Active Directory Monitoring Made Easier
Make life with Windows 2000 easier by closely monitoring and troubleshooting Active Directory.
- By Tony Northrup
If your Active Directory malfunctions, your users may be denied access
to critical network resources. If an employee is fired, replication problems
may allow that employee to access resources on your network even after
you’ve removed his or her account. Since directory services are new to
Windows and therefore new to most Windows 2000 administrators, would you
know how to troubleshoot these problems? Would you even be aware if they
existed in your network?
NetPro has released a new product that anyone who administers a Win2K
network should consider buying. It’s called DirectoryAnalyzer, and it’s
designed to help you monitor and troubleshoot one of the most important
services on your network: Active Directory. Fortunately, NetPro has a
lot more experience with directory services than almost anyone else, since
they’ve been making utilities to help administrators with Banyan and Novell
directories for years.
DirectoryAnalyzer monitors your Active Directory infrastructure by means
of a software agent installed on each of your domain controllers. These
agents report through a hierarchy and ultimately to an administrative
console installed on your desktop. This distributed agent allows you to
monitor how any part of your directory is functioning from a single console.
Sure, you can use the MMC interface included with Win2K to view objects
in your directory, but it won’t tell you how long replication is taking
at an individual domain controller.
First, DirectoryAnalyzer monitors your directory services for problems
and alerts you if (and when) they occur. For example, if replication takes
longer than the threshold you specify, an alert will occur. This alert
is sent via SMTP and can be viewed either in the Event Viewer or the DirectoryAnalyzer
client. Similarly, it can alert you to problems with resolving those mysterious
SRV records that clients depend on to locate directory servers in the
Why do you need DirectoryAnalyzer to alert you to these problems? Because
problems with the Active Directory may manifest themselves in subtle and
constantly changing ways. If one Active Directory server is taking a long
time to respond to queries, your users’ networked applications may seem
lethargic. They may be refused access to files they need. The Exchange
Server may fail. Without DirectoryAnalyzer, it could take hours to isolate
the problematic domain controller.
Once you’ve identified a problem, you can use the included Knowledge
Base to read expert information provided by NetPro. This Knowledge Base
is context sensitive; the DirectoryAnalyzer client lets you jump directly
to the correct page detailing a problem you’re experiencing.
DirectoryAnalyzer can help you prevent problems, too, by alerting you
to slowing response times before it has gotten slow enough to cause applications
to time out. We’ve all seen servers slow down over time, often the result
of an application or service with a memory leak. With a new operating
system such as Win2K, you can expect some unpredictability. By carefully
tuning the thresholds within DirectoryAnalyzer, you can detect a problem
and schedule a server reboot before it has to be done as an emergency.
Finally, you can use the troubleshooting tools to further isolate the
problem. You can easily discover packet round-trip times between domain
controllers and check on how long it takes to get an answer to an Active
Directory query. Sure, you could do this in other ways: manually pinging
between domain controllers provides round-trip times, and Network Monitor
can be used to check Active Directory query times. However, DirectoryAnalyzer
provides this information in a few seconds instead of several minutes.
The client also allows you to browse the Active Directory from the perspective
of a single domain controller.
If your network is small—only a handful of domain controllers—you probably
won’t ever need a sophisticated tool like DirectoryAnalyzer. For simple
networks, the Active Directory administrative tools included with Win2K
Server will suffice. However, if you have more than five domain controllers,
or if you’re responsible for a worldwide network using low-bandwidth WAN
links or unpredictable VPN connections, DirectoryAnalyzer will make your
life easier by saving you troubleshooting time. Your manager will like
it, too, because the alerting tools will help you avoid downtime and thereby
improve user productivity.
Tony Northrup, MCSE, Compaq ASE, lives in the Boston area and is currently
a systems architect at Genuity. He’s the author of Introducing Windows
2000 Server (Microsoft Press) and NT Network Plumbing (IDG Books), and
co-author of Networking Essentials Unleashed (SAMS Publishing).