Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Managing Active Directory Performance Active Directory Performance Monitoring Tools Active Directory Support Tools Monitoring Access to Shared Folders.

Published byMarvin Anthony Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Managing Active Directory Performance Active Directory Performance Monitoring Tools Active Directory Support Tools Monitoring Access to Shared Folders."— Presentation transcript:

1 1 Managing Active Directory Performance Active Directory Performance Monitoring Tools Active Directory Support Tools Monitoring Access to Shared Folders

2 2 Active Directory Performance Monitoring Tools Performance Monitoring Tools The Event Viewer Console The Performance Console System Monitor Performance Logs and Alerts Practice: Using System Monitor

3 3 Uses for Active Directory Performance Data Understand Active Directory performance and the corresponding effect on the system’s resources Observe changes and trends in performance and resource usage to enable future planning Test configuration changes or other tuning efforts by monitoring the results Diagnose problems and target components or processes for optimization

4 4 Performance Monitoring Tools The Event Viewer console allows log files and error messages sent by applications to be viewed. The Performance console provides a graphical way to view performance of Active Directory according to the measurements, or counters, selected. The Performance console also provides a means to log activity or send alerts according to those measurements and view the logs either printed or online.

5 5 Event Viewer Console Directory Service Log

6 6 Event Viewer Console Monitors both Windows-wide events, such as application, system, and security events, and service-specific events, such as directory service events. Events are recorded in event logs. The directory service event logs should be the first item used to investigate the causes of Active Directory problems. Event log information can be used to better understand the sequence and types of events that led up to a particular performance problem. Windows 2000 security logs operate in a similar fashion to the event logs used to monitor Active Directory performance.

7 7 Event Logs for Monitoring Active Directory Performance Application log: Contains errors, warnings, or information that applications, such as a database server or an e-mail program, generate Directory Service log: Contains errors, warnings, and information that Active Directory generates File Replication Service log: Contains errors, warnings, and information that the File Replication service generates System log: Contains errors, warnings, and information that Windows 2000 generates

8 8 The Performance Console Monitors conditions within local and remote computers anywhere in the network and summarizes performance at selected intervals Uses various counters for monitoring real-time resource usage Logs results into a file so that historical performance problems can be viewed and diagnosed Monitors resource usage of other computers that run server services on the network Used for collecting baseline performance data Configured to send alerts to the event log or other locations about exceptions to the baseline Contains two snap-ins: System Monitor and Performance Logs and Alerts

9 9 System Monitor

10 10 System Monitor Measures Active Directory Performance Collects and displays real-time performance data on a local computer or from several remote computers Displays data collected either currently or previously recorded in a counter log Presents data in a printable graph, histogram, or report view Incorporates System Monitor functionality into Microsoft Word or other applications in the Microsoft Office suite by means of Automation Creates HTML pages from performance views Creates reusable monitoring configurations that can be installed on other computers using MMC

11 11 System Monitor Defining the Active Directory Data to Collect Type of data: To select the data to be collected, performance objects and performance counters are specified Source of data: System Monitor can collect data from the local computer or from other computers on the network where permissions exist; additionally, real-time data or data collected previously can be included using counter logs Sampling parameters: System Monitor supports manual, on- demand sampling or automatic sampling based on a specified time interval; starting and stopping times can be selected to view data spanning a specific time range

12 12 System Monitor Designing System Monitor’s Appearance Type of display: System Monitor supports chart, histogram, and report views Display characteristics: For any of the three display types, characteristics, colors, and fonts for the display can be defined

13 13 System Monitor Defining Data for Monitoring To begin monitoring data, performance objects and performance counters are specified. Performance object: A logical connection of counters associated with a resource or service that can be monitored Performance counters: The multitude of conditions that can apply to a performance object Using System Monitor enables the activity of performance objects to be tracked through the use of counters. To monitor Active Directory, the activity of the NTDS performance object is monitored.

14 14 NTDS Performance Object Counters The NTDS performance object contains many performance counters that provide statistics about Active Directory performance. After determining the desired statistics to monitor, the matching performance counters must be found. Performance counters can provide some baseline analysis information for capacity and performance planning. Counters that are suited for capacity planning contain the word “total” in their name. Each counter has its own guidelines and limits.

15 15 Types of Counters Statistic counters: Show totals per second Ratio counters: Show percentage of total Accumulative counters: Show totals since Active Directory was last started

16 16 Add Counters Dialog Box

17 17 Counter Logs Similar to System Monitor, counter logs support the definition of performance objects and performance counters and setting sampling intervals for monitoring data about hardware resources and system services. Counter logs collect performance counter data in a comma- or tab-separated format for easy import to spreadsheet or database programs. Logged counter data can be viewed using System Monitor, or exported to a file for analysis and report generation.

18 18 Trace Logs Uses the default system data provider or another nonsystem provider to record data when certain activities occur, such as a disk I/O operation or a page fault. The provider sends the data to the Performance Logs and Alerts service when the event occurs. Trace logs wait for a specific event to occur, unlike counter logs, which obtain data from the system at intervals. Active Directory nonsystem providers include those for NetLogon, Kerberos, SAM, and Windows NT Active Directory Service. These providers generate trace log files containing messages that may be used to track the operations performed. A parsing tool is required to interpret the trace log output.

19 19 Logging Options for Counter and Trace Logs Define start and stop times, file names, file types, file sizes, and other parameters. Start and stop logging manually on demand or automatically. Configure additional settings for automatic logging. Define a program that runs when a log is stopped. View logs during collection as well as after collection has stopped; data collection occurs regardless of whether any user is logged on to the computer being monitored.

20 20 Counter and Trace Logging Requirements To create or modify a log, Full Control permission is required for the following registry key, which controls the Performance Logs and Alerts service: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\SysmonLog\Log Queries. To run the Performance Logs and Alerts service, permission to start or otherwise configure services on the system is required. Administrators have this right by default. To log data on a remote computer, the Performance Logs and Alerts service must run under an account that has access to the remote system.

21 21 Log Files Tab of the Counter Log’s Dialog Box

22 22 Schedule Tab of a Counter Log’s Dialog Box

23 23 Trace Log–Specific Options in the Log Files Tab Log File Type: The desired format for this log file Circular Trace File: Defines a circular trace log file (.etl), used to record data continuously to the same log file, overwriting previous records with new data. Sequential Trace File: Defines a sequential trace log file (.etl) that collects data until it reaches a user-defined limit and then closes and starts a new file. Log File Size: Select this option for circular logging Maximum Limit: Data is continuously collected in a log file until it reaches limits set by disk quotas or the OS. Limit Of: The maximum size, in megabytes, of the log file.

24 24 Alerts Similar to System Monitor and counter logs, alerts support the use of performance objects and performance counters and setting sampling intervals for monitoring data about hardware resources and system services. Using this data, an alert can be created for a counter, which logs an entry in the application event log, sends a network message to a computer, starts a performance data log, or runs a program when the selected counter’s value exceeds or falls below a specified setting. An alert scan can be started or stopped either manually on demand or automatically based on a user-defined schedule.

25 25 Action Tab and Command Line Arguments Dialog Box

26 26 Active Directory Support Tools Overview LDP.EXE: Active Directory Administration Tool REPLMON.EXE: Active Directory Replication Monitor REPADMIN.EXE: Replication Diagnostics Tool DSASTAT.EXE: Active Directory Diagnostic Tool SDCHECK.EXE: Security Descriptor Check Utility NLTEST.EXE ACLDIAG.EXE: ACL Diagnostics DSACLS.EXE

27 27 GUI Tools LDP.EXE: Active Directory Administration Tool REPLMON.EXE: Active Directory Replication Monitor

28 28 Command-Line Tools REPADMIN.EXE: Replication Diagnostics Tool DSASTAT.EXE: Active Directory Diagnostic Tool SDCHECK.EXE: Security Descriptor Check Utility NLTEST.EXE ACLDIAG.EXE: ACL Diagnostics DSACLS.EXE

29 29 LDP.EXE: Active Directory Administration Tool Allows users to perform LDAP operations, such as connect, bind, search, modify, add, and delete, against any LDAP-compatible directory LDAP is an Internet standard wire protocol used by Active Directory. Graphical tool located on the Tools menu within Windows 2000 Support Tools Used by administrators to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata

30 30 REPLMON.EXE: Active Directory Replication Monitor Enables administrators to do various tasks View the low-level status of Active Directory replication Force synchronization between domain controllers View the topology in a graphical format Monitor the status and performance of domain controller replication through a graphical interface Located on the Tools menu within Windows 2000 Support Tools

31 31 Active Directory Replication Monitor Features Graphic displays Replication status history Property pages Status report generation Server Wizard Graphical site topology Properties display Statistics and replication state polling Replication triggering KCC triggering Display nonreplicated changes

32 32 REPADMIN.EXE: Replication Diagnostic Tool Command-line tool that assists administrators in diagnosing replication problems between Windows 2000 domain controllers Allows the administrator to view the replication topology as seen from the perspective of each domain controller Used to manually create the replication topology, force replication events between domain controllers, and view both the replication metadata and up-to-dateness vectors

33 33 DSASTAT.EXE: Active Directory Diagnostic Tool Command-line tool that compares and detects differences between naming contexts on domain controllers Used to compare two directory trees across replicas within the same domain or, in the case of a global catalog, across different domains Retrieves capacity statistics, such as MB per server, objects per server, and MB per object class, and performs comparisons of attributes of replicated objects

34 34 DSASTAT.EXE: Active Directory Diagnostic Tool (con’t) The user specifies the targeted domain controllers and additional operational parameters from the command line or from an initialization file. Determines whether domain controllers in a domain have a consistent and accurate image of their own domain. Checks whether the global catalog has a consistent image with domain controllers in other domains. Used to ensure that domain controllers are up-to-date with one another.

35 35 SDCHECK.EXE: Security Descriptor Check Utility Command-line tool that displays the security descriptor for any object stored in the Active Directory Displays the object hierarchy and any ACLs that are inherited by the object from its parent Displays the security descriptor propagation metadata so that administrators can monitor these changes with respect to propagation of inherited ACLs as well as replication of ACLs from other domain controllers Used to ensure that domain controllers are up-to-date with one another

36 36 NLTEST.EXE Command-line tool that helps perform network administrative tasks Test trust relationships and the state of a domain controller replication in a Windows domain Query and check on the status of trust Force a shutdown Get a list of PDCs Force a user account database into sync on Windows NT 4.0 or earlier domain controllers Runs only on x86-based machines

37 37 ACL Diagnostics: ACLDIAG.EXE Command-line tool that helps diagnose and troubleshoot problems with permissions on Active Directory objects Reads security attributes from ACLs and outputs information in either readable or tab-delimited format Tab-delimited format can be uploaded into a text file for searches on particular permissions, users, or groups, or into a spreadsheet or database for reporting. Provides some simple cleanup functionality

38 38 ACL Diagnostics: ACLDIAG.EXE (con’t) Enables administrators to perform several tasks Compare the ACL on a directory service object to the permissions defined in the schema defaults Check or fix standard delegations performed using templates from the Delegation of Control Wizard in the Active Directory Users and Computers console Get effective permissions granted to a specific user or group or to all users and groups that show up in the ACL Displays only the permissions of objects the user has the right to view Can’t be used on GPOs because they are virtual objects that have no distinguished name

39 39 DSACLS.EXE Command-line tool that facilitates management of ACLs for directory services Used for general-purpose ACL reporting and setting from the command prompt Enables administrators to query and manipulate security attributes on Active Directory objects Command-line equivalent of the Security page on various Active Directory snap-in tools Provides security configuration and diagnosis functionality on Active Directory objects

40 40 Monitoring Access to Shared Folders Why Monitor Network Resources? Network Resource Monitoring Requirements Monitoring Access to Shared Folders Monitoring Open Files Disconnecting Users from Open Files Sending Console Messages Practice: Managing Shared Folders

41 41 Reasons to Assess and Manage Network Resources Maintenance: Which users are currently using a resource can be determined so that they can be notified before resources are made temporarily or permanently unavailable Security: User access to resources that are confidential or need to be secure can be monitored to verify that only authorized users are accessing them Planning: Which resources are being used and how much they are being used can be determined so that future system growth can be planned

42 42 Shared Folders Snap-In Included in Windows 2000 so that access to network resources can be easily monitored and administrative messages can be sent to users Preconfigured in the Computer Management console, allowing resources on the local computer to be monitored When added to an MMC, enables the administrator to specify whether the resources should be monitored on the local computer or on a remote computer

43 43 Groups that Can Access Network Resources Administrators or Server Operators for the domain: Can monitor all computers in the domain Administrators or Power Users for a member server: Can monitor that computer Administrators or Power Users for a stand-alone server: Can monitor that computer Administrators or Power Users for computers running Microsoft Windows 2000 Professional: Can monitor that computer

44 44 Shares Folder of the Shared Folders Snap-In

45 45 Monitoring Access to Shared Folders The Shares folder in the Shared Folders snap-in is used to view a list of all shared folders on the computer. The Shares folder also is used to determine how many users have a connection to each folder.

46 46 Fields in the Details Pane for the Shares Folder Shared Folder: The name of the shared folders on the computer Shared Path: The path to the shared folder Type: The OS that must be running on a computer so that it can be used to gain access to the shared folder # Client Redirections: The number of clients who have made a remote connection to the shared folder Comment: Descriptive text about the folder; provided when the folder was shared

47 47 Open Files Folder of the Shared Folders Snap-In

48 48 Monitoring Open Files The Open Files folder in the Shared Folders snap-in is used to view a list of open files that are located in shared folders and the users who have a current connection to each file. This information can be used to contact users to notify them that the system will be shut down. Which users have a current connection and should be contacted when another user is trying to gain access to a file that is in use can also be determined.

49 49 Information Available in the Open Files Folder Open File: The name of the open files on the computer Accessed By: The logon name of the user who has the file open Type: The OS running on the computer where the user is logged on # Locks: The number of locks on the file Open Mode: The type of access that the user’s application requested when it opened the file, such as Read or Write

50 50 Disconnecting Users from Open Files Users can be disconnected from one open file or from all open files. If changes are made to NTFS permissions for an open file, the new permissions will not affect the user until the file is closed and the user attempts to reopen it.

Download ppt "1 Managing Active Directory Performance Active Directory Performance Monitoring Tools Active Directory Support Tools Monitoring Access to Shared Folders."

Similar presentations

Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 10 Performance Tuning.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Chapter 14 Chapter 14: Server Monitoring and Optimization.

Chapter 14 Chapter 14: Server Monitoring and Optimization.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
13.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

13.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 10: Collect and Analyze Performance Data.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Thirteen Performing Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory

Similar presentations

Ads by Google