Recipe 15.10 Using Perfmon to Monitor AD

15.10.1 Problem

You want to use Perfmon to monitor the performance of Active Directory.

15.10.2 Solution

15.10.2.1 Using a graphical user interface
  1. Open the Performance Monitor.

  2. Click on System Monitor in the left pane.

  3. Type Ctrl + I. This will bring up the page to add counters.

  4. Under Select counters from computer, enter the name of the domain controller you want to target.

  5. Select the NTDS performance object.

  6. Select the counters you want to monitor.

  7. After you done with your selections, click Close.

15.10.3 Discussion

There are several Perfmon counters that can be very valuable for monitoring and troubleshooting Active Directory. The NTDS performance object has counters for address book lookups, inbound and outbound replication, LDAP reads, writes and searches, Kerberos authentication, and the Security Account Manager (SAM).

Here is a list of some of the most useful NTDS counters. I've also included their Perfmon explanation, which you can view by clicking on the Explain button in the Add Counters dialog box.

DRA Inbound Bytes Total/sec

Shows the total number of bytes replicated in. It is the sum of the number of uncompressed bytes (never compressed) and the number of compressed bytes (after compression).

DRA Inbound Objects/sec

Shows the number of objects received from neighbors through inbound replication. A neighbor is a domain controller from which the local domain controller replicates locally.

DRA Inbound Values Total/sec

Shows the total number of object property values received from inbound replication partners. Each inbound object has one or more properties, and each property has zero or more values. Zero values indicates property removal.

DRA Outbound Bytes Total/sec

Shows the total number of bytes replicated out. It is the sum of the number of uncompressed bytes (never compressed) and the number of compressed bytes (after compression).

DRA Outbound Objects/sec

Shows the number of objects replicated out.

DRA Outbound Values Total/sec

Shows the number of object property values sent to outbound replication partners.

DRA Pending Replication Synchronizations

Shows the number of directory synchronizations that are queued for this server, but not yet processed.

DS Client Binds/sec

Shows the number of Ntdsapi.dll binds per second serviced by this DC.

DS Directory Reads/sec

Shows the number of directory reads per second.

DS Directory Searches/sec

Shows the number of directory searches per second.

DS Directory Writes/sec

Shows the number of directory writes per second.

KDC AS Requests

Shows the number of Authentication Server (AS) requests serviced by the Kerberos Key Distribution Center (KDC) per second. AS requests are used by client to obtain a ticket-granting ticket.

KDC TGS Requests

Shows the number of Ticket Granting Server (TGS) requests serviced by the KDC per second. TGS requests are used by the client to obtain a ticket to a resource.

Kerberos Authentications

Shows the number of times per second that clients use a ticket to this DC to authenticate to this DC.

LDAP Bind Time

Shows the time, in milliseconds, taken for the last successful LDAP bind.

LDAP Client Sessions

Shows the number of currently connected LDAP client sessions.

LDAP Searches

Shows the percentage of directory searches coming from LDAP.

LDAP Searches/sec

Shows the rate at which LDAP clients perform search operations.

LDAP Successful Binds

Shows the percentage of LDAP bind attempts that are successful.

LDAP Successful Binds/sec

Shows the number of LDAP binds per second.

LDAP Writes

Shows the percentage of directory writes coming from LDAP.

LDAP Writes/sec

Shows the rate at which LDAP clients perform write operations.



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List