Presentation is loading. Please wait.

Presentation is loading. Please wait.

ADM313: Monitoring Active Directory with MOM Paul Reiner Program Manager Directory Services.

Published byGeorgina Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "ADM313: Monitoring Active Directory with MOM Paul Reiner Program Manager Directory Services."— Presentation transcript:

1 ADM313: Monitoring Active Directory with MOM Paul Reiner Program Manager Directory Services

2 Why Monitor Active Directory? AD problems can be extremely disruptive if left undetected Slow login / login failures / password issues Group Policy problems Resource access problems Exchange 2000 Issues AD problems are trivial to fix when detected early but rapidly become complex when ignored Replication issues can lead to security related issues More and more applications critically depend on AD everyday

3 When To Monitor Plan your AD monitoring solution before deploying AD Lab test your AD monitoring solution before deploying AD Monitor AD simultaneously with first DC deployment Pause new DC deployment if monitoring detects problems OR your monitoring solution fails

4 Key Takeaway All production deployments must have effective forest-wide AD monitoring

5 ADMP SP1 Design Goals Customers will receive a very small # of highly relevant alerts identifying the “root cause” wherever possible Very little configuration necessary Available before AD ships Easily customizable for very sophisticated implementations Excellent AD health definition (Built by the AD team for AD) Usable “out of the box” for very large AD deployments

6 Our Commitment to ADMP Three man years development effort including multi-month code review, dozens of meeting with the architects, PMs, and developers Validated ADMP in Windeploy, NTDEV, and Corp forests (as well as other internal forests) Scrubbed all event messages and KB (help) three times for legibility, completeness, and usability Verified ADMP quality against known test suites Used by AD development team to help validate next version of AD works as expected

7 Interesting Stats Two new WMI providers (replprov and trustmon) were created to expose critical information ADMP is used exclusively for all production AD health monitoring for Microsoft worldwide (total of > 250 DCs) Currently at 400+ rules, 12 scripts, 42 reports, and six dependency services included > 100x improvement in many areas over version originally acquired by Microsoft

8 “Is My Current Monitoring Solution Sufficient?”

9 Common 3 rd Party Issues Event log rules will be missing or misapplied Thresholds are far too simplistic and either false trigger or miss critical problems Scripts either missing or cause wan saturation Failure to monitor other “key” related services FRS, ISM, KDC, NETLOGON, … Incomplete understanding of AD leads to huge gaps (duplicate SPNs issues, lingering objects, lack of application partitions support, AD/AM support, … ) Failure to account for behavior changes in service packs Requires extensive customization Product requires EXTENSIVE AD Knowledge

10 ADMP Successes Centralized view of a distributed system Complete end-to-end monitoring Extremely WAN efficient Include supporting views and reports Include key performance Indicators All rules will have “knowledge” about the most common reasons for the error and suggested next steps Usable by large enterprises “out of the box”

11 Client Side Monitoring Completing the picture

12 Phoenix DC3 DC4 Redmond DC1 DC2 Exchange Exchange User MOM Help Desk Exchange is slow! WHY ? Everything is fine!

13 Client Side Monitoring Ensures AD is available for Exchange and other directory-enabled apps at the app server Tests all necessary AD interfaces ICMP and LDAP ping LDAP bind and sub-search MAPI protocol head Very granular control Target specific GCs/DCs Target all DCs in a site Target all DCs in a domain

14 Client Side Monitoring Very WAN efficient Can be placed near/on the app server of interest Trends key LDAP perf indicators Can run on any box running MOM agent “Closes the loop” by providing MOM the client’s perspective of AD health

15 Phoenix DC3 DC4 Redmond DC1 DC2 Exchange MOM Client pack Connectivity tests Alert: Client is going to out of site DC Alert: Server response time exceeded limits

16 Phoenix DC3 DC4 Redmond DC1 DC2 MOM Generic App Separate PC Client pack No impact to existing generic app server No impact to existing generic app server Both boxes sit next to each other Both boxes sit next to each other Separate administration Separate administration

17 AD Reporting 42 reports covering health, discovery, and trending Commonly uncovers problems missed by monitoring systems alone Very useful in reducing load on AD and noise across WAN

18

19 New In SP1 Supports all Windows Server 2003 features today New Windows 2003 WMI provider to monitor Trust relationships New WMI provider to monitor replication partner health New script to correlate high CPU and queue lengths to minimize false alerting on undersized DCs but still alert when they are running too hot All scripts extensively reworked to provide simple clear messages with DNS name and IP address of source and target (where appropriate); designed to scale to several thousand servers Provides very low # of highly relevant alerts (suitable for paging operators) (Better than 100:1 reduction of alerts from NetIQ version. Better than 10:1 reduction from MOM 1.0) Client side monitoring Supports large deployments “out of the box” Extensive new KB Globalization support

20 Supporting Documents ADMP Users Guide is now shipping! Installation, configuration, and best-practices operations information Specific support for large branch office scenarios & extremely low-bandwidth wan links http://www.microsoft.com/technet/treeview/default.asp?url=/technet/pr odtechnol/mom/maintain/operate/AdmpDOg.asp ADMP Technical Reference Guide will release to web on 7/15/03

21 Summary Monitoring AD is essential! Not all monitoring solutions are alike Comprehensive monitoring with MOM is now available Designed and built by AD Engineering Used by Microsoft internally for both production forests Windows Server 2003 ready today!

22 Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx

23 The tools you need to put technology to work! Suggested Reading And Resources TITLE Available Today Active Directory® for Microsoft® Windows® Server 2003 Technical Reference: 0-7356-1577-2 Microsoft® Windows® Server 2003 Administrator's Companion: 0-7356-1367-2 Today Microsoft Press books are 20% off at the TechEd Bookstore Also buy any TWO Microsoft Press books and get a FREE T-Shirt

24 evaluations evaluations

25 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "ADM313: Monitoring Active Directory with MOM Paul Reiner Program Manager Directory Services."

Similar presentations

Monitoring Exchange 2010 with System Center Operations Manager

Monitoring Exchange 2010 with System Center Operations Manager
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.

WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
MSG302 Deploying Exchange Server Overview Sasa Juratovic Consultant Microsoft Ltd.

MSG302 Deploying Exchange Server Overview Sasa Juratovic Consultant Microsoft Ltd.
More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

More Control and Flexibility Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.
OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks www.sambrooks.com.

OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks
Understanding Active Directory

Understanding Active Directory
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
System Center Operations Manager 2007 Dave Northey Microsoft Ireland.

System Center Operations Manager 2007 Dave Northey Microsoft Ireland.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
WELCOME!. Web Administration Summit 2006 Learn to optimize your Web Platform from the experts who built it Featuring Chris Adams & Wade Hilmo.

WELCOME!. Web Administration Summit 2006 Learn to optimize your Web Platform from the experts who built it Featuring Chris Adams & Wade Hilmo.
OFC304 Excel 2003 Overview: XML Support Joseph Chirilov Program Manager.

OFC304 Excel 2003 Overview: XML Support Joseph Chirilov Program Manager.
Everything the web administrator needs to know about MOM 2005 Chris Adams Program Manager IIS Product Unit Microsoft Corp.

Everything the web administrator needs to know about MOM 2005 Chris Adams Program Manager IIS Product Unit Microsoft Corp.
Module 8 Configuring and Securing SharePoint Services and Service Applications.

Module 8 Configuring and Securing SharePoint Services and Service Applications.
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.

OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
DEV290 Building Office Solutions with Visual Studio Eric Carter Lead Developer Developer Platform & Evangelism Microsoft Corporation.

DEV290 Building Office Solutions with Visual Studio Eric Carter Lead Developer Developer Platform & Evangelism Microsoft Corporation.

Similar presentations

Ads by Google