryAnalyzer displays this value if you have assigned a schedule to this connection but there is no scheduled time when the link is connected.
DirectoryAnalyzer
65
Global Catalogs Tab

The Global Catalogs tab, located at the bottom of the Site Information tab, provides a list of all the servers in the selected site that contain a copy of the Global Catalog (GC).
DNS Name This table displays a list of all the servers that contain a copy of the Global Catalog in the selected site.
DC Information Tab
The DC Information Tab displays information about the currently selected domain controller. This tab is displayed whenever a DC is selected in the Enterprise Explorer. The statistics on this page are retrieved "on demand", therefore, DirectoryAnalyzers impact on network bandwidth has been greatly reduced. To retrieve the latest statistics, use the Refresh button.
66
DirectoryAnalyzer
The top pane on this tab displays the following information about the selected DC: Domain This field displays the name of the domain to which the DC belongs. Site This field displays the name of the site to which the DC belongs. GC This field indicates whether a copy of the Global Catalog is stored on the selected DC. OS Version This field displays the Microsoft Windows operating system version (and Service Pack) being used on the selected server. System Up Time This field displays how long its been since the DC was last rebooted. Last Update Time This field displays the date and time the statistics for the server were last gathered by DirectoryAnalyzer. RODC This field indicates whether the selected domain controller is a Windows Server 2008 Read-Only Domain Controller.
Usage Statistics
The Usage Statistics pane contains the following details: Agent Information Agent Type This field displays the whether this agent is a DC Agent or a Site Agent. Agent Version This field displays the version number of the DirectoryAnalyzer agent. DIT DIT Disk Space Used This field displays the percentage of total available disk space used by the DS (directory service) database files. DIT Disk Space Available This field displays the total amount of disk space available for the DS database files. DIT Size on Disk This field displays the size of the DS database.
DirectoryAnalyzer
67
SysVol SYS Vol Space Used This field displays the percentage of total disk space used by the System Volume. SYS Vol Space Available This field displays the total amount of disk space available on the System Volume. LDAP LDAP Load This field displays the aggregation of the Read, Write and Search load on LDAP. LDAP Last Error This field displays the last error returned to DirectoryAnalyzer by LDAP. LDAP Response Time This field displays the amount of time it took to perform a simple LDAP query to the DC. LSASS LSASS CPU Load This field displays the CPU load for the LSASS (Local Security Authority Subsystem Service) service. LSASS Virtual Memory This field displays the amount of virtual memory allocated to the LSASS service. LSASS Working Set This field displays the amount of working set memory allocated to the LSASS service. NTFRS NTFRS CPU Load This field displays the CPU load for the NTFRS (File Replication Service) service. NTFRS Virtual Memory This field displays the amount of virtual memory allocated to the NTFRS service. NTFRS Working Set This field displays the amount of working set memory allocated to the NTFRS service. RID RID Pool High This field displays the high value assigned to the allocated RID pool on the selected DC. RID Pool Low This field displays the low value assigned to the allocated RID pool on the selected DC. Next RID Available This field displays the number of the next RID available in the allocated RID pool on the selected DC.
68
DirectoryAnalyzer
Operating System Summary OS Version This field displays the Microsoft Windows operating system version (and Service Pack) being used on the selected server. Physical Memory Used This field displays the percentage of total memory used on the selected server. Physical Memory Available This field displays the amount of memory available on the selected server. DSA Status This field displays the current status of the Directory Service Agent (DSA) on the selected server: Running Not Responding CPU Load This field displays the CPU load for the selected server. SMB Connections This field displays the number of SMB (Server Message Block) connections in use on the selected server. Cache Hit Rate This field displays the percentage of disk reads satisfied by the cache. Page Fault Rate This field displays the number of processor page faults taken per second.
Adapter Summary Tab

The Adapter Summary tab, located at the bottom of the DC Information tab, provides information about the network adapters installed on the selected domain controller.
Description This column displays the type of adapter being used. Domain This column displays the name of the domain where each network adapter resides.
DirectoryAnalyzer
69
NOTE: The Domain field in the Adapter Information table may be blank. DirectoryAnalyzer enumerates all installed adapters; however, this field is only applicable to DNSenabled TCP/IP Adapters. IP Addresses/Name Servers This list displays all of the IP addresses that are bound to the adapters listed.
Hot Fixes Tab

A Hot Fix report is available per server, listing all hot fixes installed on a given server with details such as description, type, installation date, and who installed the hot fix. You can also access the hot fixs corresponding Microsoft knowledge base article directly from the DirectoryAnalyzer client.
The Hot Fixes tab is displayed at the bottom of the page when you open the DC Information tab. This tab contains the following information: Name This field displays the name of the hot fix. Description This field displays a brief description of the hot fix. Installed By This field displays the user account that installed the hot fix. Installed Date This field displays the date when the hot fix was installed.
70
DirectoryAnalyzer
To access a hot fixs corresponding Microsoft knowledge base article, double-click on a hot fix entry or right-click an entry and select the View KB Article command. This will launch your browser and display the Hot Fix Knowledge Base article from Microsofts website.
Replication Information Tab

The Replication Information Tab is displayed when a domain controller is selected in the Enterprise Explorer. This tab displays information about the selected domain controllers replication partners. The information on this page is retrieved "on demand", therefore DirectoryAnalyzers impact on network bandwidth has been greatly reduced. To retrieve the latest information, use the Refresh toolbar button. NOTE: When a domain controller in an application directory partition is selected, this tab displays the replication partners for any application partition that the selected DC hosts.
This tab displays the following information for the selected domain controller: Naming Context This column displays the name of the naming context(s) that the selected server replicates and the name of the replication partner(s) for each naming context. Last Attempt For each replication partner and naming context, this column displays the date and time when the last replication was attempted.
DirectoryAnalyzer
71
Last Success For each replication partner and naming context, this column displays the date and time when the last successful replication took place. Consecutive Failures For each replication partner and naming context, this column displays the number of consecutive failures encountered during the replication process. Error For each replication partner and naming context, this column displays the last replication error encountered. Latency This column displays the elapsed time (HH:MM:SS) between changing an object in the naming context and the time the change appears on each domain controller. This value is only displayed for the Configuration naming context and the local domain. It only shows the latency time for direct replication partners. NOTE: N/A will be displayed for the Schema NC as well as for partial (read-only) replicas on global catalogs.
DNS Information Tab

From the DNS Information tab, located at the bottom of the Replication Information tab, you can obtain additional DNS information about the selected DNS server.
This tab displays the following information for the selected DNS server: Zone This column displays the name of the zone. Type This column displays the zone type for each zone: Active Directory-Integrated - the dynamic DNS zone is stored in Active Directory and replicated to all domain controllers. Primary - the DNS server is designated as the master server for this zone. Secondary - the DNS server is designated as one of the secondary servers for this zone.
72
DirectoryAnalyzer
Forwarding - the DNS server is used to forward queries to other DNS servers, based on the DNS domain names contained in the queries. Stub - the DNS server is designated as a stub zone, i.e., a copy of a zone that contains only those records necessary to identify the authoritative DNS servers for that zone. (Windows Server 2003)
Storage This column displays where the zone information is stored (AD represents Active Directory integrated): AD-Custom AD-Domain AD-Forest AD-Legacy File
Replication Scope This column displays the name of the partition where the zone is hosted. Serial # This column displays the serial number for each DNS server, which is used to determine if a zone transfer is needed to update the zone. Allow Update This column indicates whether the zone is a dynamic DNS zone. Only Secure means that the ability to restrict updates to a specific set of authorized users or systems has been enabled. Domain Controllers This pane lists the server names and IP addresses for all the domain controllers in the selected zone.
DirectoryAnalyzer
73
Chapter 5: Browsing Exchange on Active Directory

DirectoryAnalyzers Exchange View displays critical Active Directory components and information about how they relate to Exchange. This view provides insight on how Active Directory may be impacting your Exchange organization. This view is particularly helpful in understanding Active Directorys impact on your Exchange service levels and can help you eliminate user-impacted downtime. If you do not have access to the Exchange information directory (e.g., you are not a member of the Domain Admins Group or are logged in outside the forest), you will be required to enter the appropriate Active Directory credentials to view Exchange information. To browse Exchange: 1. Select/expand the Exchange View node in the Enterprise Explorer. 2. If the LDAP Connection dialog is displayed, enter the appropriate Active Directory credentials to access the Exchange view.
Browsing Exchange on Active Directory
74
DirectoryAnalyzer
Enter the Server for LDAP Use the drop-down menu or enter the name of the server to be used. Domain Use the drop-down menu or enter the name of the domain to be used. User Use the drop-down menu or enter the user name to be used. Password Enter the password associated with the user name. Once you have entered the Active Directory credentials, select the Connect button to browse Exchange information. 3. On the Enterprise Explorer, select/highlight the object to be browsed. When the Exchange View node is selected, the following tab is displayed: Exchange View When an Administrative Group is selected, the following tab is displayed: Administrative Group When a Routing Group is selected, the following tabs are displayed: Routing Group Routing Group Connectors SMTP Connectors When an Exchange Server is selected, the following tabs are displayed: Exchange Server Summary Current Exchange Alerts Alert Details Alert Configuration DT ChangeAuditor
DirectoryAnalyzer
75
Exchange Tab
The Exchange Tab displays the global settings for the Microsoft Exchange organization. This tab is displayed whenever the Exchange View node is selected in the Enterprise Explorer. If you do not have access to the Exchange information directory (e.g., you are not a member of the Domain Admins Group or are logged in outside the forest), you will be required to enter the appropriate Active Directory credentials to view Exchange information. The first time you select to browse Exchange, the LDAP Connection dialog will be displayed allowing you to enter the appropriate credentials to access the Exchange information.
The Exchange Tab displays the following information: Mode This field displays the mode Exchange is running as. Valid modes are: Native or Mixed. NOTE: Native mode can not contain Exchange Server 5.0 or 5.5, only Exchange 2000 or later. GC Count This field displays the number of Global Catalogs in the Active Directory enterprise.
Exchange Servers
This table displays the following details for the Exchange servers that belong to the selected Exchange organization. Server This column displays the names of Exchange servers which belong to the Microsoft Exchange organization. Exchange Version This column displays the version of Exchange installed on each of the Exchange servers listed. Administrative Group This column displays the name of the Administrative Group to which each Exchange server has been assigned. Routing Group This column displays the name of the Routing Group to which each Exchange server belongs.
76
DirectoryAnalyzer
Site This column displays the name of the Active Directory site where each Exchange server resides. Domain This column displays the name of the Active Directory domain to which each Exchange server belongs.
Administrative Group Tab

The Administrative Group Tab displays details about the selected Exchange Admin Group. An Exchange Admin Group contains a collection of Exchange objects which have been grouped together for the purpose of permission management. This tab is displayed whenever an Exchange Admin Group is selected in the Enterprise Explorer.
The Administrative Group Tab displays the following information about the selected Exchange Admin Group: No of Servers This field displays the total number of Exchange servers in the specified Exchange Admin Group.
Exchange Server Info

Server This column displays the names of Exchange servers assigned to this Exchange Admin Group. Exchange Version This column displays the version of Exchange installed on each Exchange server. # Storage Groups This column displays the number of active storage groups on each Exchange server. # Private Stores This column displays the total number of Private Information Stores (databases) in the storage groups on each Exchange server. # Public Stores This column displays the total number of Public Information Stores (databases) in the storage groups on each Exchange server.
DirectoryAnalyzer
77
Routing Group Tab

The Routing Group Tab displays information about the members that belong to the selected routing group. This tab is displayed whenever a routing group is selected in the Enterprise Explorer.
The Routing Group Tab displays the following information: Master This field displays the name of the routing master in charge of coordinating link state updates to/from the servers in the routing group.
Members
Member This column displays the collection of Exchange servers that belong to the specified routing group. Administrative Group This column displays the name of the Exchange Admin Group to which the selected routing group belongs. Site This column displays the name of the Active Directory site where the routing group resides. Domain This column displays the name of the Active Directory domain to which the routing group belongs.
78
DirectoryAnalyzer
Routing Group Connectors Tab

The Routing Group Connectors tab displays details about the routing group connectors established for the selected routing group. A routing group connector allows users at one Microsoft Exchange Server site to connect to users at other sites. This tab is displayed whenever a routing group is selected in the Enterprise Explorer.
The Routing Group Connectors tab displays the following information: Name This field displays the name of the routing group connector, which was assigned when the connector was added to the routing group. Connected Routing Group This field displays the name of the routing group to which the connector is linking. Cost This field displays the cost associated with each connector. This value is also assigned when the connector is added to the routing group. The valid range for cost is 1 to 100. Oversized Message Limit This field displays the upper limit for mail messages that are sent over the connector. Public Referrals This field indicates whether the Public Folder Referrals functionality is enabled. If enabled, MAPI, Outlook Web Access (OWA) and IMAP clients can access public folders in remote Exchange routing groups.
DirectoryAnalyzer
79
Originating Bridgehead(s)
This table displays the name of the local bridgehead server(s), the Administrative Group to which it belongs, and the virtual SMTP server being used. If this list is empty, all servers in the routing group act as local bridgehead servers. Exchange Server This column displays the name of the local bridgehead server(s). Administrative Group This column displays the administrative group to which each local bridgehead server belongs. Virtual SMTP Server This column displays the virtual SMTP server being used.
Remote Bridgehead(s)
This table displays the name of the server(s) in this routing group to which this Exchange server is connected. Exchange Server This column displays the name of the server(s) in this routing group to which this Exchange server is connected. Administrative Group This column displays the administrative group to which each remote bridgehead server belongs. Virtual SMTP Server This column displays the virtual SMTP server being used.
Connected Routing Group(s)

This table provides information about the remote routing group(s) that are connected to the specified routing group. It contains the following information: Organization This column displays the Exchange Organization to which a routing group belongs. Routing Group This column displays the name of the routing group connector(s), which were assigned when the connectors were added to the routing group. Administrative Group This column displays the name of the Exchange Admin Group to which a routing group belongs.
80
DirectoryAnalyzer
SMTP Connectors Tab

The SMTP Connectors Tab displays connectors that provide connectivity to non-Exchange systems or the Internet. SMTP connectors transfer mail messages from local bridgehead servers to remote servers. This tab is displayed whenever a routing group is selected in the Enterprise Explorer.
The SMTP Connectors Tab contains the following information: Name This field displays the name of the SMTP connector entered when the SMTP connector was installed. Connector Scope This field displays the scope of the message connector, which controls how the connector routes messages. One of the following scopes were defined during the installation of the connector: Routing This field displays the type of routing assigned to the selected routing group: DNS or Smart Host. Public Referrals This field indicates whether the Public Folder Referrals functionality is enabled. If enabled, MAPI, Outlook Web Access (OWA) and IMAP clients can access public folders in remote Exchange routing groups. Oversize Message Limit This field displays the upper limit for mail messages that are sent over the connector. Enterprise - to connect independent Exchange Organizations Routing Group - to transfer messages within an organization (connect routing groups)
DirectoryAnalyzer
81
Allow Message Relay This field indicates whether the Allow Messages to be Relayed to These Domains options was selected when the connector was installed. If the value is YES, the connector will allow the local server to relay messages to domains in other organizations or routing groups.
Configured Smarthost(s)
This table displays the fully qualified domain name or IP address of the remote server designated as the smart host. A smart host acts as a relay station for the Exchange Server. That is, the Exchange Server sends mail to the smart host and it sends the mail on to the designated domain or routing group.
Local Bridgehead(s)
This table lists the server(s) that serve as local bridgehead server(s) for the SMTP connector. (NOTE: At least one local bridgehead server must be specified during the installation of the connector.)
Connected Routing Group(s)

This table provides information about the remote routing group(s) that are connected to the specified routing group. It contains the following information: Organization This column displays the Exchange Organization to which a routing group belongs. Cost This column displays the cost associated with each routing group listed. This value is assigned when the connector is added to the routing group. The valid range for cost is 1 to 100. Routing Group This column displays the name of the routing group assigned when the connector was added to the routing group. Administrative Group This column displays the name of the Exchange Admin Group to which a routing group belongs.
82
DirectoryAnalyzer
Exchange Server Summary Tab

The Exchange Server Summary Tab displays general information about the selected Exchange Server. This tab is displayed whenever an Exchange Server is selected in the Enterprise Explorer.
The Exchange Server Summary Tab displays the following information: Server Name This field displays the name of the selected Exchange Server. Exchange Version This field displays the version of Exchange installed on the selected server. Front-end Server This field indicates whether the selected server is acting as a front-end Server. (True or False) Type This field displays the type of server. Valid types are: domain controller member server
OS Version This field displays the version of the operating system installed on the selected Exchange Server.
Storage Groups
This table displays information about the storage groups on the selected Exchange Server. Storage Group Name This column lists the names of the storage groups. # Private Stores This column displays the number of Private Information Stores on the selected Exchange Server. # Public Stores This column displays the number of Public Information Stores on the selected Exchange Server.
DirectoryAnalyzer
83
Current Exchange Alerts Tab

The Current Exchange Alerts Tab is displayed when an Exchange Server is selected in the Exchange View. This tab displays a list of all the current alerts for the domain controllers used by the selected Exchange server to access Active Directory information. To display this information, a WMI query is sent to the server hosting Exchange. This query retrieves the set of domain controllers that this Exchange server is using for directory access. By default, WMI can only be remotely used by members of the Domain Admins group. When you select the Current Exchange Alerts tab, the Exchange WMI Connection dialog will be displayed, which allows you to enter the necessary credentials.
Enter the appropriate credentials to access the Exchange Server: Enter the Server for Exchange WMI Use the drop-down menu or enter the name of the server to be used. Credentials Domain Use the drop-down menu or enter the name of the domain to be used. User Use the drop-down menu or enter the user name to be used. Password Enter the password associated with the user name. Once the appropriate credentials have been entered, use the Connect button to retrieve the Exchange Server information.
84
DirectoryAnalyzer
The Current Exchange Alerts Tab displays the following information about the selected Exchange server:
DS Access Servers
This table displays information regarding the domain controllers that are currently being used by the selected Exchange server to access Active Directory information. Server This column displays the DNS name of the server. Config Type This column displays whether this server has been selected manually by the user or automatically by DS Access. Valid types are: Manual or Automatic. Working Type This column displays the role this domain controller is fulfilling for the selected Exchange server. Valid types are: Config, GC, or DC. Is Fast This column indicates whether a servers response time is less than two seconds. A check mark indicates that a server is considered to be fast. In Sync This column indicates whether a server is synchronized with the global catalog and with the configuration domain controller. A check mark indicates that a server is synchronized.
DirectoryAnalyzer
85
Is Up This column indicates whether a server was available the last time Exchange attempted to access it. A check mark indicates that a server was up and running.
Current Alerts
This table displays details regarding all the current alerts associated with the servers listed in the DS Access Servers section located at the bottom of this tab. Severity This column displays a symbol representing the severity of all the alerts for the configured DS Access servers. Type This column displays the type of object that generated the alert: Subject This column displays the name of the server generating the alert. Start Time This column displays the date and time the alert threshold was violated. Description This column provides a text description for the current alert. Refer to Appendix A: DirectoryAnalyzer Alert Messages on page 165 for more information on the alerts that can be generated. When the Current Exchange Alerts tab is displayed, the following tabs are available at the bottom of the page. For a detailed description of these tabs, please refer to the appropriate chapter in this guide: Alert Details - Chapter 3: Monitoring Active Directory Alert Configuration - Chapter 7: Configuring Alerts, Statistics and Alert Notifications DT - Chapter 10: DirectoryTroubleshooter Integration ChangeAuditor - Chapter 11: ChangeAuditor Integration Domain Controller Enterprise Exchange Naming Context Replica Site
DirectoryAnalyzer
87
Chapter 6: Troubleshooting Active Directory

In addition to continuous monitoring, DirectoryAnalyzer gives you the ability to execute specific troubleshooting tests designed to help you determine what problems exist in the directory. You can use these troubleshooters to pinpoint directory problems. The following troubleshooting tests can be executed directly from within the DirectoryAnalyzer Client: Server Connectivity Test via the Connectivity Troubleshooter FRS Troubleshooter Test The connectivity and FRS tests require DirectoryAnalyzer agents to be deployed in order to execute them.
Connectivity Troubleshooter
The Connectivity Troubleshooter allows you to perform the following connectivity tests: the connectivity between selected domain controllers hosting a replica of an application partition the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in the selected domain(s) the connectivity between a domain controller (with a Site or DC Agent) and all the domain controllers in the selected site(s) Use the Diagnostics | Connectivity menu command or tool bar button to launch the Connectivity Troubleshooter. Follow the directions provided in the wizard to perform a connectivity test.
Troubleshooting Active Directory
88
DirectoryAnalyzer
Test Selection Page

The Test Selection page is the first page displayed. From this page select the type of connectivity test to be executed.
Select the type of connectivity test to be executed: Application Partition (default) Select this option to test the connectivity between selected DCs hosting a replica of an application partition. Domain Troubleshooter Select this option to test the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected domain(s). Site Troubleshooter Select this option to test the connectivity between a DC (with a Site or DC Agent) and all the DCs in the selected site(s). Perform ICMP Ping Test By default, the DirectoryAnalyzer connectivity tests are pre-qualified by an ICMP ping test to avert lengthy timeouts. In highly secure environments where ICMP traffic is prohibited, connectivity tests fail before the "native" protocol (e.g., LDAP and DNS) is reached. Therefore, by unchecking the Perform ICMP Ping Test option, DirectoryAnalyzer will bypass this pre-qualifying test to prevent the connectivity tests from failing.
DirectoryAnalyzer
89
Select Source Domain Controller Page

On this page, select/highlight the source domain controller. Only domain controllers with a DC or Site Agent deployed will be displayed.
Choose a Target Selection Filter Page

On the Choose a Target Selection Filter page, select (check) the domain controller search filter(s) to be used.
90
DirectoryAnalyzer
Show All Servers This option is selected by default and will include all server. Target Server Selection Filter When the Show All Servers option is not selected (unchecked) the following options will become available: Show DNS Servers Show Operations Masters
Connectivity Targets Page

From the Connectivity Targets page, select (check) the target application partitions, domains or sites depending on the connectivity test selected for execution.
DirectoryAnalyzer
91
Connectivity Results Page

Once the Connectivity Results loads all of the selected targets, select the Start Test button to execute the connectivity test. As the results become available, they will be displayed on the Connectivity Results page.
The connectivity results include the following information: Server Name This field displays the name of the destination server(s) included in the connectivity test. ICMP Test This field displays the time it took to perform the ICMP Test between each of the domain controllers. LDAP Query This field displays the time it took to perform a LDAP Query between each of the domain controllers. DNS Query This field displays the time to took to perform a DNS Query between each of the domain controllers. NOTE: If a test is performed in less than 10 milliseconds, < 10 ms will be displayed; otherwise the actual length of the test will be displayed.
92
DirectoryAnalyzer
FRS Troubleshooter Test

The FRS Troubleshooter test checks to see if the File Replication Service (FRS) is functioning and replicating properly. To execute a FRS Troubleshooter Test: 1. Select the Diagnostics | NTFRS | New Test command, which will display the Create New FRS Troubleshooter Test dialog. 2. From the Create new FRS Troubleshooter Test dialog, enter a descriptive name for the test and select the originating server to be tested. Select the Start button. 3. A message box will be displayed informing you that the test has been started. Select OK. 4. Select the Diagnostics | NTFRS | View Test Results command. This will display the NTFRS Tests dialog, which displays a list of FRS Troubleshooter tests available for viewing. 5. From the NTFRS Tests dialog, select/highlight the test to be viewed and select the View Test button.
Create New FRS Troubleshooter Test Dialog

The Create New FRS Troubleshooter Test dialog is displayed when you select the Diagnostics | NTFRS | New Test menu command.
From this dialog, select the domain controller to be tested. Test Name Enter a descriptive name for the FRS Troubleshooter test. Originating Server From the displayed topology, select/highlight the originating server to be tested. Once you have entered a test name and selected a server, use the Start button to initiate the FRS Troubleshooter test. A message box will be displayed stating that the NT File Replication System Test has been started. Select OK.
DirectoryAnalyzer
93
NTFRS Tests Dialog

The NTFRS Tests dialog displays all of the FRS Troubleshooting tests previously defined for execution. This dialog is displayed when you select the Diagnostics | NTFRS | View Test Results menu command.
The NTFRS Tests dialog displays the following information: Test Name This column displays the name assigned to the test on the Create New FRS Troubleshooter Test dialog. Domain Name This column displays the name of the domain where the selected server resides. Originating Server This column displays the name of the originating server selected for testing. Date of Test This column displays the date and time when the test was executed. Use the buttons as described below to view test results or delete a test from the list: View Results Select/highlight a test from the list and select the View Results button to display the NTFRS Test Results dialog which displays the results of the selected test. Delete Test Select/highlight a test from the list and select the Delete Test button to delete the selected test from the list. Cancel Use the Cancel button to close the dialog.
94
DirectoryAnalyzer
NTFRS Tests Results Dialog

The NTFRS Tests Results dialog is displayed when the View Results button is selected on the NTFRS Tests dialog.
This dialog displays the following information about the selected test: Test Name This field displays the name of the test. Domain This field displays the name of the domain where the originating server is located. Server This field displays the name of the originating server the test was run against. Start Time This field displays the date and time when the test was executed. In addition, the following results are displayed on the NTFRS Test Results dialog: Server Name This column lists the names of the servers that are replication partners to the originating server. Site Name This column displays the site where each of the replication partners reside. Latency (HH:MM:SS) This column displays the latency time for direct replication partners. That is, the elapsed time between changing an object on the originating server and the replication partner.
DirectoryAnalyzer
95
Chapter 7: Configuring Alerts, Statistics and Alert Notifications

The configuration feature allows you to customize DirectoryAnalyzer for your Active Directory environment. DirectoryAnalyzer allows you to define alert thresholds and sampling interval rates for gathering Active Directory statistics. When an object is recognized by DirectoryAnalyzer, its configuration is derived from the default settings. You can, however, modify these default settings for any individual object. This has the effect of overriding the default setting. Periodically, DirectoryAnalyzer gathers and stores various statistics about Active Directory in order to assess alert conditions. The configuration feature of DirectoryAnalyzer allows you to view or change the default sampling interval rate for gathering these statistics. Continuous monitoring of the important aspects of Active Directory is just one piece of DirectoryAnalyzer. Alerting and notification is another fundamental piece because when problems occur somewhere in Active Directory, you need to be notified. Once a warning or critical alert has occurred, DirectoryAnalyzer can notify you in the following ways: Visual - On-screen alerts when a monitored attribute has breached either a warning or critical threshold. SNMP - Notification of problems via SNMP traps. Event Log - Notification of problems via entries in the Application Event Log of the server hosting the Enterprise Agent. SMTP (email) - Notification of problems via email based on user-defined email rules.
Alert Thresholds
DirectoryAnalyzer alerts have two levels of severity: warning and critical. As a situation escalates, a warning alert will be generated, indicating that a lower priority threshold has been violated. As the severity of the error increases, a critical alert will be generated, indicating that the higher priority threshold has been exceeded. A number of attributes can be customized for each of these levels, including the threshold value, duration before an alert occurs and the duration before an alert clears.
Configuring Alerts, Statistics and Alert Notifications
96
DirectoryAnalyzer
Configuring Alert Thresholds

DirectoryAnalyzer allows you to establish alert thresholds for an individual object or define an enterprise default threshold that is to be applied globally across your entire enterprise. The DirectoryAnalyzer Client provides different Alert Configuration Tabs which allows you to view and/or modify the alert thresholds. Alert Configuration Tab, located at the bottom of the Current Alerts tab, allows you to view/modify the current threshold settings for the alert selected in the Current Alerts tab. From this tab, you can either apply your changes to the subject of the selected alert only or to all subjects of the selected type (e.g., all domain controllers). The Alert Configuration Tab, located at the top of the screen, is displayed when the Configuration | Alerts menu command is selected. From this tab you can view the complete set of alerts for the subject type selected in the Enterprise Agent. When the Forest View is selected, this tab displays the defaults for all the domain controller alerts. When the Domain View is selected, this tab displays the defaults for all the naming content alerts. When the Site View is selected, this tab displays the defaults for all the site alerts. From these three views, you can only apply your changes to all the subjects of the selected type (e.g., all sites). When an individual subject is selected, e.g., a domain controller, this tab displays the complete set of alerts for that particular subject. From this tab, you can either apply your changes to the selected subject only or to all subjects of the selected type (e.g., all domain controllers).
Alert Configuration Tab (bottom of Current Alerts Tab)

Whenever the Current Alerts tab is displayed, the Alert Configuration tab will become available at the bottom of the screen. From this tab, you can view and/or modify the alert thresholds for the alert selected in the Current Alerts tab. Any changes made from this tab can either be applied to the individual subject of the selected alert or to all subjects of the selected type (e.g., all domain controllers).
DirectoryAnalyzer
97
The Alert Configuration tab contains the following information for the alert selected in the Current Alerts tab: Alert Enabled This check box indicates whether this alert is enabled or disabled. A check mark indicates that the alert is enabled. Description This area of the tab provides a brief description for the alert. Warning Use the up/down controls to modify the warning threshold settings. Threshold This field displays the current warning threshold value for the current alert. (N/A for boolean type alerts.) Time before alert (sec) This field displays how long an alert condition has to exist (in seconds) before issuing a warning alert. Time before clear (sec) This field displays how long an alert condition must no longer exist (in seconds) before clearing a warning alert. Critical Use the up/down controls to modify the critical threshold settings. Threshold This field displays the current critical threshold value for the current alert. (N/A for boolean type alerts.) Time before alert (sec) This field displays how long an alert condition must exist (in seconds) before issuing a critical alert. Time before clear (sec) This field displays how long an alert condition must no longer exist (in seconds) before clearing a critical alert. Use the buttons to the right of this tab to perform the following functions:
Use this button to display the details for the first alert listed on the Current Alerts tab.
Use this button to display the details for the previous alert listed on the Current Alerts tab.
Use this button to display the alert details for the next alert listed on the Current Alerts tab.
98
DirectoryAnalyzer
Use this button to display the details for the last alert listed on the Current Alerts tab. Apply | This Object Use Apply | This Object to apply the changes made to the alert threshold settings to the selected object only. Apply | All Use Apply | All to apply the changes made to the alert threshold settings to all objects of the selected type. Apply | Previous Default Use Apply | Previous Default to reset the modified settings and apply the previous default. Reset Use the Reset button to reset the controls to the values displayed when the tab was opened. Selecting this button has no affect on the actual alert settings. More Info Use the More Info button to access the knowledge base entry for the selected alert.
Alert Configuration Tab (Complete Set of Alerts)

The Alert Configuration Tab at the top of the screen displays the complete set of alert threshold settings for the subject selected in the Enterprise Explorer. To display this tab, select a subject in the Enterprise Explorer and use the Configuration | Alerts menu command, which will then display all of the alerts and current settings that pertain to subject selected. A check mark to the left of this command indicates that this Alert Configuration tab will be displayed. When the Domain View is selected in the Enterprise Explorer, the following commands are available to further define the alerts to be displayed: Alerts | All NCs Alerts | Schema Alerts | Configuration
DirectoryAnalyzer
99
This Alert Configuration tab consists of a table listing all of the alerts available for the selected object (DC, NC, site, etc.). The table displays the following information: Override This column indicates whether the alert setting is the default setting or if it has been changed/set for this subject. (Override settings supersede default settings.) A blue dot in the column indicates that an override setting was explicitly set for the selected object. Enabled This column indicates whether this alert is enabled or disabled. A green dot in the column indicates that the alert is enabled and a red dot indicates that the alert is disabled. Description This column provides the name of each alert. Type This column indicates the type of setting for each alert. Valid types are: Threshold or Boolean. WT (Warning Threshold) This column displays the current warning threshold value for each threshold alert. (N/A for boolean type alerts.) SBW (Seconds Before Warning) This column displays how long an alert condition has to exist (in seconds) before issuing a warning alert.
100
DirectoryAnalyzer
SBWC (Seconds Before Warning Clear) This column displays how long an alert condition must no longer exist (in seconds) before clearing a warning alert. CT (Critical Threshold) This column displays the current critical threshold value for each threshold alert. (N/A for boolean type alerts.) SBC (Seconds Before Critical) This column displays how long an alert condition must exist (in seconds) before issuing a critical alert. SBCC (Seconds Before Critical Clear) This column displays how long an alert condition must no longer exist (in seconds) before clearing a critical alert.
Modifying Alert Threshold Settings

The configuration feature allows you to set default alert thresholds or individual thresholds to override the default setting(s). To modify the alert threshold for a selected domain controller, naming context or site: 1. Select/highlight the object to be modified in the Enterprise Explorer. 2. Open the Current Alerts tab for that subject and open the Alert Configuration tab, at the bottom of the page. If the alert to be modified is not displayed on the Current Alerts tab, use the Configuration | Alerts menu command to display the Alert Configuration tab, which contains a list of all the alerts that pertain to the object selected in the Enterprise Explorer. 3. Select/highlight the alert to be modified. 4. On the Current Alert - Configuration tab, at the bottom of the page, modify the alert settings as described below: Select the Alert Enabled check box to enable (check) or disable (remove check) the selected alert. NOTE: A green dot in the Enabled column of the Alert Configuration tab indicates that the alert is enabled, a red dot indicates that the alert is disabled. Use the Warning settings to specify the threshold that must be violated for a warning alert (yellow) to be generated, the amount of time (in seconds) the alert condition must exist before a warning alert is generated, and the amount of time (in seconds) the alert condition must no longer exist before clearing a warning alert. Use the Critical settings to specify the threshold that must be violated for a critical alert (red) to be generated, the amount of time (in seconds) the alert condition must exist before a critical alert is generated, and the amount of time (in seconds) the alert condition must no longer exist before clearing a critical alert.
DirectoryAnalyzer
101
5. After making your changes to the alert threshold settings, select Apply | This Object to apply your new settings to the selected object only. NOTE: The Apply | This Object option is not available when the Forest View, Site View, or Domain View are selected in the Enterprise Explorer. From these three views, you can only apply your changes to all the subjects of the selected type (e.g., all domain controllers, all domains or all sites). Use Apply | All to apply the new settings to all subjects of the selected type (e.g., all domain controllers). NOTE: When you change the default setting(s) for a subject, this change affects all subjects of the selected type except those that have been explicitly configured to override the default setting. Use Apply | Previous Default to reset the alert setting(s) to the previous default setting(s) for the selected alert. NOTE: To reset ALL alert thresholds to the factory default settings, use the Configuration | Reset Factory Defaults menu command. This change affects all subjects except those that have been explicitly configured to override the default setting.
102
DirectoryAnalyzer
Statistics Sampling Rate Settings

Periodically, DirectoryAnalyzer gathers and stores Active Directory statistics in order to assess alert conditions. A statistics sampling rate specifies how often this process is to occur. DirectoryAnalyzer allows you to define these sampling intervals for individual objects or globally across the enterprise. Refer to Appendix B: DirectoryAnalyzer Statistics for a description of each statistic. NOTE: Statistics Sampling Rate Settings do not apply to naming contexts. To modify the sampling rate setting for a domain controller or site: 1. Select a domain controller or site in the Enterprise Explorer. 2. Select the Configuration | Sampling Rate menu command to display the Sampling Rates tab which contains a list of all the sampling interval rates available for the object selected in the Enterprise Explorer.
3. Select/highlight the sampling rate to be modified. 4. On the Current Setting - Configuration section, at the bottom of the page, modify the interval as required. 5. Use Apply | All to apply your change to all objects. Use Apply | This Object to apply your change to the selected object only. Use Apply | Previous Default to reset the modified settings and apply the previous default value.
DirectoryAnalyzer
103
Enabling Replication Latency Alerts

The analysis of replication latency is initially disabled to reduce replication traffic. However, it can be enabled using the Configuration | Replication Latency menu command. This command will display the Replication Latency dialog allowing you to enable and configure replication latency analysis (and the Replication Latency Threshold Exceeded and GC Replication Latency Threshold Exceeded alerts).
The following information is contained on this dialog. Evaluate Replication Latency Select (check) this check box to enable replication latency analysis. Checking this check box will enable the replication latency analysis, including the replication latency alerts and information tabs. Replica Types Select (check) the appropriate check box(es) to evaluate the different types of replicas (Application Partition, Configuration Naming Context, and/or Domain Naming Context). When this feature is enabled, all of the replica types are selected (checked) by default. Use the dialog buttons as described below: OK Use the OK button to save the settings on this dialog. Cancel Use the Cancel button close the dialog without saving the settings. Reset Use the Reset button to revert to the default settings.
104
DirectoryAnalyzer
Configuring Authoritative Source for RODC Alerts

By default, DirectoryAnalyzer assigns an authoritative source for the known domains in your Windows 2008 environment. To specify the read-only domain controller server to be used as the authoritative source for a domain use the Configuration | RODC Alerts menu command. Selecting this command will display the Configure RODC Alerts dialog allowing you to select the domain and the read-only domain controller to be used as the authoritative source to base consistency against.
The following information is contained on this dialog: Domain Use the drop-down arrow to select a domain from the list of known domains in your Windows 2008 environment. Authoritative Server Use the drop-down arrow to select the read-only domain controller to be used as the authoritative source for the allowed and denied password replication lists for the selected domain. Use the dialog buttons as described below: OK Use the OK button to save your selection and close the dialog. Cancel Use the Cancel button to close the dialog without saving your selections. Apply Use the Apply button to save your selection but not close the dialog. Using the Apply button allows you to configure all available domains from this one dialog.
DirectoryAnalyzer
105
Configuring Alert Notifications

Continuous monitoring of the important aspects of Active Directory is just one piece of DirectoryAnalyzer. Alerting and notification is another fundamental piece because when problems occur somewhere in Active Directory, you need to be notified. Once a warning or critical alert has occurred, DirectoryAnalyzer can notify you in the following ways: Visual - On-screen alerts when a monitored attribute has breached either a warning or critical threshold. SNMP - Notification of problems via SNMP traps. Event Log - Notification of problems via entries in the Application Event Log of the server hosting the Enterprise Agent. SMTP (email) - Notification of problems via email based on user-defined email rules. The first method, on-screen alerts does not require any configuring; however, the remaining three methods must be enabled and/or configured to work properly.
Enabling SNMP Alerts

Use the Configuration | SNMP Alerts menu command to indicate whether DirectoryAnalyzer is to report alerts via SNMP traps. A check mark in front of the command causes DirectoryAnalyzer alerts to be available through SNMP.
Enabling Event Log Recording

Use the Configuration | Event Log Recording menu command to specify whether DirectoryAnalyzer is to record alerts in the event log. A check mark in front of the command indicates that DirectoryAnalyzer will include the alerts that are encountered in the Application Event Log on the Enterprise Agent.
Configuring Email Notification

DirectoryAnalyzer allows you to dispatch alert notifications through email (SMTP). An email is generated when an alert that is specified in the email rule first exceeds its configured threshold. When subsequent alerts (specified in the email rule) are issued, additional email notifications will NOT be sent. That is, only one email will be sent per rule until the rule is cleared. A rule is clear, when ALL alerts included in the rule have cleared. In order to generate email notifications, you must first define the SMTP server configuration and credentials. Use the Configuration | Email Settings command to configure email notifications. This command will display the Configure Email Notification dialog, which allows you to define the SMTP server configuration and credentials to be used for email notifications. Once the SMTP server configuration has been defined and tested, you must then create email rules to define the criteria to be used for generating an email alert. Use the Configuration | Email Rules command to define under what conditions an email notification is to be sent. This command will display the Manage Email Notification Rules dialog, which allows you to define new email rules, edit existing rules and delete rules.
106
DirectoryAnalyzer
Configure Email Notification Dialog

The Configure Email Notification dialog is displayed when you select the Configuration | Email Settings menu command. From this dialog, specify the mail server and server authentication required to access the specified server.
DNS Name or IP Address of mail server Enter the fully-qualified DNS name or IP address of the SMTP mail server to be used. From address Enter the email address from which you want the email to be sent from, i.e. an administrators address. Use Authenticated Connection Select (check) the Use Authenticated Connection check box if the specified mail server requires authentication. Checking this option will activate the authentication fields where you can enter the user account and password as described below: User Account Enter the account name to be used to authenticate to the specified mail server. Password Enter the password associated with the user account entered above. Use Non-Standard Port Port 25 is the standard port for the SMTP protocol. Select (check) the Use Non-Standard Port check box if your company does not use this standard port for SMTP. Checking this option will active the port field where you can enter the port number to be used. Port When the Use Non-Standard Port check box is selected (checked), enter the port number to be used.
DirectoryAnalyzer
107
Test Settings Select the Test Settings button to verify the SMTP configuration specified. This button will display the Test SMTP Configuration Settings dialog where you can specify the address where a test email is to be sent. Define Email Rules Select the Define Email Rule button to display the Manage Email Notification Rules dialog where you can define new email rules, edit existing rules or delete rules. Enable Summary Select (check) the Enable Summary check box to enable the Email Summary Report feature. This summary report will contain all of the alerts generated based on the email rules defined. Checking this option will activate the interval setting field. Interval <nn> Minutes Use the arrow controls to specify how often the Email Summary Report is to be delivered. By default, the summary report will be generated every 60 minutes.
Manage Email Notification Rules Dialog

The Manage Email Notification Rules dialog is displayed when the Configuration | Email Rules menu command is selected or the Define Email Rules button is selected on the Configure Email Notification dialog. From this dialog, you can create new email rules, edit existing rules or deleted rules.
108
DirectoryAnalyzer
To create a new email rule: 1. Select the New Rule button to display the Email Rule Wizard. 2. On the Email Rule Wizard, follow the directions provided on each of the screens: Select the type of subject for which you would like to create an email rule. Select the subject that this email rule should monitor. Select the alert type that this email rule should monitor. Define the email rule properties (e.g., rule name, email addresses where email notifications are to be sent, email priority, alert severity, etc.) 3. Once you have defined your email rule, the wizard will display a summary of your rule. Review your settings and select the Finish button to save it and close the wizard. This new rule will now be displayed in the Email Rules list box on the Manage Email Notification Rules dialog. To edit an existing email rule: 1. In the Email Rules list box, select the email rule to be edited. 2. Select the Edit Rule button to display the Email Rule Wizard. 3. In the wizard, modify the settings as required and select the Finish button to save your changes and close the wizard. To delete an email rule: 1. In the Email Rules list box, select the email rule to be deleted. 2. Select the Delete Rule button. 3. Confirm that you want to remove the rule by selecting Yes on the Delete Rule dialog. The rule will then be removed from the Email Rules list box on the Manage Notification Rules dialog.
DirectoryAnalyzer
109
Email Rule Wizard

The Email Rule Wizard is displayed whenever you select the New Rule or Edit Rule button at the top of the Manage Email Notification Rules dialog. This wizard will step you through the process of defining new email rules or modifying existing rules for generating email notifications. The wizard contains the following pages:
Welcome Page
The Welcome page is the first screen of the Email Wizard. From this page, select the type of subject for which you would like to create an email rule.
The subject types include: Naming Context(s) Application Partition(s) Configuration NC(s) Schema NC(s) Domain NC(s) Server(s) Global Catalog(s) DNS Server(s) Select Servers by Domain (default) Select Servers by Site Site(s) After selecting the appropriate option, select Next to continue.
110
DirectoryAnalyzer
Select Subject Page

On the Select Subject page, select (check) the subject(s) that this email rule is to monitor. The topology/subjects displayed will depend on the subject type selected on the previous page.
After selecting (checking) the subjects to be monitored, select Next to continue.
Select Alert Type Page

From the list provided on the Select Alert Type page, select (check) the alert(s) to be monitored by this email rule. The alerts listed will depend on the subject type and objects selected on the previous pages.
After selecting the alert(s) to be monitored, select Next to continue.
DirectoryAnalyzer
111
Define Rule Information Page

From this page, further define the email rule as described below.
Enter the following information to define the email rule properties: Rule Name Enter a descriptive name for this email rule. To Address Enter the email address(es) where notifications are to be sent. Separate multiple addresses with a semi-colon. CC Address Enter the email address(es) where copies of the notifications are to be sent. Separate multiple addresses with a semi-colon. Priority Use the drop-down menu to select the priority for this email notification: Normal, Low or High. Alert Severity Use the drop-down menu to select the alert severity that will trigger an email notification: Critical or Warning. Notify of Clear Select (check) this check box to send an email notification when the alert is cleared. Include this rule in Summary Select (check) this check box to include this email rule in the Email Summary report. After entering the email rule definition information, select Next to continue.
112
DirectoryAnalyzer
Email Rule Summary Page

This final page of the wizard summarizes the email rule defined. Use the Back button to change any settings or use the Finish button to save this email rule and close the wizard.
DirectoryAnalyzer
113
Chapter 8: Alert History and Reporting

DirectoryAnalyzer stores all alerts generated by DirectoryAnalyzer in a SQL database. This alert history can then be used for reporting or exporting. An Alert History Report can then be saved to a file location or exported using one of the following formats: PDF, DOC, RTF and XLS. NOTE: To generate reports, Microsoft Data Access Components (MDAC) version 2.6 or higher is required on the DirectoryAnalyzer client. MDAC is included in the Windows 2000 and 2003 installations. For more information or to download the latest MDAC refer to Microsofts website at http://www.microsoft.com/data/. *************************************************************** The information (menus, commands and/or information tabs) available on the DirectoryAnalyzer client will depend on the DirectoryAnalyzer access rights assigned (DA Read, DA Write). See the DirectoryAnalyzer Security Administrators Guide for more information regarding the impact of assigning/denying DirectoryAnalyzer access rights. ***************************************************************
Alert History and Reporting
114
DirectoryAnalyzer
Generating an Alert History Report

Use the Reports | Alert History menu command or tool bar button to define the information to be included in the Alert History report. If proper credentials are not already present or the SQL database is remote, the Database Connectivity dialog will be displayed prompting you to enter the appropriate credentials to access the SQL server database.
On this dialog, enter the following information: SQL Instance Enter the name of the SQL instance where the DirectoryAnalyzer database resides. NOTE: It may be necessary to use the fully qualified domain name (FQDN) of the SQL Server host machine. For example: <FQDN>\NP$DIRANALYZER. Use SQL Authentication Select (check) this check box to use SQL authentication. If this box is not selected, Windows authentication will be used. User ID Enter the user ID to be used to authenticate to the SQL server. Password Enter the password associated with the user ID entered above. Once you have entered the appropriate credentials, select the Connect button to close the Database Connectivity dialog and connect to the SQL database. The Alert Reports dialog will then be displayed. The Alert Reports dialog consists of three property pages: Report Page - allows you to define what alerts are to be included. Scope Page - allows you to refine your report by specifying the scope of the data to be included and whether to include details. Order Page - allows you to specify a sort order for your report.
DirectoryAnalyzer
115
Report Page
Use the Report Page to specify what alerts are to be included in your Alert History Report.
Select/highlight the appropriate item in the list to define what alerts are to be included: All Alerts Current Alerts Alerts by Type (includes all of the alerts for the alert type specified in the Scope tab - NC, Replica, Server, Site or System) Alerts within NC (includes all of the alerts for the NC specified in the Scope tab) Alerts within Site (includes all of the alerts for the site specified in the Scope tab) Alerts by Server (includes all of the alerts for the DC specified in the Scope tab) You must select one of these report options to proceed to the Scope and/or Order page. After selecting one of these report options, select Preview to display the report on the screen. From the displayed report, you can then print or export it to a file. Select Close to close the Alert Reports dialog without generating a report.
116
DirectoryAnalyzer
Scope Page
Use the Scope Page to define a time range to include only those alerts that occurred during the specified time, to select an alert state, and to specify whether to include the details from the history log in your report. Depending on the alert option selected on the Report Page, you may also specify a particular type, NC, site or server from the displayed list box.
The following fields are included on this screen depending on the option selected on the Report Page: Alerts which occurred between... Use the first set of text boxes to define the start date and time for the time range. Use the second set of text boxes to define the end date and time. Enter the start/end date or use the arrow to access a calendar grid to select a date. Use the spin control buttons to change the time setting(s). Alert State Select (check) the check box(es) that correspond to the alert severity or state to be included in your alert history report. All three options are selected by default. Critical - include alerts with a critical severity Warning - include alerts with a warning severity Clear - include alerts that have been cleared
Include Details Select (check) this check box to include the alert details message. This is the same message that appears when you double-click on a current alert. This option is selected by default.
DirectoryAnalyzer
117
List Box Use the list box to select the type, NC, site or server to be included in the report. By default, the first item in the list will be selected.
The information to be entered on this page differs depending on the report options selected on the Report Page: All Alerts - Start/End Time, Alert State and Details option Current Alerts - Alert State and Details option Alerts by Type - Type list box, Start/End Time, Alert State and Details option Alerts within NC - Naming Context list box, Start/End Time, Alert State and Details option Alerts within Site - Site list box, Start/End Time, Alert State and Details option Alerts by Server - Server list box, Start/End Time, Alert State and Details option
Order Page
Use the Order Page to define the sort order for the information in the Alert History Report.
118
DirectoryAnalyzer
Select the appropriate radio button to define how the information being reported is to be sorted: Subject, Start Time Ascending Subject, Start Time Descending (default) Start Time Ascending Start Time Descending
Printing or Exporting Alert History

Once you have defined your Alert History report, you can display it on your screen using the Preview button at the bottom of the Alert Reports dialog. From this preview screen, you can then print the report or export it to a file. The following sample report includes just critical alerts with the details omitted.
The following tool bar buttons are available at the top of the preview screen to page through the report as well as print or export it to a file: Use this button to display the first page of the report. Use this button to display the previous page of the report. Use this button to display the next page of the report. Use this button to display the last page of the report. Use this button to display a specific page. This button will display the Goto Page dialog allowing you to specify the page number of the page you want to display. Use this button to send the report to the designated printer.
DirectoryAnalyzer
119
NOTE: You must have a default printer defined before printing a report. Use this button to export the report. This button will display the Export dialog allowing you to specify the file format and destination. The following formats are supported: PDF, DOC, RTF and XLS. Use this button to zoom in on a specific area of the report. Use the drop-down arrow to specify the magnification of the zoom. Use this button to search the text of the report. This button will display the Search Text dialog allowing you to specify the text to be located in the report.
Maintaining the Alert History Database

Use the Configuration | Database | Delete Alerts menu command to define what alerts are to be deleted from the alert history database. The Database Maintenance dialog will be displayed allowing you to enter a date. All alerts generated prior to the date entered will be deleted from the database.
DirectoryAnalyzer
121
Chapter 9: Launching External Applications

With DirectoryAnalyzer, you now have the ability to launch preconfigured Microsoft MMC snapins, additional NetPro products and user-defined applications from within the DirectoryAnalyzer Client. The Microsoft and NetPro applications that can be launched by default include: Event Viewer Remote Desktop Services Sites and Services Users and Computers Domains and Trusts DirectoryTroubleshooter DNSAnalyzer ChangeAuditor To launch an external application, right-click an object in the Enterprise Explorer or an alert on the Current Alerts page. Right-clicking one of these objects/alerts will display a context menu that lists the applications available for the selected object. From this menu, select the application to be launched. In addition, DirectoryTroubleshooter, DNSAnalyzer and ChangeAuditor can be launched using the appropriate Diagnostics menu command or toolbar button from the DirectoryAnalyzer Client.
Launching External Applications
122
DirectoryAnalyzer
Event Viewer
The Event Viewer is a Windows Microsoft MMC snap-in that allows a user to monitor and administer the event logs on the local and remote computers. The Event Viewer snap-in is available when a domain controller or Exchange server is selected in the Enterprise Explorer. Right-clicking and selecting the Event Viewer will open the event logs of the remote machine.
Remote Desktop
The Remote Desktop application allows you to remotely connect to a Windows 2000/2003/2008 server with Remote Desktop enabled. The Remote Desktop is available when a domain controller is selected in the Enterprise Explorer. NOTE: The Remote Desktop client must be installed on Windows 2000 machines, and can be downloaded from Microsoft.
Services
The Services MMC snap-in displays all the services installed on a domain controller and allows a user to start, stop, pause and resume these services. The Services snap-in is available when a domain controller or Exchange server is selected in the Enterprise Explorer. Right-clicking and selecting Services will open the services of the remote machine, as long as logged in user has access.
Sites and Services

The Active Directory Sites and Services MMC snap-in allows a user to create and manage Active Directory sites and services to map to their organizations physical network infrastructure. The Sites and Services snap-in can be launched when a domain controller, domain, naming context, application partition, site, Exchange admin group, routing group or server is selected in the Enterprise Explorer. NOTE: The Adman tools must be installed on the local workstation.
Users and Computers

The Active Directory Users and Computers MMC snap-in allows a user to create, manage and control the use of Active Directory objects. Using this tool, a user can set machine- and userspecific settings across domains. The Users and Computers snap-in can be launched when a domain controller, domain, naming context, application partition, site, Exchange admin group, routing group or server is selected in the Enterprise Explorer. NOTE: The Adman tools must be installed on the local workstation.
DirectoryAnalyzer
123
Domains and Trusts

The Active Directory Domains and Trusts MMC snap-in provides a graphical view of all domain trees in the forest and allows you to perform the following: manage each domain tree in the forest manage trust relationships between domains configure the mode of operation (functional level) for each domain configure alternate User Principal Name (UPN) suffixes for the forest The Domains and Trusts snap-in can be launched when a domain controller, domain, naming context, application partition, site, Exchange admin group, routing group or server is selected in the Enterprise Explorer. NOTE: The Admin tools must be installed on the local workstation.
DirectoryTroubleshooter
If installed, DirectoryTroubleshooter can be launched from within the DirectoryAnalyzer client. DirectoryTroubleshooter enables administrators to troubleshoot enterprise-wide problems quickly and repair Active Directory automatically. It provides a comprehensive set of troubleshooting tests and utilities previously available only through Microsoft command-line utilities and analyzes and displays definitive output without time-consuming troubleshooting. Use the Diagnostics | DirectoryTroubleshooter menu command or toolbar button to launch the DirectoryTroubleshooter product. NOTE: DirectoryTroubleshooter must be installed on the local workstation.
DNSAnalyzer
If installed, DNSAnalyzer QuickDiagnose enables you to quickly perform an in-depth analysis of your DNS/Active Directory data and present the results in a clear and easy-to-understand format. Use the Diagnostics | DNSAnalyzer command or toolbar button to launch DNSAnalyzer QuickAnalyzer. The client launch button will open DNSAnalyzer QuickDiagnose only if DNSAnalyzer version 4.0 or higher is installed. Otherwise, the DNSAnalyzer Admin console will be opened. NOTE: DNSAnalyzer must be installed on the local workstation.
ChangeAuditor
If installed, ChangeAuditor can be launched from within the DirectoryAnalyzer client. ChangeAuditor identifies changes to critical components of the Active Directory environment as they occur and provides the "five Ws" for each change: who, what, where, when and why. By tracking all configuration changes with ChangeAuditor, administrators can easily monitor, verify and respond to Active Directory configuration changes before they impact the service levels of the directory and the applications and services that rely on it. Use the Diagnostics | ChangeAuditor menu command or toolbar button to launch the ChangeAuditor product. NOTE: ChangeAuditor must be installed and the ChangeAuditor Client must be installed on the local workstation.
124
DirectoryAnalyzer
External Tools
The External Tools Configuration dialog allows you to define additional external applications (*.exe) that can be launched against the selected object type. Adding a new application through this dialog will also add that application to the menu contents for the selected object type. To access the External Tools Configuration dialog, right-click on any of the objects previously listed and select the External Tools Config command.
The External Tools Configuration dialog contains the following fields and buttons: Object Type This drop-down box displays the type of objects that can launch an external application. The object type of the selected object will be highlighted and the Menu Contents list box and fields on the dialog will be filled in differently depending on the object type selected. Object types include: Domain Controller Site Naming Context Exchange Server Admin Group Routing Group Default (Global setting for all objects)
Menu Contents This list box displays the external applications available for execution against the selected object. By default, the following applications are listed for the different object types: Domain Controller - Event Viewer, Remote Desktop and Services Exchange Server - Event Viewer, Remote Desktop and Services Default - Sites & Services, Users & Computers, and Domains & Trusts
DirectoryAnalyzer
125
Command This section of the dialog defines the application (*.exe) to be launched. Title This field displays the name of the external application. This title will be added to the menu content for the selected object type. Command This field specifies the file (*.exe) to be executed. To browse for a file, select the Add button, and from the Command field of the dialog that displays, use the button to the right to locate and select the file to be executed when this application is selected. Arguments Use this field to specify any arguments that are required to run the selected application. To select common identifier arguments, select the Add button, and from the Arguments field of the dialog that displays, use the arrow key to the right of this field. Preconfigured arguments are: DNS Name, LDAP DN, GUID, and NetBios Name. Add Use the Add button to add a new application to the menu contents for the selected type of object. The External Tool Configuration dialog will be displayed, allowing you to specify the title, command and/or arguments for the new application. Edit Use the Edit button to modify the title, command or arguments for the application selected in the Menu Contents list box. The External Tool Configuration dialog will be displayed, allowing you to make the necessary modifications. Delete Use the Delete button to remove the selected application from the menu contents. Close Use the Close button to close the External Tools Configuration dialog.
126
DirectoryAnalyzer
Adding an External Application

To add an external application to a menus content: 1. In one of the Enterprise views on the DirectoryAnalyzer client, right-click an object to display the context menu. (Or right-click an alert in one of the current alert pages.) 2. Select the External Tools Config command to display the External Tools Configuration dialog. 3. The Object Type field on this dialog will display the type of object selected in the Enterprise view. To change this object type, use the drop-down arrow to select a different object type. 4. Select the Add button to display the External Tool Configuration dialog where you can define the title, command and arguments for the new application.
5. In the Title field, enter the name of external application to be launched (replace the [New Title] entry). Note that this title will be displayed in the context menu for the selected object type. 6. In the Command field, either enter or use the browse button to select the file (*.exe) to be executed. Using the browse button to the right of this field, will display the Select Executable dialog where you can locate and select the location of the file to be opened when this command is selected. 7. In the Arguments field, optionally enter any command line arguments that are required to launch the selected file. Use the arrow key to display preconfigured arguments: DNS Name, LDAP DN, GUID, and NetBios Name. 8. Select Save to close this dialog and add this application to the menu contents for the selected object type. This will add the application to the Menu Contents list box on the External Tools dialog. 9. Back on the External Tools Configuration dialog, select Close to save your selection and close the dialog.
DirectoryAnalyzer
127
Editing an External Application

To edit an external application: 1. In one of the Enterprise views on the DirectoryAnalyzer client, right-click an object to display the context menu. (Or right-click an alert in one of the current alert pages.) 2. Select the External Tools Config command to display the External Tools Configuration dialog. 3. The Object Type field on this dialog will display the type of object selected in the Enterprise view. To change this object type, use the drop-down arrow to select a different object type. 4. In the Menu Contents list box, select/highlight the application to be modified. 5. Select the Edit button to display the External Tool Configuration dialog where you can modify the title, command and arguments for the selected application. 6. After making the necessary modifications, select Save to close the External Tool Configuration dialog. 7. Back on the External Tools Configuration dialog, select Close to save your modifications and close the dialog.
Removing an External Application

To remove an external application from a menus content: 1. In one of the Enterprise views on the DirectoryAnalyzer client, right-click an object to display the context menu. (Or right-click an alert in one of the current alert pages.) 2. Select the External Tools Config command to display the External Tools Configuration dialog. 3. In the Object Type field, select the object type from which the application is to be removed. 4. In the Menu Contents list box, select/highlight the application to be removed. 5. Select the Delete button. This will delete the application from the Menu Contents list box. 6. Select the Close button to close the External Tools Configuration dialog and remove the application from the menu.
DirectoryAnalyzer
129
Chapter 10: DirectoryTroubleshooter Integration

DirectoryTroubleshooter enables administrators to troubleshoot enterprise-wide problems quickly and repair Active Directory automatically. It provides a comprehensive set of troubleshooting tests and utilities previously available only through Microsoft command-line utilities and analyzes and displays definitive output without time-consuming troubleshooting. The DirectoryTroubleshooter smartlink technology has been expanded to include intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer and MOM ADMP alerts with the troubleshooting capabilities provided by DirectoryTroubleshooter. By selecting an alert or domain controller in DirectoryAnalyzer, the product will: Recommend specific diagnostics tests and jobs that can help isolate and repair issues. Provide a real-time diagnostics view that can highlight issues and bottlenecks. Graphically display the replication topology and allow operators to force replication and view replication activity/status.
DT Tab
The DT Tab provides a variety of DirectoryTroubleshooter capabilities depending on the object selected in the Enterprise Explorer and the tab opened at the top of the page: From the Current Alerts tab, the DT tab will display all of the DirectoryTroubleshooter diagnostic tests that relate to the alert selected in the Current Alerts tab. From the DC Information tab, the DT tab will launch Real Time Diagnostics for the domain controller selected in the Enterprise Explorer. From the Replication Information tab, the DT tab will display the Replication View for the server selected in the Replication Information tab.
DirectoryTroubleshooter Integration
130
DirectoryAnalyzer
Diagnostic Tests
When accessed from the Current Alerts tab, the DT Tab allows you to execute related DirectoryTroubleshooter tests to assist in diagnosing the issue that may have generated the selected alert. To view relevant tests, select/highlight an alert in the Current Alerts tab and open the DT tab at the bottom of the page. The DT Tab will display a list of related troubleshooting tests based on the alert selected.
The DT Tab displays the following information for DirectoryTroubleshooter tests that can be executed based on the alert selected: Run The check boxes in this column are selected (checked) by default and indicate that the corresponding test is to be executed. Click on this check box to deselected (uncheck) any tests that you do NOT want to execute. Subject This column displays the name of the alerted subject from the Current Alerts tab. Test This column lists the test(s) that can be executed against the selected subject. Status This column displays the status of each test listed: Configuration Available Test Ready Configuration Required
DirectoryAnalyzer
131
Select the Start/Configure Selected Tests button, located at the top of the DT Tab, to display the Test Progress window. From the Test Progress window, you can start and/or configure the tests listed.
This window contains the following information: Test Progress Information The section at the top of the screen displays the following information: number of tests completed total number of tests to be executed progress bar illustrating the progress date/time when the selected tests started date/time when the test(s) completed elapsed execution time
Test List Box The list box at the bottom of the window displays the following information for each test selected for execution: Object - displays an icon indicating the current status and the name of the object being tested. The following icons are used to depict the status: Processing/Queued Configuration Available or Required Completed Cancelled An Error Occurred Test - displays the name of the test being executed. Progress - displays the tests current status: Ready - test is ready to be executed Configuration Available - test contains default settings which can optionally be changed Configuration Required - test requires additional information before it can be executed
132
DirectoryAnalyzer
Processing - test is being executed Queued - test is in the testing queue Cancelled - test has been cancelled using one of the Cancel buttons Completed - test has successfully executed An Error Occurred - test encountered errors when executing
In addition, the following buttons are available on the toolbar:
Use the Start button to start executing the tests listed in the test list box.
Use the Configure button to set or modify the configuration settings for the selected test. Configurable tests are identified in the test list box by a Configuration Available or Configuration Required status in the Progress column. To configure a test, select/highlight the test in the test list box and select the Configure button. This will display a dialog allowing you to enter/specify the appropriate information/settings. See Appendix B: Configurable Tests in the DirectoryTroubleshooter Administrators Guide, for a list of the configurable tests and a description of the settings/options available on their configuration dialogs.
Use the Cancel Test button to cancel the execution of a single test. To cancel an individual test, select/highlight the test from the test list box and select the Cancel button.
Use the Cancel All Tests button to cancel the execution of all the tests listed in the test list box. When all of the tests listed have successfully executed, this window will automatically close and the corresponding test results will be displayed. The Test Results View contains the following information: test name and description date and time of execution report summary including links to test details and the DirectoryTroubleshooter knowledge base test details (the layout and content of the details will vary depending on the test that was executed) warnings/errors, if applicable
DirectoryAnalyzer
133
Throughout the results page, you will find Top, Hide All/Show All and Hide/Show links to the right of the page. These links allow you to control what is displayed on the screen. The Top link will jump you back to the Summary section; whereas the Hide/Show links will collapse or expand the corresponding report section. Use the More Info button in the Report Summary of the Test Results Page to view the DirectoryTroubleshooter knowledge base entry for the displayed test.
134
DirectoryAnalyzer
Real-Time Diagnostics
When accessed from the DC Information tab, the DT tab will display the real-time diagnostics view for the domain controller selected in the Enterprise Explorer. This console provides several diagnostic views into the selected domain controller, including core operating system views (CPU, memory, disk, and network utilization) and directory service views (File Replication Services, Active Directory replication).
The title bar, at the top of this tab, displays the name of the computer being monitored, a component selection drop-down box and a refresh progress bar (Next Update). The Next Update field at the top of the screen illustrates when the view will be refreshed with updated data. Use the double arrows in the section headings to expand (down arrows) or collapse (up arrows) a section. Also, whenever your cursor turns into a pointing hand (e.g., placed over a graph) this indicates that a more detailed view is available. Clicking on the entry/graph will display the new view with more detailed information. The more detailed view will be displayed at the next update interval. To return to the previous view, click on the corresponding (underlined) link located under the title bar. For a detailed description of each real-time diagnostic view that can be displayed, please refer to Chapter 5: Real-Time Diagnostics in the DirectoryTroubleshooter Administrators Guide. This chapter explains how to run diagnostics and describes all of the diagnostic views available.
DirectoryAnalyzer
135
Replication View
When accessed from the Replication Information tab, the DT Tab will display the Replication view. The Replication View provides valuable information about the two domain controllers selected for data replication. The information consists of the immediate replication partners for the target server and the recommended (i.e., shortest) replication path between the two servers. From this console, you can also initiate an end-to-end data replication for these domain controllers.
The Replication View displays the following replication information: Source Domain Controller This text box displays the source server where replication will originate. Target Domain Controller This text box displays the destination server where replication will terminate. Naming Context list box For a path to exist between two servers, they need to have at least one shared naming context. When you have two servers (source and target) selected, the Naming Context list box will show the shared naming contexts for the two servers. Selecting (checking)/ unselecting (unchecking) them will show/hide the entries in the Recommended Replication Path list at the bottom of the console. All of the shared naming context(s) will be selected (checked) by default. NOTE: (Read Only) will be appended to the naming context(s) that cannot be replicated because the source server has a read-only replica while the target server has a writable copy. Read-Only naming contexts cannot be selected (checked) for replication.
136
DirectoryAnalyzer
Targets Immediate Replication Partners

This list shows the immediate replication partners for the target server. Each server in the list will have an entry for the naming context selected, containing the following information for each partner: Naming Context This column displays the immediate replication partners for the target domain controller and the shared naming contexts that can be replicated. By default, this information is sorted by domain controller with all applicable naming context(s) listed under their replication partner. To sort the list by naming context, right-click a naming context entry and select the Group by Naming Context command. This will then redisplay the list by naming context with the replication partners listed under each NC. Last Attempt This column displays the date and time when the last replication was attempted. Last Result This column displays the results of the last replication process. Last Success This column displays the date and time of the last successful replication. # Consecutive Failures This column displays the number of consecutive failures encountered during the last replication session. Current USN This column displays the current Update Sequence Number (USN). Error This column displays the last replication error encountered for each replication partner and naming context. Latency This column displays the elapsed time (HH:MM:SS) between changing an object in the naming context and the time the change appears on each domain controller. This value is only displayed for the Configuration naming context and the local domain. It only shows the latency time for direct replication partners.
Recommended Replication Path

This list shows a calculation of the shortest number of hops between the source and target servers for each naming context. This is done by algorithmically calculating the shortest path, which should correlate to what Active Directory does. This list contains the following information: Source This column displays the replication partners and the source naming context for the recommended replication path between the two selected servers.
DirectoryAnalyzer
137
Destination This column displays the destination naming context for the recommended replication path between the two selected servers. Status This column displays the current replication status for a replication path. When a replication failure is detected, a balloon will appear that highlights the server that failed and offers to have DirectoryTroubleshooter locate an alternate replication path around the failed link. For more details, see Server Avoid List. NOTE: In a multiple target scenario, the Target's Immediate Replication Partners list will be removed and the Recommended Replication Path window will be expanded to occupy the available space.
Server Avoid List

The Server Avoid List provides the ability to mark the connection object of a domain controller in the replication path as unavailable. The Replication View will then calculate the recommended path between the source and target servers excluding the domain controller(s) listed in the Avoid List. This feature can be used when a server is offline or when replication has failed for some other reason. It can also be used at the user's discretion without requiring a replication failure. For example, for experimental purposes or perhaps if a particular domain controller is across a slow link. By default, the Avoid List window is docked and minimized on the far right-hand side of the current Replication View. To add a server to the avoid list, use one of the following methods: From the Replication Failure Detected balloon, select the YES button. This will exclude that particular server from the recommended replication path. Select the Refresh button to recalculate the recommended path. From the Recommended Replication Path window, select the domain controller to be added to the avoid list, right-click and select the Add <server> to Avoid List command. Select the Refresh button to recalculate the recommended path excluding this particular domain controller. From the Recommended Replication Path window, drag the connection object of the domain controller to be excluded to the Avoid List Window. (Avoid List Window must be expanded/opened to use drag and drop functionality.) Select the Refresh button to recalculate the recommended path excluding this particular domain controller. On the Avoid List page on the Options dialog, select the domain controller to be added to the Avoid List. This would be a global setting and would be used as the default setting for all new Replication Views. To view the list of domain controllers to be "ignored", expand the Avoid List window. From this window, you can also remove a domain controller from this list by selecting/highlighting the server, right-clicking and selecting the Remove command.
138
DirectoryAnalyzer
Replication Activity
The Replication Activity Window at the bottom of the page will be populated when an replication is performed through the Replication View. The following information will be displayed: Server This column displays the servers involved in the replication session. Inbound Bytes/sec This column displays the number of bytes transported to the destination server. Outbound Bytes/sec This column displays the number of bytes replicated out from the source server. For more information about the Replication View, including the Server Avoid List and Replication Activity window, please refer to Chapter 6: Replication View in the DirectoryTroubleshooter Administrators Guide.
DirectoryTroubleshooter Options
Use the Configuration | DirectoryTroubleshooter Options menu command to display the Options dialog from DirectoryTroubleshooter, which allows you to customize many of the aspects of how DirectoryTroubleshooter works.
From the left-hand pane, you can select to view/modify options for the following objects: Diagnostics View - the top-level page includes default settings for gathering information. Alerts - this page allows you to define default alert conditions for new diagnostics views. Components - this page allows you to disable the gathering of diagnostics for individual components. File Locations - the top-level page allows you to define the default location for storing DirectoryTroubleshooter files. Logging - this page allows you to enable logging and define the location for storing the DirectoryTroubleshooter logs.
DirectoryAnalyzer
139
Objects - the top-level page includes default settings for displaying DNS servers. Forests - this page allows you to add (or remove) a forest to the Select Objects dialog. Performance Health Check - the top-level page includes default settings for refreshing data and for starting the collection process. Alerts - this page allows you to define alert conditions for new performance health checks. Templates - this page allows you to select or create the health template(s) to be used for new performance health checks. Replication View - this page allows you to set the topology refresh period. Avoid List - this page allows you to mark domain controllers in the replication path as unavailable when calculating the recommended replication path between the source and target servers. Tests - the top-level Tests page includes options for automatically running custom tests and for retaining test result history. Running Reports and Jobs - this page allows you to define the maximum number of tests to be run simultaneously. To display the options, select/highlight the object in the left-hand pane of the Options dialog. The page of options will then be displayed in the right-hand pane. For more details regarding the DirectoryTroubleshooter options, please refer to Chapter 7: DirectoryTroubleshooter Options in the DirectoryTroubleshooter Administrators Guide.
DirectoryAnalyzer
141
Chapter 11: ChangeAuditor Integration

ChangeAuditor identifies changes to critical components of the Active Directory environment as they occur and provides the five Ws for each change: Who made the change What the change was, including new and previous values When the change was made Where the change was made Why the change was made By tracking all configuration changes with ChangeAuditor, administrators can easily monitor, verify and respond to Active Directory configuration changes before they impact the service levels of the directory and the applications and services that rely on it. The smartlink technology being used provides intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer, integration with MOM ADMP alerts, and the infrastructure change events captured with the ChangeAuditor real-time change auditing solution.
ChangeAuditor Integration
142
DirectoryAnalyzer
ChangeAuditor Tab
The ChangeAuditor tab, located at the bottom of the Current Alerts tab, allows you to immediately determine if a DirectoryAnalyzer alert or MOM ADMP alert was caused by a change event captured with ChangeAuditor. To view ChangeAuditor events: 1. Select/highlight an alert in the Current Alerts tab. 2. Select the ChangeAuditor tab to display the event query options.
3. Verify that the ChangeAuditor event query options are displayed and one or more ChangeAuditor facility is selected, as described below: Events within the time frame Use the drop-down list to select the desired time frame: One hour before Twelve hours before One day before Seven days before Thirty days before
Subject name application The criteria displayed in this field is DirectoryAnalyzer's attempt to match the name from the DirectoryAnalyzer Client with the ChangeAuditor object name, either through direct matching or by converting the DirectoryAnalyzer subject name to its DN. Use the drop-down list to select the subject selection criteria to be used : Events that contain the subject name Events that contain the subject DN Events that match either subject name or DN Events that match the subject DN Events that match the subject name Ignore subject name
NOTE: Use the Ignore Subject Name option to find all changes of a particular type within the given time frame. Matching ChangeAuditor Facilities Use the drop-down list to select the facility to be used in the search. The relationship between a DirectoryAnalyzer alert and a ChangeAuditor event has been predetermined to target the facility in ChangeAuditor that relates to the alert in DirectoryAnalyzer.
DirectoryAnalyzer
143
4. Select the Find Events button to execute the query and display the results. 5. If no events are returned, you can attempt to broaden the scope of the query by selecting multiple facilities, expanding the subject selection criteria (e.g., Ignore Subject Name) and/or expanding the time range.
ChangeAuditor Search Results Window
When change events are returned, the following information will be displayed for each event: Time The Time field displays the date and time when the change took place. Changed By The Changed By field displays the name of the user who initiated the change. Changed On The Changed On field displays the name of the server where the change occurred. Change The Change field displays what change was made to the object. Description The Description field displays a brief description of the change.
144
DirectoryAnalyzer
Event Information Dialog

To display the Event Information dialog which contains more detailed information about an individual event, double-click on an audited event in the ChangeAuditor Search Results Window.
This dialog provides the following details about the selected event: Changed By This field specifies the name of the user who initiated the change. Date/Time This field specifies the date and time when the change occurred. Changed On This field displays the name of the server where the change occurred. Description This field provides a brief description of the change that occurred. Object Type This field defines the type of object that changed.
DirectoryAnalyzer
145
Object Name This field specifies the name of the object that changed. Sub-System This field defines the subsystem, or area of auditing, where the change event occurred. Facility This field defines the event class facility to which the change event belongs. Action This field defines the action associated with the selected event. Attribute If an attribute has been modified, this field displays the name of the attribute. Old Value This field lists the old value that was assigned to the object. New Value This field lists the new value that is now assigned to the object.
Sorting Your Results

By default, the change events are sorted by time with the latest event being displayed at the top of the list. An arrow in the column heading identifies the sort criteria and order, ascending or descending. To change the sort criteria, click on another column heading. The sort order will be in ascending order, but can be changed to descending order by clicking on the heading a second time.
DirectoryAnalyzer
147
Chapter 12: DirectoryAnalyzer Web Portal

The DirectoryAnalyzer Web Portal allows you to connect to an alerting console using Internet Explorer 5.01 or higher. The web portal technology allows you to view current alerts or alert history via an interactive web page. Beginning with DirectoryAnalyzer version 3.5, the web portal provides you with the ability to view all Active Directory forest health alerts from a single web console. It provides this capability in situations where cross-forest trusts exist and where they do not exist. The enhanced web portal also provides an intelligent integration and correlation between the Active Directory alerts raised in DirectoryAnalyzer and the infrastructure change events captured with the real-time ChangeAuditor solution. NOTE: The DirectoryAnalyzer Web Portal is installed separately from the DirectoryAnalyzer product. Please refer to Chapter 5 in the DirectoryAnalyzer Installation Guide for complete instructions on how to install the web portal. NOTE: MOM ADMP alerts are not displayed through the DirectoryAnalyzer web portal. To access the DA Web Portal: 1. Enter the following command in the address field of your web browser: http://<server root>/DAPortal/ 2. The first time you invoke the portal, you must add the forest(s) to be viewed. To add a forest, select the Admin Tab and enter the requested information on the Consolidator Administration dialog. See Configuring the DA Web Portal on page 148 for more information on entering the required information. 3. After adding the forest(s), select the Domain tab on the main screen and expand the top node in the left-hand pane to verify that the domain topology for the forests you entered are present. NOTE: It may take several minutes for the information to become available.
DirectoryAnalyzer Web Portal
148
DirectoryAnalyzer
Configuring the DA Web Portal

The DA Web Portal communicates with a consolidator via TCP port 8085. This port is used by the Remoting classes of the .NET framework. The consolidator uses the credentials for each forest to connect to the DirectoryAnalyzer WMI provider running on the DirectoryAnalyzer Enterprise Agent. A forests credentials can either be a domain account within the forest or a local machine account on the Enterprise Agent. These credentials must have permission to access the Enterprise Agent machines WMI provider. Similarly, credentials must be provided for the ChangeAuditor Repository WMI provider. If cross-forest trusts are set up, one set of credentials will work for all forests linked by the cross-forest trust. Selecting the Admin tab from the main screen will display the Consolidator Administration dialog. This dialog allows you to add, edit and/or remove forest(s) from the web portal display.
NOTE: If the Admin tab is not present, verify that you are a member of the DAWebAdmins group. The DAWebAdmins group is optionally created by the installer as a local group account on the IIS server running the web portal. If you did not allow the installer to create this group, it MUST be created if you want anyone to have administrative access to the web portal/consolidator. NOTE: SSL must be enabled on the web portal server to ensure that forest credentials are encrypted between the client web browser and the web server itself. If enabling SSL support is NOT an option for your environment, a consolidator configuration utility is provided as part of the web portal/consolidator installation. Please refer to Managing Your Forest Using the Consolidator Configuration Utility on page 160.
DirectoryAnalyzer
149
Adding a Forest
When you first invoke the DA Web Portal, you must add the forest(s) you want to view through the portal. To add a forest: 1. Select the Add button on the Consolidator Administration dialog. This will expand the dialog allowing you to enter the forest information.
2. In the Forest Information section, enter the following information for the forest to be added: Name Enter the DNS name of the forest to be included in the web portal view. Alias Enter the name that is to appear in the tree display in the web portal tree view (lefthand pane). 3. In the Enterprise Agent section, enter the credentials to be used to access the Enterprise Agent to retrieve topology information, current alerts and alert details. Enterprise Agent DNS Enter the DNS name of the Enterprise Agent to be used. Enterprise Agent Alias Enter an alias for the Enterprise Agent which will be displayed in the tree view on the DA Web Portal. Domain User Enter the domain user account to be used to access the DirectoryAnalyzer WMI provider, which is installed on the Enterprise Agent. Password / Confirm Password Enter the password associated with the domain user entered above.
150
DirectoryAnalyzer
4. If you want to retrieve ChangeAuditor events, in the ChangeAuditor section, enter the credentials to be used to access the ChangeAuditor Repository. Repository DNS Enter the DNS name of the ChangeAuditor Repository to be used. Repository Alias Enter an alias for the ChangeAuditor Repository which will be displayed in the tree view on the DA Web Portal. Domain User Enter the domain user account to be used to access the ChangeAuditor WMI provider, which is installed on the server hosting the Repository. Password / Confirm Password Enter the password associated with the domain user entered above. 5. After entering the forest, enterprise agent and repository information, select the Save button at the bottom of the dialog. 6. Repeat steps 1 through 5 to add additional forests.
Editing Forest Information

To edit an existing forests information: 1. From the Configured Forest drop-down list, at the top of the Consolidator Administration dialog, select the forest to be edited. 2. Select the Edit button . This will expand the Consolidator Administrator dialog, displaying the forest, Enterprise Agent and ChangeAuditor Repository information for the selected forest. 3. Modify the displayed information as necessary, re-enter your passwords and select the Save button.
Deleting a Forest
To remove a forest from the DA Web Portal view: 1. From the Configured Forest drop-down list at the top of the Consolidator Administration dialog, select the forest to be removed. 2. Select the Remove button 3. Select the Save button. .
DirectoryAnalyzer
151
DA Web Portal Main Screen

The main screen of the web portal contains the following major components: Domain Tab - selecting this tab allows you to display the domain topology for the selected forest(s) in the Navigation panel. Site Tab - selecting this tab allows you to display the site topology for the selected forest(s) in the Navigation panel. Admin Tab - selecting this tab allows you to specify the forest(s) to be viewed, the Enterprise Agent to be used and the ChangeAuditor Repository to be used. Alert History Tab - selecting this tab allows you to display the alert history for the selected object. Tree View - the left-hand pane of the main screen contains a hierarchical view of the forests. Alerts Window - the right-hand pane of the main screen displays the current DirectoryAnalyzer alerts for the object selected in the Tree View. Alert Details Tab - selecting this tab, which located near the bottom of the screen, allows you to view details regarding the alert selected in the Alerts Window. ChangeAuditor Tab - selecting this tab, which is also located near the bottom of the screen, allows you to view any configuration change events associated with the alert selected in the Alerts Window.
152
DirectoryAnalyzer
Viewing Current Alerts

To view current DirectoryAnalyzer alerts through the DA Web Portal, select/highlight an object in the Tree View (left-hand pane) to populate the Alerts Window (right-hand pane) with the current alerts for that object.
Tree View
The left-hand pane of the main screen contains a hierarchical tree view of the forest(s) selected for viewing. The Show Only Managed command provides the option to display only sites and servers managed by the currently connected Enterprise Agent. You can use one of two views to display the tree: Domain view - selecting the Domain tab will display the tree hierarchy by domain.
Site view - selecting the Site tab will display the tree hierarchy by site.
DirectoryAnalyzer
153
Alerts Window
The right-hand pane of the main screen will display the current alerts for the object selected in the Tree View.
The following information is displayed in the Alerts Window: Current Viewed Alerts The Current Viewed Alerts field displays the total number of current alerts available for display. Severity The Severity column displays a symbol representing the severity of all the alerted object(s) in your enterprise: Critical Warning Alert Time The Alert Time column displays the date and time when the alert threshold was violated. Type The Type column displays the type of object that is alerted: Subject The Subject column displays the name of the alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert. Alert Name The Alert Name column displays the actual alert that was issued. Server Enterprise Exchange NC (Naming Context) Replica Site
154
DirectoryAnalyzer
Forest The Forest column displays the name of the forest where the alerted object resides. The controls at the bottom of the alerts window indicates the alert page that is currently being displayed. These controls also allow you to scroll through multiple pages of alerts or display a specific page. First Use the First link at the bottom of the alerts window to display the first page of alerts. Previous Use the Previous link at the bottom of the alerts window to display the previous page of alerts. Next Use the Next link in the lower right-hand corner of this window to display the next page of alerts. Last Use the Last link at the bottom of the alerts window to display the last page of alerts.
Alert Details
To view details for a particular alert, single-click on the alert with the left mouse button. This will populate the Alert Details tab at the bottom of the screen. Scroll down to display the alert details for the selected alert.
The Alert Details section contains the following information about the selected alert: Subject The Subject field displays the name of the alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert. Alert Name The Alert Name field displays the actual alert that was issued. Severity The Severity field displays the severity level of the alert: Critical or Warning Start Time The Start Time field displays the date and time when the alert threshold was violated.
DirectoryAnalyzer
155
Details The Details field displays a brief description of what caused the alert. Alert Value The Alert Value field contains the value information for the alert. Alert Threshold The Alert Threshold field displays the threshold value that was violated.
Viewing Alert History

To view the alert history for an Active Directory object, select the Alert History tab, located above the Alerts Window. This will display the Alert History Window which allows you to specify a forest, subject and/or date range to customize your alert history report. To define the scope of your alert history report: 1. On the Alert History tab, enter the following information: Forest Use the drop-down list to select the forest to be searched. Subject Use the drop-down list, to select a type of object or an individual object to be included in the alert history report: From / To Use these fields to specify a date range for your alert history report. By default, the From date is one month prior to todays date and the To date is todays date. To specify a date range, either enter the dates in the From and To fields or click on the small calendar icons to display a calendar and select the desired date from the displayed calendar. 2. Select the Search button. Once the search is complete, the following information will be displayed in the Alert History Window: Severity The Severity column displays a symbol representing the severity of the alerted object(s). Alert Time The Alert Time column displays the date and time when the alert threshold was violated. All - includes all objects in your alert history (default) NC - allows you to select an individual naming context Site - allows you to select an individual site Server - allows you to select an individual server
156
DirectoryAnalyzer
Clear Time If an alert was cleared, the Clear Time column will display the date and time when the alert was cleared. Type The Type field displays the type of object that is alerted: Subject The Subject column displays the name of the alerted object, such as the name of the domain controller, naming context, replica, site or Exchange server that generated the alert. Alert Name The Alert Name column displays the actual alert that was issued. Server Enterprise Exchange NC (Naming Context) Replica Site
Viewing ChangeAuditor Events and Details

ChangeAuditor identifies changes to critical components of the Active Directory environment as they occur and provides the five Ws for each change: Who made the change What the change was, including new and previous values When the change was made Where the change was made Why the change was made The DA Web Portal allows you to immediately determine if a DirectoryAnalyzer alert was caused by a change event captured with ChangeAuditor. To view ChangeAuditor events: 1. Select/highlight an alert in the Alert or Alert History window. 2. Select the ChangeAuditor tab, located under the Alerts Window. This will display the event query options.
DirectoryAnalyzer
157
3. Verify that the ChangeAuditor event query options are displayed and one or more ChangeAuditor facilities are selected, as described below: Search for events within the following time frame Use the drop-down list to select the desired time frame: One hour before Twelve hours before One day before Seven days before Thirty days before
Subject selection criteria Use the drop-down list to select the subject selection criteria to be used : Events that contain the subject name Events that contain the subject DN Events that match either subject name or DN Events that match the subject DN Events that match the subject name Ignore subject name
Search for events matching the selected ChangeAuditor facilities Use the drop-down list to select the facility to be used in the search: The relationship between a DirectoryAnalyzer alert and a ChangeAuditor event has been predetermined to target the facility in ChangeAuditor that relates to the alert in DirectoryAnalyzer. 4. Select the Get ChangeAuditor Events button to execute the query and display the results.
158
DirectoryAnalyzer
5. Scroll to the bottom of the page to verity that the events are returned or the No events located message is displayed. If no events are returned, you can attempt to broaden the scope of the query by selecting multiple facilities and expanding the time range. 6. Use the page controls at the bottom of the results to scroll through multiple pages of events or display a specific page of events.
ChangeAuditor Search Results Window

When change events are returned, the following information will be displayed for each event: Time The Time field displays the date and time when the change took place. Changed By The Changed By field displays the name of the user who initiated the change. Changed On The Changed On field displays the name of the server where the change occurred. Change The Change field displays what change was made to the object. Description The Description field displays a brief description of the change.
DirectoryAnalyzer
159
Event Information Dialog

To display the Event Information dialog which contains more detailed information about an individual event, single-click on an audited event in the ChangeAuditor Search Results Window.
This dialog provides the following details about the selected event: Changed By This field specifies the name of the user who initiated the change. Date/Time This field specifies the date and time when the change occurred. Changed On This field displays the name of the server where the change occurred. Description This field provides a brief description of the change that occurred. Object Type This field defines the type of object that changed.
160
DirectoryAnalyzer
Object Name This field specifies the name of the object that changed. Sub-System This field defines the subsystem, or area of auditing, where the change event occurred. Facility This field defines the event class facility to which the change event belongs. Action This field defines the action associated with the selected event. Attribute If an attribute has been modified, this field displays the name of the attribute. Old Value This field lists the old value that was assigned to the object. New Value This field lists the new value that is now assigned to the object. Comments This field contains any comments pertaining to the selected event, such as why an event occurred.
Sorting Your Results

By default, the alerts and change events are sorted by time with the latest alert/event being displayed at the top of the list. An arrow in the column heading identifies the sort criteria and order, ascending or descending. To change the sort criteria, click on another column heading. The sort order will be in ascending order, but can be changed to descending order by clicking on the heading a second time.
Managing Your Forest Using the Consolidator Configuration Utility

If enabling SSL support is NOT an option, a Consolidator Configuration utility (ConsolidatorConfiguration.exe) is provided as part of the web portal/consolidator installation. This utility will be placed in a separate directory under the consolidator directory on the web portal server, (e.g., c:\inetpub\wwwroot\daportal\consolidator\configmanager). The Consolidator Configuration utility can be run on a machine other than the web portal server, providing the following files are present: ConsolidatorConfiguration.exe Consolidator.dll Dotnetmagic.dll Dataprotection.dll To run this utility on a machine other than the web portal server, be sure to copy over the entire directory (which contains all these files).
DirectoryAnalyzer
161
Executing the ConsolidatorConfiguration.exe will launch the Consolidator Configuration dialog which allows you to specify the DA Consolidator to be configured.
From the Consolidator Configuration dialog, select the consolidator to be configured and select the Connect button. Selecting this button will populate the list box with the forest(s) specified for monitoring. Use the buttons to the right of the list box to configure forests for monitoring.
162
DirectoryAnalyzer
Adding a Forest
To add a forest for monitoring: 1. Select the Add button to display the DA Consolidator Credentials dialog.
2. Enter the required information as described below: Forest Name Enter the DNS name of the forest to be monitored Forest Alias Enter the name that is to appear in the tree display in the web portal tree view. Use Same Credentials for EA and ChangeAuditor Select/check this check box to use the same credentials for the Enterprise Agent and the ChangeAuditor repository. This box is unchecked by default, and additional fields for entering the ChangeAuditor repository credentials are displayed unless checked. Enterprise Agent DNS Enter the DNS name of the Enterprise Agent to be used. Enterprise Agent Alias Enter an alias for the Enterprise Agent which will be displayed in the tree view on the DA Web Portal. Domain User Enter the domain user account (<domain>\<username>)to be used to access the DirectoryAnalyzer WMI provider, which is installed on the Enterprise Agent.
DirectoryAnalyzer
163
Password/Confirm Password Enter the password associated with logon account entered above, then confirm the password in the field below. ChangeAuditor Repository DNS If the Use Same Credentials check box is unchecked, enter the DNS name of the ChangeAuditor Repository to be used. ChangeAuditor Repository Alias If the Use Same Credentials check box is unchecked, enter an alias for the ChangeAuditor Repository which will be displayed in the tree view on the DA Web Portal. Domain User If the Use Same Credentials check box is unchecked, enter the domain user account (<domain>\<username>) to be used to access the ChangeAuditor WMI provider., which is installed on the server hosting the Repository. ChangeAuditor Password If the Use Same Credentials check box is unchecked, enter the password associated with the domain user entered above. 3. Select the Test Credentials button to verify the credentials are valid. 4. Select the OK button to add the forest for monitoring.
164
DirectoryAnalyzer
Editing Forest Information

To edit an existing forests information: 1. From the forest list box, on the Consolidator Configuration dialog, select/highlight the forest to be edited. 2. Select the Edit button. This will display the DA Consolidator Credentials dialog, displaying the forest, Enterprise Agent and ChangeAuditor Repository information for the selected forest.
3. Modify the displayed information as necessary and re-enter your passwords 4. Select the Test Credentials button to verify the credentials entered. 5. Select the OK button to save your modifications and close the dialog.
Deleting a Forest
To remove a forest from the DA Web Portal view: 1. From the forest list box on the Consolidator Configuration dialog, select/highlight the forest to be removed. 2. Select the Remove button. 3. Select the OK button remove the forest and close the dialog.
DirectoryAnalyzer
165
Appendix A: DirectoryAnalyzer Alert Messages

When DirectoryAnalyzer detects that an alert threshold has been exceeded, it sends an alert to the DirectoryAnalyzer client, the Event Log (if the Event Log option is set) and SNMP (if the SNMP option is set). NOTE: Several DirectoryAnalyzer alerts depend upon information gathered from various performance data objects. Occasionally, a performance data object may not load properly and may have to be loaded manually in order to enable the associated alert. The following table lists the DirectoryAnalyzer alerts and their associated performance data objects: DirectoryAnalyzer Alert DC CPU Load DC Page Faults DC LDAP Load GC Load DC Cache Hits DC Prop Drop DC SMB Connections DC FRS Staging Area Disk Space Performance Data Object Processor Memory NTDS NTDS Cache NTDS Server FileReplicaSet
This appendix briefly describes each of the DirectoryAnalyzer alert messages. The alerts are listed in alphabetical order for the different types of alerts. The alert message descriptions include the type of alert and the default threshold settings for both levels: warning and critical.
DirectoryAnalyzer Alert Messages
166
DirectoryAnalyzer
Domain Controller Alerts

Domain Controller: Cache Hit Rate Below Threshold This alert indicates that the performance of the server may be degraded because of too few Cache Read hits. Set by: Defaults: DC Cache Hits Warning Threshold: Critical Threshold: 25% Set Dur: 120 seconds 15% Set Dur: 240 seconds Domain Controller: CPU Load Threshold Exceeded This alert indicates that the CPU for the domain controller is too busy. This can indicate a problem with DS (directory service) or it can indicate a problem may occur because the DC cannot respond to requests quickly enough. Set by: Defaults: DC CPU Load Warning Threshold: Critical Threshold: 20% Set Dur: 120 seconds 80% Set Dur: 120 seconds Domain Controller: DC Agent Not Responding This alert indicates that the DC Agent is not responding within the configured threshold. Set by: Defaults: DC Agent Not Responding Warning Threshold: Critical Threshold: 500 milliseconds Set Dur: 120 seconds 1000 milliseconds Set Dur: 300 seconds Domain Controller: DC Time is Different Than Its Time Source This alert is generated if the DCs time differs from one of its reference sources by more than the configured threshold. Set by: Defaults: DC Time Sync Lost Warning Threshold: Critical Threshold: 30 seconds Set Dur: 0 seconds 120 seconds Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds
DirectoryAnalyzer
167
Domain Controller: DIT Disk Space Below Threshold This alert indicates that the amount of disk space available on the volume Active Directory uses for its database is less than or equal to the specified threshold. Set by: Defaults: DC DIT Disk Space Warning Threshold: Critical Threshold: 500 MB Set Dur: 120 seconds 250 MB Set Dur: 240 seconds Domain Controller: DIT Log File Disk Space Below Threshold This alert indicates that the amount of disk space available on the volume Active Directory uses for it log files is less than or equal to the specified threshold. Set by: Defaults: DC DIT Log File Disk Space Warning Threshold: Critical Threshold: 500 MB Set Dur: 120 seconds 250 MB Set Dur: 240 seconds Domain Controller: DNS Bad IP Address This alert indicates that the DNS service is reporting one or more invalid IP addresses for DCs in the domain in which the DNS server is located. An invalid IP address can cause the DC to be unreachable by some or all clients. Set by: Defaults: DNS Bad IP Address Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Domain Controller: DNS Resolver Missing SRV Records This alert is active when one or more of the configured DNS resolvers for a DC is missing key service locator records. Set by: Defaults: DNS Resolver Missing SRV Records Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 300 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds
168
DirectoryAnalyzer
Domain Controller: DNS Resolver Not Responding This alert is active when one or more of the configured DNS resolvers for a DC is not responding in a timely manner. Set by: Defaults: DNS Resolver Not Responding Warning Threshold: Critical Threshold: 1000 milliseconds Set Dur: 120 seconds 10000 milliseconds Set Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds
Domain Controller: DNS Server Hosts Domain With Missing SRV Records This alert is generated when one or more requisite DNS SRV (Service Locator) entries are not defined. DNS SRV entries are vital to the proper functioning of Active Directory. Set by: Defaults: DNS Server Hosts Domain with Missing SRV Records Warning Threshold: Critical Threshold: N/A Set Dur: 300 seconds N/A Set Dur: 600 seconds Domain Controller: DNS Service Not Responding This alert indicates that the DNS service is not responding to queries within a given period of time. An unresponsive DNS server can have an adverse effect on the performance of Active Directory. Set by: Defaults: DNS Not Responding Warning Threshold: Critical Threshold: 100 Milliseconds Set Dur: 120 seconds 500 Milliseconds Set Dur: 120 seconds Domain Controller: DNS Service Not Running This alert indicates that a server hosting DNS is running, but the DNS service itself is not. A DNS service not running can affect the ability of clients to access Active Directory. Set by: Defaults: DNS Not Running Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 900 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
DirectoryAnalyzer
169
Domain Controller: Duplicate Connection Objects This alert is generated when there are duplicate connection objects found within the replication partner object for the given domain controller. Set by: Defaults: Duplication Connection Objects Warning Threshold: Critical Threshold: N/A Set Dur: 0 seconds N/A Set Dur: 0 seconds Domain Controller: File Replication Service Not Running This alert is generated if the File Replication Service is currently not running on the DC. Set by: Defaults: File Replication Service Not Running Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 300 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Domain Controller: FRS Staging Area Disk Space Below Threshold This alert indicates that the amount of disk space allocated for staging files during replication is less than or equal to the specified threshold. Set by: Defaults: DC FRS Staging Area Disk Space Warning Threshold: Critical Threshold: 300 MB Set Dur: 120 seconds 100 MB Set Dur: 240 seconds Domain Controller: GC Load Threshold Exceeded This alert indicates that the amount of LDAP traffic serviced by the domain controller that hosts the Global Catalog is above the configured threshold value. This threshold is based on the number of LDAP writes and LDAP searches performed per second. Set by: Defaults: GC Load Warning Threshold: Critical Threshold: 75 per second Set Dur: 60 seconds 100 per second Set Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 60 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds
170
DirectoryAnalyzer
Domain Controller: Global Catalog Response Too Slow This alert indicates that the response time of the servers that host the replica of the Global Catalog equals or exceeds the configured threshold value. Set by: Defaults: GC Response Too Slow Warning Threshold: Critical Threshold: 250 Milliseconds Set Dur: 120 seconds 500 Milliseconds Set Dur: 300 seconds Domain Controller: Group Policy Object Inconsistent This alert is generated when the Group Policy Object (GPO) for a given policy has fallen out of sync with the representation stored on the local SYSVOL share. Set by: Defaults: GPO Inconsistent Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 1200 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds
Domain Controller: Inter-site Replication Partner Not Responding This alert is active if an Inter-site replication partner is not responding. Set by: Defaults: Inter-site Replication Partner Not Responding Warning Threshold: Critical Threshold: 500 Set Dur: 120 seconds 1000 Set Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds
Domain Controller: Intra-site Replication Partner Not Responding This alert is active if an Intra-site replication partner is not responding. Set by: Defaults: Intra-site Replication Partner Not Responding Warning Threshold: Critical Threshold: 250 Set Dur: 120 seconds 500 Set Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds
DirectoryAnalyzer
171
Domain Controller: KDC Service Not Running This alert is generated if the Kerberos Key Distribution Center (KDC) Service is not currently running on the DC. Set by: Defaults: KDC Service Not Running Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 300 seconds Domain Controller: LDAP Load Threshold Exceeded This alert indicates that the amount of LDAP traffic serviced by the domain controller equals or exceeds the threshold set by the administrator. This threshold is based on the number of LDAP writes and LDAP searches performed per second. Set by: Defaults: DC LDAP Load Warning Threshold: Critical Threshold: 75 per second Set Dur: 120 seconds 100 per second Set Dur: 240 seconds Domain Controller: LDAP Response Too Slow This alert indicates that the response time of the domain controller to an LDAP request equals or exceeds the administrator-defined threshold. Set by: Defaults: DC LDAP Response Too Slow Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 300 seconds 1000 Milliseconds Set Dur: 300 seconds Domain Controller: LSASS CPU Load Threshold Exceeded This alert indicates that the CPU for the LSASS service is too busy. Set by: Defaults: LSASS CPU Load Warning Threshold: Critical Threshold: 25 Set Dur: 0 seconds 50 Set Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
172
DirectoryAnalyzer
Domain Controller: LSASS Virtual Memory Threshold Exceeded This alert indicates that the virtual memory allocated to the LSASS service is too high. Set by: Defaults: LSASS Virtual Memory Warning Threshold: Critical Threshold: 500 Set Dur: 120 seconds 1000 Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
Domain Controller: LSASS Working Set Memory Threshold Exceeded This alert indicates that the working set memory allocated to the LSASS service is too high. Set by: Defaults: LSASS Working Set Warning Threshold: Critical Threshold: 500 Set Dur: 120 seconds 1000 Set Dur: 120 seconds Domain Controller: Net Logon Service Not Running This alert is generated if the Net Logon Service is currently not running on the DC. Set by: Defaults: Net Logon Service Not Running Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 300 seconds Domain Controller: NETLOGON Not Shared This alert is generated when the NETLOGON folder is not shared. File Replication Service requires this folder to be shared on Windows 2000 DCs for replication to work correctly. Set by: Defaults: NETLOGON Not Shared Warning Threshold: Critical Threshold: N/A Set Dur: 0 seconds N/A Set Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
DirectoryAnalyzer
173
Domain Controller: Not Responding This alert indicates that the domain controller is not responding within the configured threshold. Set by: Defaults: DC Not Responding Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 0 seconds 1000 Milliseconds Set Dur: 0 seconds Domain Controller: NTFRS CPU Load Threshold Exceeded This alert indicates that the CPU for the NTFRS service is too busy. Set by: Defaults: NTFRS CPU Load Warning Threshold: Critical Threshold: 15 Set Dur: 120 seconds 25 Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Domain Controller: NTFRS Virtual Memory Threshold Exceeded This alert indicates that the virtual memory allocated to the NTFRS service is too high. Set by: Defaults: NTFRS Virtual Memory Warning Threshold: Critical Threshold: 75 Set Dur: 120 seconds 150 Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
Domain Controller: NTFRS Working Set Memory Threshold Exceeded This alert indicates that the working set memory allocated to the NTFRS service is too high. Set by: Defaults: NTFRS Working Set Warning Threshold: Critical Threshold: 75 Set Dur: 120 seconds 150 Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
174
DirectoryAnalyzer
Domain Controller: Page Fault Threshold Exceeded This alert might indicate that the performance of the server may be degraded because of too many page faults. Set by: Defaults: DC Page Faults Warning Threshold: Critical Threshold: 500 faults per second Set Dur: 120 seconds 1000 faults per second Set Dur: 240 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds
Domain Controller: PDC Role Owner in Root Domain Has No External Time Source This alert is generated if the PDC Role Owner of the root domain in the forest is not configured to use an external time source. All DCs in the forest synchronize their time by the PDC Role Owners clock. Set by: Defaults: Root PDC Role Owner Has No External Time Source Warning Threshold: Critical Threshold: N/A Set Dur: 300 seconds N/A Set Dur: 900 seconds Domain Controller: Properties Dropped Threshold Exceeded This alert occurs when directory property updates were dropped during replication. Set by: Defaults: DC Properties Dropped Warning Threshold: Critical Threshold: 100 dropped Set Dur: 120 seconds 200 dropped Set Dur: 240 seconds Domain Controller: Replication Partner Count Too High This alert indicates that the total number of replication partners for this domain controller is greater than the administrator configured threshold value. Set by: Defaults: Replication Partner Count Warning Threshold: Critical Threshold: 25 Objects Set Dur: 10 seconds 50 Objects Set Dur: 10 seconds Clear Dur: 10 seconds Clear Dur: 10 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
DirectoryAnalyzer
175
Domain Controller: Replication Partner Not Responding This alert is active if the replication partner is not responding. Set by: Defaults: Replication Partner Not Responding Warning Threshold: Critical Threshold: 250 Milliseconds Set Dur: 120 seconds 500 Milliseconds Set Dur: 300 seconds Domain Controller: Replication Topology Closure This alert is generated when the servers copy of the replication topology for either the Default Naming Context or the Enterprise Configuration Naming Context is not transitively closed. Not all changes to the unclosed NC will propagate to all domain controllers holding replicas of the naming context. Set by: Defaults: Replication Topology Closure Warning Threshold: Critical Threshold: N/A Set Dur: 900 seconds N/A Set Dur: 3600 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds
Domain Controller: Replication Topology Not Closed Within Parent Site This alert is generated when the servers copy of the replication topology for either the Default Naming Context or the Enterprise Configuration Naming Context is not transitively closed within its parent site. Changes to the unclosed NC will have to go offsite to be completed. Set by: Defaults: Intra-Site Replication Topology Closure Warning Threshold: Critical Threshold: N/A Set Dur: 900 seconds N/A Set Dur: 3600 seconds Domain Controller: RID Pool Below Threshold This alert is generated when the available pool of Relative Identifiers (RIDs) on this server is less than or equal to the configured threshold. Set by: Defaults: DC RID Pool Low Warning Threshold: Critical Threshold: 10 (# available in RID Pool) Set Dur: 120 seconds 5 (# available in RID Pool) Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
176
DirectoryAnalyzer
Domain Controller: RODC Allowed Password Replication Policy Inconsistent This alert allows a user to verify that every read-only domain controller has the same password replication allow policy (i.e., a list of accounts whose passwords WILL be saved locally to the read-only domain controllers in the domain). This alert is generated when the allowed password replication policy for a server is not consistent with the selected authoritative server for the domain. Set by: Defaults: RODC Allowed Password Replication Policy Inconsistent Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Domain Controller: RODC Denied Password Replication Policy Inconsistent This alert allows a user to verify that every read-only domain controller has the same password replication deny policy (i.e., a list of accounts whose passwords will NOT be saved locally to the read-only domain controllers in the domain). This alert is generated when the denied password replication policy for a server is not consistent with the selected authoritative server for the domain. Set by: Defaults: RODC Denied Password Replication Policy Inconsistent Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Domain Controller: SMB Connections Threshold Exceeded This alert occurs when the number of SMB (Server Message Block) connections in use on the domain controller equals or exceeds the threshold set by the administrator. Set by: Defaults: DC SMB Connections Warning Threshold: Critical Threshold: 20 (# of connections) Set Dur: 120 seconds 40 (# of connections) Set Dur: 240 seconds Domain Controller: SYSVOL Disk Space Below Threshold This alert indicates that the available disk space on the volume host SYSVOL is less than or equal to the configured threshold. Set by: Defaults: DC SYSVOL Disk Space Warning Threshold: Critical Threshold: 500 MB Set Dur: 120 seconds 250 MB Set Dur: 240 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds Clear Dur: 240 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
DirectoryAnalyzer
177
Domain Controller: SYSVOL Not Shared This alert is generated when the SYSVOL folder is not shared. File Replication Service requires this folder to be shared on Windows 2000 DCs for replication to work correctly. Set by: Defaults: SYSVOL Not Shared Warning Threshold: Critical Threshold: N/A Set Dur: 0 seconds N/A Set Dur: 0 seconds Domain Controller: Unable to Verify Trust This alert is active when a domain controller is unable to authenticate to one or more of its direct inbound uplevel trust partners. Set by: Defaults: Trust Relationship Not Functional Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Domain Controller: W32Time Service Not Running This alert is generated if the Windows Time (W32Time) Service is not currently running on the DC. Set by: Defaults: W32Time Service Not Running Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 300 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Naming Context Alerts

Naming Context: Domain Naming and Schema Operations Masters Differ DirectoryAnalyzer issues this alert when the Domain Naming and Schema Operations Masters reside on separate domain controllers. Set by: Defaults: Domain Naming and Schema Operations Masters Differ Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
178
DirectoryAnalyzer
Naming Context: Domain Naming Operations Master Inconsistent DirectoryAnalyzer issues this alert when the Domain Naming Operations Master is not consistent between all domain controllers in the enterprise. Set by: Defaults: Domain Naming Operations Masters Consistency Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Naming Context: Domain Naming Operations Master Not a GC DirectoryAnalyzer issues this alert when the Domain Naming Operations Master does not host a Global Catalog. Set by: Defaults: Domain Naming Operations Master Not a GC Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 900 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Naming Context: Domain Naming Operations Master Not Responding This alert indicates that the Domain Naming Operations Master is not responding within the configured threshold. Set by: Defaults: Domain Naming Operations Master Not Responding Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 120 seconds 1000 Milliseconds Set Dur: 120 seconds Naming Context: Infrastructure Operations Master Hosts GC DirectoryAnalyzer issues this alert when the Infrastructure Operations Master (IOM) also hosts a Global Catalog. This is an alert condition when more than one DC exists for the domain AND all other DCs do NOT themselves host Global Catalogs. Set by: Defaults: Infrastructure Operations Master Hosts GC Warning Threshold: Critical Threshold: N/A Set Dur: 120 seconds N/A Set Dur: 300 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
DirectoryAnalyzer
179
Naming Context: Infrastructure Operations Master Inconsistent DirectoryAnalyzer issues this alert when the Inter-Domain Daemon Operations Master (commonly called the Infrastructure Operations Master) is not consistent between all domain controllers in the domain. Set by: Defaults: Infrastructure Operations Master Consistency Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Naming Context: Infrastructure Operations Master Not Responding This alert indicates that the Infrastructure Operations Master is not responding within the configured threshold. Set by: Defaults: Infrastructure Operations Master Not Responding Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 120 seconds 1000 Milliseconds Set Dur: 120 seconds Naming Context: PDC Operations Master Inconsistent DirectoryAnalyzer issues this alert when the Domain PDC (Primary Domain Controller) Operations Master is not consistent between all domain controllers in the domain. Set by: Defaults: PDC Operations Master Consistency Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Naming Context: PDC Operations Master Not Responding This alert indicates that the PDC Operations Master is not responding within the configured threshold. Set by: Defaults: PDC Operations Master Not Responding Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 120 seconds 1000 Milliseconds Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
180
DirectoryAnalyzer
Naming Context: Replication Latency Threshold Exceeded This alert is generated when the time it takes to replicate changes from one domain controller to all other domain controllers in the naming context equals or exceeds the administrator-defined threshold. NOTE: This alert is disabled initially; however, it can be enabled using the Configuration | Replication Latency command. Set by: Defaults: Replication Latency Warning Threshold: Critical Threshold: 600 minutes Set Dur: 0 seconds 1200 minutes Set Dur: 0 seconds Naming Context: RID Operations Master Inconsistent DirectoryAnalyzer issues this alert when the Domain RID (Relative ID) Operations Master is not consistent between all domain controllers in the domain. Set by: Defaults: RID Operations Master Consistency Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Naming Context: RID Operations Master Not Responding This alert indicates that the RID Operations Master is not responding within the configured threshold. Set by: Defaults: RID Operations Master Not Responding Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 120 seconds 1000 Milliseconds Set Dur: 120 seconds Naming Context: Schema Operations Master Inconsistent DirectoryAnalyzer issues this alert when the Schema Operations Master is not consistent between all domain controllers in the enterprise. Set by: Defaults: Schema Operations Master Consistency Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
DirectoryAnalyzer
181
Naming Context: Schema Operations Master Not Responding This alert indicates that the Schema Operations Master is not responding within the configured threshold. Set by: Defaults: Schema Operations Master Not Responding Warning Threshold: Critical Threshold: 500 Milliseconds Set Dur: 120 seconds 1000 Milliseconds Set Dur: 120 seconds Naming Context: Schema Version Inconsistent This alert is generated when the Schema Version is not consistent across the domain controllers of the enterprise. Set by: Defaults: Schema Version Consistency Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Replica: Conflict Encountered During Replication This alert indicates that conflicting objects were encountered during replication, which was reported by Active Directory. Set by: Defaults: Conflict Encountered During Replication Warning Threshold: Critical Threshold: N/A Set Dur: 60 seconds N/A Set Dur: 300 seconds Replica: Consecutive Replication Failures Threshold Exceeded This alert is generated when the number of consecutive replication failures equals or exceeds the configured threshold. Set by: Defaults: Consecutive Replication Failures Warning Threshold: Critical Threshold: 1 Set Dur: 120 seconds 3 Set Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
182
DirectoryAnalyzer
Replica: GC Replication Latency Threshold Exceeded This alert indicates that the replication latency of the server that hosts a replica of the Global Catalog equals or exceeds the configured threshold. NOTE: This alert is disabled initially; however, it can be enabled using the Configuration | Replication Latency command. Set by: Defaults: GC Replication Latency Warning Threshold: Critical Threshold: 1800 seconds Set Dur: 0 seconds 3600 seconds Set Dur: 0 seconds Replica: Objects Exist in the Lost and Found Container This alert is generated when DirectoryAnalyzer discovers objects in the Lost and Found container of a naming context. Set by: Defaults: NC Lost And Found Warning Threshold: Critical Threshold: 1 (# of objects) Set Dur: 120 seconds 10 (# of objects) Set Dur: 120 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Site Alerts
Site: Exchange Server to GC ratio exceeded Each site in an Active Directory enterprise should have at least one Global Catalog for every four Exchange Servers. This alert indicates that the number of Exchange Servers exceeds the configured threshold of Global Catalog servers in a given site. Set by: Defaults: Too Many Exchange Servers Per GC Warning Threshold: Critical Threshold: 4 (# of Exchange Servers) Set Dur: 600 seconds Set Dur: 600 seconds Site: Inter-Site Replication Manager This alert is generated when the Inter-site Replication Manager determines that a server other than the Preferred Bridgehead server has a connection object replicating to a server outside of its current site. Set by: Defaults: Inter-site Replication Manager Warning Threshold: Critical Threshold: N/A Set Dur: 0 seconds N/A Set Dur: 0 seconds Clear Dur: 10 seconds Clear Dur: 10 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds 8 (# of Exchange Servers)
DirectoryAnalyzer
183
Site: Inter-Site Replication Topology Generation Disabled This alert is generated when the inter-site replication topology generation for a site is disabled. Set by: Defaults: Inter-Site Replication Topology Generation Disabled Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 1200 seconds Site: Intra-Site Replication Topology Generation Disabled This alert is generated when the intra-site replication topology generation for a site is disabled. Set by: Defaults: Intra-Site Replication Topology Generation Disabled Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 1200 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Site: No Authority in Site to Resolve Universal Group Memberships This alert is issued when a site has no Global Catalog and Universal Group Membership caching is disabled. Set by: Defaults: No Universal Group Membership Authority in Site Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 900 seconds Site: Site Agent Not Updating This alert indicates that the Site Agent is not responding within the configured threshold. Set by: Defaults: Site Agent Not Updating Warning Threshold: Critical Threshold: N/A Set Dur: 0 seconds N/A Set Dur: 300 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
184
DirectoryAnalyzer
Site: Too Few Global Catalogs in Site This alert indicates that the number of Global Catalog servers in a given site is less than or equal to the configured threshold. Set by: Defaults: Too Few Global Catalogs In Site Warning Threshold: Critical Threshold: 1 (# of GCs) Set Dur: 120 seconds 0 (# of GCs) Set Dur: 300 seconds Clear Dur: 300 seconds Clear Dur: 120 seconds
Enterprise Agent Alert

Enterprise: Alternate Enterprise Agent Not Updating This alert is issued when DirectoryAnalyzer is configured with two Enterprise Agents and they cannot synchronize with one another. Set by: Defaults: Not Configurable Warning Threshold: Critical Threshold: N/A Set Dur: 60 seconds N/A Set Dur: 300 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
Exchange Server Alerts

Exchange Host Server: Not Responding This alert indicates that the member server that hosts the Exchange Server is not responding within the configured threshold. Set by: Defaults: Exchange Host Not Responding Warning Threshold: Critical Threshold: 500 (milliseconds) Set Dur: 120 seconds 1000 (milliseconds) Set Dur: 120 seconds Clear Dur: 120 seconds Clear Dur: 120 seconds
Domain Controller: Exchange Server is Running on a Domain Controller This alert indicates that an Exchange Server is running on a domain controller. Set by: Defaults: Exchange Server is Running on a Domain Controller Warning Threshold: Critical Threshold: N/A Set Dur: 600 seconds N/A Set Dur: 1200 seconds Clear Dur: 0 seconds Clear Dur: 0 seconds
DirectoryAnalyzer
185
Appendix B: DirectoryAnalyzer Statistics

DirectoryAnalyzer gathers and stores various statistics about Active Directory. The sample rate (or sampling interval) specifies how often this process is to occur. This appendix lists the statistics gathered by DirectoryAnalyzer and the default sample rates for each statistic. These statistics are listed here in alphabetical order for each of the different types of alerts: DC Alerts Site Alerts
DC Alerts
The Sampling Rate Settings tab displays the following statistics for DC alerts. DC Policy Miner Interval The frequency (in seconds) with which the DC Agent gathers policy information. Default Interval in seconds: 300 DC Status Miner Interval The frequency (in seconds) with which the DC Agent checks the status of various services. Default Interval in seconds: 60 DC Structure Miner Interval The frequency (in seconds) that the DC Agent refreshes local Active Directory structural information. Default Interval in seconds: 300 DC Topology Miner Interval The frequency (in seconds) with which the DC Agent examines its local copy of the replication topology. Default Interval in seconds: 3600
DirectoryAnalyzer Statistics
186
DirectoryAnalyzer
DNS Resolver Miner Interval The frequency (in seconds) with which the DC Agent gathers information about the DNS resolver. Default Interval in seconds: 300 DNS Structure Miner Interval The frequency (in seconds) with which the DC Agent on a DNS server gathers structural information for its DNS service. Default Interval in seconds: 300 IP Address Miner Interval The frequency (in seconds) with which the DC Agent on a DNS server checks IP names/ addresses in its DNS service. Default Interval in seconds: 300 Latency Miner Interval The frequency (in seconds) with which the DC Agent gathers latency information. Default Interval in seconds: 3600 LDAP Response Time Miner Interval The frequency (in seconds) with which the DC Agent checks local LDAP response time. Default Interval in seconds: 60 Replica LDAP Miner Interval The frequency (in seconds) with which the DC Agent gathers replication information. Default Interval in seconds: 600 Replica Trust Miner Interval The frequency (in seconds) with which the DC Agent gathers trust information. Default Interval in seconds: 300 Server Statistics Miner Interval The frequency (in seconds) between checks of general server statistics, such as CPU load, Page Fault rate, disk space statistics, etc. Default Interval in seconds: 60 Service Locator Miner Interval The frequency (in seconds) with which the DC Agent on a DNS server checks the validity of its service locator records. Default Interval in seconds: 720 Time Sync Miner Interval The frequency (in seconds) with which the DC Agent examines its SNTP time source. Default Interval in seconds: 900
DirectoryAnalyzer
187
Site Alerts
The Sampling Rate Settings tab displays the following statistic for site alerts: Site Information Miner Interval The frequency (in seconds) with which the Site Agent gathers site information. Default Interval in seconds: 300 Exchange Structure Miner Interval The frequency (in seconds) with which the Site Agent gathers Exchange information. Default Interval in seconds: 1800
DirectoryAnalyzer
189
Glossary
This section provides an alphabetical listing of terms important to Active Directory and DirectoryAnalyzer. Active Directory The directory service introduced by Microsoft with Windows 2000. Application Directory Partition Beginning with Windows Server 2003, Active Directory provides support for Application Directory Partitions. Application directory partitions can contain a hierarchy of any type of objects except security principals. These partitions can be configured to replicate to any set of DCs in the forest, not just the DCs in a domain (like in a domain partition). By enabling you to control the scope of replication and the placement of replicas, application directory partitions enable you to use the directory to store dynamic data without significantly impacting network performance. BHS (Bridgehead Server) Bridgehead servers are DCs that serve as the connection point for routing directory information between sites. A local BHS serves as the originator of message traffic. The remote BHS serves as the destination for message traffic. Connector An Exchange connector is a software service that allows users at one Exchange server site to connect to users at other sites. DC (Domain Controller) A Windows 2000 server that contains a replica of a domain. DC Agent A DC Agent is a DirectoryAnalyzer service that runs on each domain controller within Active Directory and does the bulk of the monitoring work. The DC Agent detects alert conditions and passes them to the Site Agent. DirectoryAnalyzer Client The user interface for managing all aspects of DirectoryAnalyzer.
Glossary
190
DirectoryAnalyzer
DIT (Directory Information Tree) The file that actually stores the directory database (called NTDS.DIT). DNS (Domain Name System) A distributed namespace used on the Internet to resolve computer and service names to TCP/IP addresses and vice versa. Active Directory uses DNS as the location service. Domain A domain is a subtree of the directory namespace that can be replicated to multiple domain controllers. A domain is the unit of replication within Active Directory. Domain Tree A hierarchical organization of domains with contiguous names. DS Acronym for the general term directory service. Enterprise (a.k.a. Forest) A collection of one or more domain trees organized as peers, that share a common schema, configuration and global catalog. Enterprise Agent The Enterprise Agent communicates with the Site Agent(s) to build a model of the directory. The Enterprise Agent services client requests and refers them to the appropriate Site Agent or DC Agent. It also maintains DirectoryAnalyzer configuration and threshold settings. Exchange Admin Group The Exchange Admin Group is a collection of Exchange objects that are grouped together to simplify the management of permissions. This group defines the logical structure of the Exchange organization. FRS (File Replication Service) The File Replication Service replicates the SYSVOL between domain controllers. The SYSVOL contains login scripts and group policy files that should be replicated along with Active Directory. If the FRS is not running on a domain controller, it will not replicate the most recent copies of the files stored in the SYSVOL. Global Catalog A DC within Active Directory that contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well. KDC (Key Distribution Center) Service The Key Distribution Center Service provides Kerberos authentication and Kerberos keys to Windows 2000 processes. It is a key component in the Windows 2000 security system. If the KDC Service is not running, users may not be able to logon and domain controllers will not replicate with each other. LDAP (Lightweight Directory Access Protocol) The core protocol Active Directory uses to communicate between directories and applications.
Glossary
DirectoryAnalyzer
191
MOM (Microsoft Operations Manager) The event and performance management element of Microsofts Windows Server System. It allows monitoring of numerous computers interconnected by one or more communications networks. Server products, including Active Directory, Microsoft SQL Server, Microsoft Exchange Server and MOM itself can be monitored with MOM. Namespace Any logical bounded area in which a given name can be resolved. Naming Context A unit of replication. In Windows 2000, Active Directory always has at least three naming contexts: The schema, which defines the object class and attributes contained in Active Directory. The configuration context, which identifies the domain controllers, replication topology and other related information about the domain controllers within a specific implementation of Active Directory. One or more domains that contain the actual directory object data.
A domain controller always stores the naming contexts for the schema, configuration and (only) its domain. Net Logon Service The Net Logon Service handles network requests for authentication. Therefore, when a machine or process tries to authenticate with a domain controller it will communicate with the Net Logon Service. If this service is not running, the domain controller will not process any authentication requests. Operations Master DCs that control critical single master updates that cannot easily be resolved using multimaster replication. These operations include: schema operations - only one DC, per enterprise, can perform schema operations at a time. domain naming assignments - one DC, per enterprise, assures that duplicate domain naming does not occur. RID (Relative ID) pool allocations - one DC, per domain, manages handing out new RID pool assignments. PDC functions - one DC, per domain, acts as the PDC (Primary Domain Controller) for downlevel domain controllers, member servers and clients. Infrastructure management - one DC, per domain, is responsible for updating an objects DN (Distinguished Name) and SID (Security ID) in cross-domain object references.
PDC (Primary Domain Controller) In NT 3.5x and NT 4, the computer that hosts the master writable copy of the security accounts manager database.
Glossary
192
DirectoryAnalyzer
Replication The process of duplicating naming context information to multiple domain controllers. Replication latency The elapsed time between changing an object in the naming context and the time the change appears on each domain controller. RID (Relative Identifier) RIDs are used by domain controllers to identify security principals (users, groups or computers) within a domain. Routing Group A routing group defines connectivity and communication channels between a collection of Exchange servers. Routing Group Master The Routing Group Master is the server responsible for coordinating link state updates (link up/down) to/from the other servers in the routing group. Schema The formal definition of all object types that can be stored in the directory. Active Directory keeps its schema in the schema naming context. Site A location within a network that contains Active Directory servers, as defined by one or more TCP/IP subnets. Sites define the Active Directory replication topology. Site Agent The DirectoryAnalyzer Site Agent manages and configures DC Agents in a particular site and builds a partial model of the directory. The Site Agent passes its model, as well as relevant changes, events and alerts to the requesting Enterprise Agent. Tree A hierarchical structure of domains that form a contiguous namespace. W32Time (Windows Time) Service The W32Time Service on a DC is responsible for maintaining the accuracy of the DCs clock with respect to the DCs time sources. If their clocks are not synchronized, the update conflict resolution algorithm in Active Directory will not work properly.
Glossary
DirectoryAnalyzer
193
Index
A
About command 18 Accessing the knowledge base 36 Active Directory 189 Adapter Summary Tab 68 Adding a forest 149, 162 Adding external applications 126 Administrative Group Tab 76 Alert Configuration Tab bottom of Current Alerts Tab 96 Complete Set of Alerts 98 Alert defaults Domain Controller alerts 166 Naming Context alerts 177 Site alerts 182 Alert Details Tab 34 DA Web Portal 154 Alert History command 17, 114 database maintenance 119 exporting data 118 generating reports 114 printing reports 118 tool bar button 19 viewing via DAWeb 155 Alert messages 165 Domain Controller alerts 166 Naming Context alerts 177 Site alerts 182 Alert notifications 105 Alert Summary Graph 36 alert thresholds 95 configuring 96 Alerts command 15, 98 Alternate credentials 12 Alternate Enterprise Agent Not Updating alert 184 Application Directory Partition 189 Application Directory Partitions monitoring 28 Application Partition browsing the directory 40 information 55 view 20, 40 Authoritative server 104 Avoid List 137
B
Bridgehead Server 189 Bridgehead Servers Tab 61 Browsing Exchange 73 Browsing the directory 39 by application partition 40 by domain 40 by site 42
C
Cache Hit Rate Below Threshold alert 166 ChangeAuditor ChangeAuditor tab 142 command 18 Event Information dialog 144, 159 integration 141 launching 123 tool bar button 19 viewing events 142 viewing events via DA Web Portal 156 ChangeAuditor tab 142 Client 6, 11 components 13 Collapse All command 15 Collapse Object command 15 Configuration Menu commands 15 Configure Email Notification dialog 106 Configure RODC Alerts dialog 104 configuring alerts and statistics 95 configuring server for RODC alerts 104 Configuring the DA Web Portal 148 Conflict Encountered During Replication alert 181
Index
194
DirectoryAnalyzer
Connect command 14 tool bar button 19 Connection dialog 11 Connectivity command 17, 87 tool bar button 19 Troubleshooter 87 Consecutive Replication Failures Threshold Exceeded alert 181 Consolidator connecting to 12 Consolidator Administration dialog 148 Consolidator Configuration dialog 161 adding a forest 162 deleting a forest 164 editing forest information 164 Consolidator Configuration Utility 160 Contents command 18 CPU Load Threshold Exceeded alert 166 Creat New FRS Troubleshooter Test dialog 92 creating an email rule 108 Current Alerts command 18 Current Alerts Tab 31 Current Exchange Alerts Tab 83
D
DA Consolidator Credentials dialog 162 DA Web Portal 147 adding a forest 149 alert details 154 alerts window 153 configuring 148 deleting a forest 150 editing forest information 150 main screen 151 tree view 152 viewing alert history 155 viewing ChangeAuditor events 156 viewing current alerts 152 Database commands 16 Database Connectivity dialog 114 Database Maintenance dialog 119 DC (domain controller) 189 DC Agent 6, 189 DC Agent Not Responding alert 166 DC Information Tab 65 DC Not Responding alert 173 DC Policy Miner Interval 185 DC Status Miner Interval 185 DC Structure Miner Interval 185 DC Summary Tab 59 DC Time is Different Than Its Time Source alert 166 DC Topology Miner Interval 185 Delete Alerts command 16, 119
Deleting a forest 150, 164 deleting an email rule 108 Diagnostic tests 130 Diagnostics Menu commands 17 DirecotryTroubleshooter Options command 17 DirectoryAnalyzer alert messages 165 benefits 4 Client 11, 189 features 2 knowledge base 36 statistics 185 system overview 6 web portal 147 DirectoryTroubleshooter command 17 diagnostic tests 130 integration 129 launching 123 options 138 real-time diagnostics 134 replication view 135 tab 129 tool bar button 19 Disconnect command 14 tool bar button 19 DIT (Directory Information Tree) 190 DIT Disk Space Below Threshold alert 167 DIT Log File Disk Space Below Threshold alert 167 DNS (Domain Naming System) 190 DNS Bad IP Address alert 167 DNS Information Tab 71 DNS Resolver Miner Interval 186 DNS Resolver Missing SRV Records alert 167 DNS Resolver Not Responding alert 168 DNS Server Hosts Domain with Missing SRV Records
168
DNS servers monitoring 28 DNS Service Not Responding alert 168 DNS Service Not Running alert 168 DNS Structure Miner Interval 186 DNS Summary Tab 57 DNSAnalyzer command 18 launching 123 tool bar button 19 Domain 190 view 20, 40 Domain Controller 189 Domain Controller alerts 166 Cache Hit Rate Below Threshold 166 CPU Load Threshold Exceeded 166 DC Agent Not Responding 166 DC Not Responding 173 DC Time is Different Than Its Time Source 166
Index
DirectoryAnalyzer
195
DIT Disk Space Below Threshold 167 DIT Log File Disk Space Below Threshold 167 DNS Bad IP Address 167 DNS Resolver Missing SRV Records 167 DNS Resolver Not Responding 168 DNS Server Hosts Domain with Missing SRV Records 168 DNS Service Not Responding 168 DNS Service Not Running 168 Duplicate Connection Objects 169 File Replication Service Not Running 169 FRS Staging Area Disk Space Below Threshold
Domain Summary Tab 49 Domain Tree 190 Domains and Trusts MMC snap-in 123 Doman Role Owners Tab 46 DT tab 129 diagnostic tests 130 real-time diagnsotics 134 replication view 135 Duplicate Connection Objects alert 169
E
Edit Menu commands 14 Find 14 editing an email rule 108 Editing external applications 127 Email notification 105 Email Rule Wizard 109 Email rules creating a new rule 108 deleting a rule 108 editing a rule 108 Email Rules command 17, 105 Email Settings command 17, 105 Enable ICMP Ping command 16 enabling replication latency alerts 103 enabling SNMP Alerts 105 enalbing Event Log Recording 105 Enterprise 190 Enterprise Agent 6, 190 connecting to 12 Enterprise Explorer 20 expanding/collapsing views 22 icons 21 right-click functionality 22 searching for object 20 Enterprise Search dialog 20 Event Information dialog 144, 159 Event Log Recording command 16, 105 Event Viewer 122 Exchange Admin Group 190 Exchange connector 189 Exchange Host Server Not Responding alert 184 Exchange monitoring 29 Exchange Server alerts Exchange Host Server Not Responding 184 Exchange Server is running on a DC 184 Exchange Server is running on a DC alert 184 Exchange Server Summary Tab 82 Exchange Server to GC ratio exceeded alert 182 Exchange Structure Miner Interval 187 Exchange Tab 75 Exchange view 20, 73 Exchange WMI Connection dialog 83 Exit command 14 Expand All command 15
169
GC Load Threshold Exceeded 169 Global Catalog Response Too Slow 170 Group Policy Object Inconsistent 170 Inter-site Replication Partner Not Responding 170 Intra-site Replication Partner Not Responding 170 KDC Service Not Running 171 LDAP Load Threshold Exceeded 171 LDAP Response Too Slow 171 LSASS CPU Load Threshold Exceeded 171 LSASS Virtural Memory Threshold Exceeded 172 LSASS Working Set Memory Threshold Exceeded
172
Net Logon Service Not Running 172 NETLOGON Not Shared 172 NTFRS CPU Load Threshold Exceeded 173 NTFRS Virtual Memory Threshold Exceeded 173 NTFRS Working Set Memory Threshold Exceeded
173
Page Fault Threshold Exceeded 174 PDC Role Owner in Root Domain Has No External Time 174 Properties Dropped Threshold Exceeded 174 Replication Partner Count Too High 174 Replication Partner Not Responding 175 Replication Topology Closure 175 Replication Topology Not Closed
Within Parent Site 175

RID Pool Below Threshold 175 ROCD Denied Password Replication Policy Inconsistent 176 RODC Allowed Password Replication Policy Inconsistent 176 SMB Connections Threshold Exceeded 176 SYSVOL Disk Space Below Threshold 176 SYSVOL Not Shared 177 Unable to Verify Trust 177 W32 Time Service Not Running 177 Domain Controller monitoring 27 Domain Naming and Schema Operations Masters Differ
177
Domain Naming Operations Master Inconsistent alert
178
Domain Naming Operations Master Not a GC alert 178 Domain Naming Operations Master Not Responding
178
Index
196
DirectoryAnalyzer
Expand Object command 15 Exporting alert history 118 External application adding 126 editing 127 removing 127 External tools 124 External Tools Config command 124 External Tools Configuration dialog 124
Disabled alert 183 IP Address Miner Interval 186
K
KDC (Key Distribution Center) Service 190 KDC Service Not Running alert 171
L
Latency Miner Interval 186 Latency Times Tab 48 Launching ChangeAuditor 123 DirectoryTroubleshooter 123 DNSAnalyzer 123 external applications 121 LDAP (Lightweight Directory Access Protocol) 190 LDAP Connection dialog 73 LDAP Load Threshold Exceeded alert 171 LDAP Response Time Miner Interval 186 LDAP Response too Slow alert 171 LSASS CPU Load Threshold Exceeded 171 LSASS Virtual Memory Threshold Exceeded alert 172 LSASS Working Set Memory Threshold Exceeded alert
F
File Menu commands 14 File Replication Service 190 File Replication Service Not Running alert 169 Filter Empty Domains/Sites command 15 Find command 14, 20 tool bar button 20 Forest 190 information 45 statistics 44 Forest Role Owners Tab 47 Forest Summary Tab 44 Forest view 39 FRS (File Replication Service) 190 FRS Staging Area Disk Space Below Threshold alert
172 M
Maintaining the alert history database 119 Manage Email Notification Rules dialog 107 Managing your forest Consolidator Configurtion Utility 160 Menu bar 14 MMC snap-ins Domains and Trusts 123 Services 122 Sites and Services 122 Users and Computers 122 MOM (Microsoft Operations Manager) 191 Alert History Comments 33 alert types 29 Management Pack 38 MOM Alerts Tab 32 MOM Alerts command 18 Monitoring Active Directory 27
169
FRS Troubleshooter test 92
G
GC Load Threshold Exceeded alert 169 GC Replication Latency Threshold Exceeded alert 182 Generating reports 113 Global Catalog 190 Global Catalog Response Too Slow alert 170 Global Catalogs Tab 65 Group Policy Object Inconsistent alert 170
H
Harvest Partial NCs command 16 Help Menu 18 Hot Fixes Tab 69
I
Icons Enterprise Explorer 21 Information Pages 24, 43 Infrastructure Operations Master Hosts GC alert 178 Infrastructure Operations Master Inconsistent 179 Infrastructure Operations Master Not Responding 179 Inter Site Connection Tab 64 Inter-site Replication Manager alert 182 Inter-site Replication Partner Not Responding aler 170 Inter-Site Replication Topology Generation Disable 183 Intra-site Replication Partner Not Responding aler 170 Intra-Site Replication Topology Generation Index
N
Namespace 191 Naming context 191 Naming Context alerts 177 Domain Naming and Schema Operations Masters Differ 177 Domain Naming Operations Master Inconsistent
178
Domain Naming Operations Master Not a GC 178 Domain Naming Operations Master Not Responding 178 Infrastructure Operations Master Hosts GC 178 Infrastructure Operations Master Inconsistent 179
DirectoryAnalyzer
197
Infrastructure Operations Master Not Responding
179
PDC Operations Master Inconsistent 179 PDC Operations Master Not Responding 179 Replication Latency Threshold Exceeded 180 RID Operations Master Inconsistent 180 RID Operations Master Not Responding 180 Schema Operations Master Inconsistent 180 Schema Operations Master Not Responding 181 Schema Version Inconsistent 181 Naming Context Summary Tab 52 Naming Contexts monitoring 27 Net Logon Service 191 Net Logon Service Not Running alert 172 NETLOGON Not Shared alert 172 NetPro Technical Support 9 NetPro Website command 19 No Authority in Site to Resolve Universal Group Membership 183 Non-agented servers 22 NTFRS commands New Test 18, 92 View Test Results 18, 92 NTFRS CPU Load Threshold Exceeded alert 173 NTFRS Tests dialog 93 NTFRS Tests Results dialog 94 NTFRS Virtual Memory Threshold Exceeded alert 173 NTFRS Working Set Memory Threshold Exceeded alert
Remote Desktop 122 Removing external applications 127 Replica alerts Conflict Encountered During Replication 181 Consecutive Replication Failures Threshold
Exceeded 181
GC Replication Latency Threshold Exceeded 182 Objects Exist in the Lost and Found Container 182 Replica LDAP Miner Interval 186 Replica Trust Miner Interval 186 Replication 192 Replication activity window 138 Replication Information Tab 70 Replication Latency 192 command 16 dialog 103 graph 46 Replication Latency Threshold Exceeded alert 180 Replication Partner Count Too High alert 174 Replication Partner Not Responding alert 175 Replication Topology Closure alert 175 Replication Topology Not Closed Within Parent Site alert 175 Replication view 135 Avoid List 137 Report page 115 Reporting problems 9 Reports Menu commands 17 Reset Factory Defaults command 17 RID (Relative Identifier) 192 RID Operations Master Inconsistent alert 180 RID Operations Master Not Responding alert 180 RID Pool Below Threshold alert 175 RODC Alert Configuration command 104 RODC Alerts configuring server 104 RODC Allowed Password Replication Policy Incosistent alert 176 RODC Denied Password Replication Policy Inconsistent alert 176 Role Owners Details Tab 58 Routing Group 192 Routing Group Connectors Tab 78 Routing Group Master 192 Routing Group Tab 77
173 O
Objects Exist in the Lost and Found Container 182 Operations Master 191 Order page 117
P
Page Fault Threshold Exceeded alert 174 PDC (Primary Domain Controller) 191 PDC Operations Master Inconsistent alert 179 PDC Operations Master Not Responding alert 179 PDC Role Owner in Root Domain Has No External Time
174
Printing alert history 118 Product Info command 19 Product Support command 19 Properties Dropped Threshold Exceeded alert 174
S
Sampling Rates command 16, 102 tab 102 Schema 192 Schema Operations Master Inconsistent alert 180 Schema Operations Master Not Responding alert 181 Schema Version Inconsistent alert 181 Scope page 116
Q
Quest Software Contact information 10
R
Real-time diagnostics 134 Refresh tool bar button 20
Index
198
DirectoryAnalyzer
Server Avoid List 137 Server connectivity tests 87 Server Statistics Miner Interval 186 Service Locator Miner Interval 186 Services MMC snap-in 122 Show DCs w/o Agents command 14, 22 Show Full Screen command 15 Show Only Managed command 15 Site 192 view 20, 42 Site Agent 6, 192 Site Agent Not Updating alert 183 Site alerts 182 Alternate Enterprise Agent Not Updating 184 Exchange Server to GC ratio exceeded 182 Inter-site Replication Manager 182 Inter-Site Replication Topology Generation
U
Unable to Verify Trust alert 177 Usage statistics 66 Users and Computers MMC snap-in 122
V
View Menu commands 14 Viewing alert details 34 Viewing Alert History via DAWeb 155 Viewing alerts 29 via DA Web Portal 152
W
W32Time (Windows Time) Service 192 W32Time Service Not Running alert 177 Web portal 147 Windows Menu 18
Disabled 183
Intra-Site Replication Topology Generation
Disabled 183
No Authority in Site to Resolve
Universal Group Membership 183

Site Agent Not Updating 183 Too Few Global Catalogs in Site 184 Site and Services MMC snap-in 122 Site deployment information 61 Site Information Miner Interval 187 Site Information Tab 62 Site Summary Tab 60 Sites monitoring 28 SMB Connections Threshold Exceeded alert 176 SMTP Connectors Tab 80 SNMP Alerts command 16, 105 Starting DirectoryAnalyzer 11 Statistics DC alerts 185 Site alerts 187 statistics sampling rate settings 102 System overview 6 SYSVOL Disk Space Below Threshold alert 176 SYSVOL Not Shared alert 177
T
Technical Support 9 Time Sync Miner Interval 186 Too Few Global Catalogs in Site alert 184 Tool bar buttons 19 Tree 192 Troubleshooting Active Directory 87 Trust list 54
Index

Directory Analyzer Admin Guide

Uploaded by

Copyright:

Available Formats

Directory Analyzer Admin Guide

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Directory Analyzer Admin Guide

Uploaded by

Copyright:

Available Formats

DirectoryAnalyzer

2008 Quest Software, Inc. ALL RIGHTS RESERVED.

DirectoryAnalyzer Administrators Guide Updated - October 2008 Software Version - 4.9

Chapter 2: DirectoryAnalyzer Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -11

Chapter 3: Monitoring Active Directory - - - - - - - - - - - - - - - - - - - - - - - - - - - -27

Chapter 4: Browsing the Directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -39

Chapter 5: Browsing Exchange on Active Directory - - - - - - - - - - - - - - - - - -73

Chapter 6: Troubleshooting Active Directory - - - - - - - - - - - - - - - - - - - - - - - 87

Chapter 7: Configuring Alerts, Statistics and Alert Notifications - - - - - - - - 95

Chapter 8: Alert History and Reporting - - - - - - - - - - - - - - - - - - - - - - - - - - 113

Chapter 9: Launching External Applications - - - - - - - - - - - - - - - - - - - - - - 121

Chapter 10: DirectoryTroubleshooter Integration - - - - - - - - - - - - - - - - - - - 129

Chapter 11: ChangeAuditor Integration - - - - - - - - - - - - - - - - - - - - - - - - - - 141

Chapter 12: DirectoryAnalyzer Web Portal

Appendix A: DirectoryAnalyzer Alert Messages - - - - - - - - - - - - - - - - - - - -165

Appendix B: DirectoryAnalyzer Statistics - - - - - - - - - - - - - - - - - - - - - - - - -185

Glossary - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -189 Index - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -193

Whats in this Manual

Contacting Quest Software

Chapter 2: DirectoryAnalyzer Client

Starting the Client

Connecting to an Enterprise Agent

DirectoryTroubleshooter Use the DirectoryTroubleshooter command to launch DirectoryTroubleshooter product, if installed.

Use the Find button to locate an object in the Enterprise Explorer.

Enterprise View Icons

Chapter 3: Monitoring Active Directory

Monitoring Active Directory

Monitoring Active Directory

Monitoring Active Directory

Monitoring Active Directory

Current Alerts Tab

Monitoring Active Directory

MOM Alerts Tab

Monitoring Active Directory

Monitoring Active Directory

Viewing Alert Details

Alert/MOM Alert Details Tabs

Monitoring Active Directory

Monitoring Active Directory

Viewing Alert Summary Graphs

Alert Summary Graph

Accessing the Knowledge Base

Monitoring Active Directory

Monitoring Active Directory

MOM Management Pack

The management pack provides the following details:

Product Knowledge Tab

Monitoring Active Directory

Chapter 4: Browsing the Directory

Browsing the Directory

Application Partition View

Alert Summary Graph

Browsing the Directory

Browsing the Directory

Browsing the Directory

Browsing the Directory

Forest Summary Tab

The Forest Summary tab contains the following information:

Browsing the Directory