Application - Microsoft Active Directory Opspack
Active Directory (AD) is a Microsoft product that consists of several services that run on Windows Server to manage permissions and access to networked resources. The main service in Active Directory is Domain Services, which stores directory information and handles the interaction of the user with the domain. AD stores information about objects on the network using a structured data store as the basis for a logical, hierarchical organization of directory information which makes this information easy for administrators and users to find and use.
What You Can Monitor Copied
This Opspack allows you to monitor all the metrics you need to efficiently run a Microsoft Active Directory Service, providing service checks for high level status information about services, threads, Security Accounts Manager, and Address Book, as well as important metrics for the Active Directory Replication status.
Host Templates Copied
The following Host Templates are currently provided by this Opspack. Click the name of each Host Template to be taken to the relevant information page, including a full Service Check description and usage instructions.
Host Template | Description |
---|---|
Application - Active Directory - Replication | Monitor replication metrics for Active Directory |
Application - Active Directory - Services | Monitor performance metrics for Active Directory services |
Application - Active Directory - Threads | Monitor Active Directory threads usage |
Application - Active Directory - Address Book | Monitor an Active Directory Address Book |
Application - Active Directory - Security Accounts Manager | Monitor an Active Directory Security Accounts Manager |
Application - Active Directory - DNS | Monitor performance metrics for an Active Directory DNS Server |
Application - Active Directory - Database | Monitor performance metrics for an Active Directory Database |
Prerequisites Copied
- To use this Opspack, your Windows host must first be configured for Powershell Agentless Monitoring.
- Ensure you have set your LD_LIBRARY_PATH to /opt/opsview/krb5/lib when trying to execute this service check from the command line and your authentication method is kerberos. e.g
LD_LIBRARY_PATH=/opt/opsview/krb5/lib:$LD_LIBRARY_PATH check_by_winrm ARGUMENTS
Setup Microsoft Active Directory for Monitoring Copied
Setup Windows Hosts for Monitoring Copied
By default, Windows hosts will not allow remote PowerShell scripts to run, which is required for Opsview Agentless Monitoring plugins to work.
This can be configured manually by the Windows Host administrator, or automatically using our recommended approach by running the ConfigureRemoting.ps1 Powershell script on the Windows Host.
Powershell Agentless Monitoring requires at least version 5.0 of Powershell. Check the Powershell version on your Windows Host by running:
$PSVersionTable.PSVersion
Run the ConfigureRemoting.ps1
script with Administrator privileges using a Powershell terminal. This will configure firewall rules, self-signed SSL certificates and authentication for PowerShell remoting.
Check this has been configured properly by running:
winrm quickconfig
You should get the following output:
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
By default port 5985 must be opened from the Opsview monitoring server to the Windows host you wish to check. WinRM utilises the HTTP/HTTPS protocol and can be configured to use certificates to secure the data in transit.
Ensure the service is listening by running:
For HTTP: netstat -an | findstr 5985
For HTTPS: netstat -an | findstr 5986
When using basic authentication with WinRM, the following commands must also be run on the windows host:
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
If you receive a 500 error, which is a known issue on Windows Server 2016, you may need to install WinRM-IIS-Ext. You can do so by running the following command:
Add-WindowsFeature winrm-IIS-Ext