What is Active Directory?
Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. It is designed especially for distributed networking environments.
The Domain Controller is one of the most important services that is provided by the Active Directory. The Domain Controller is a server that responds to security authentication requests, such as logging in or checking permissions. GSX not only monitors the Active Directory, but the Domain Controller as well.
Monitoring the Active Directory is critical because it deals with every part of the IT infrastructure, from people to machines to appliances to applications and services. Thus, the performance of the Active Directory is as important as the pure availability of its server.
Active Directory performance and availability will impact the applications that rely on it to work properly, and therefore service delivered to the users will be impacted. Monitoring the Active Directory can prevent security breaches, overloading the help desk team, and authentication failures due to replication problems (which can block users and prevent them to use unified communication applications).
Here are three scenarios that illustrate why monitoring is important:
Many enterprises consider Active Directory as a robust platform, and this is true — it is a pretty stable application. However, one of the primary jobs of the Active Directory server, replication, is a less robust process that depends a great deal on the quality of the network. GSX provides replication health monitoring to detect, alert, and diagnose intra- and extra-site health. GSX also provides tools to troubleshoot possible network performance problems that lead to replication issues. By enabling proactivity and instant alerts on the health, usage, and performance of replications, GSX for Active Directory considerably optimizes the management of the Active Directory services.
Hybrid environments are a mix of on-premises and Online mailboxes, and require special attention. In a Hybrid Exchange deployment, the Active Directory needs to work with the Directory Synchronization services in order to replicate changes in the Active Directory of Office 365. GSX support both Active Directory and DirSync to confirm that this synchronization has been made without error. GSX DirSync monitoring was originally released in 2015, and now a combination of Active Directory and DirSync monitoring reinforces the value of monitoring in hybrid environment.
Active Directory and roles
Active directory is split in different roles. GSX is looking for role assignment in real time and can send an alert if a role is no longer on a specific Active Directory. This proactive monitoring of roles allows you to detect a possible crash of an Active Directory in the global architecture.
How does GSX monitor Active Directory?
GSX provides a real-time dashboard for end-to-end performance diagnostics. With this unified dashboard, IT administrators can monitor and troubleshoot the Active Directory, the applications that are using it (such as Microsoft Exchange, SharePoint, Lync, Office 365), and the network.
GSX tracks the following:
- Availability and performance of Active Directory Server
- Windows servers: The GSX Swiss Knife connects to the Windows server where the Active Directory is installed, and checks the server to ensure resources are optimal for both the Active Directory and replication to work correctly, including:
- CPU usage and alert threshold
- Critical Windows services availability
- Network diagnostics: GSX continuously measures the network latency to ensure optimal performance and safe replications for intra- and extra-sites. GSX checks the Active Directory service availability itself, independently from the server’s resources, to ensure constant performance and availability of critical Active Directory services through:
- Ping of the servers
- Telnet on the dedicated port to ensure it is opened
- Active Directory Domain Service (NTDS) availability
- End-to-end scenarios: GSX performs end-user scenario, connecting as a user would connect in order to proactively detect issue and save time of help desk and IT team. One of them is the Exchange authentication: it simulates a user trying to authenticate through Microsoft applications (Exchange, SharePoint, Lync, Office 365).
- Replication Health Monitoring: GSX provides the only automatic way to detect and diagnose your replications intra- and extra-site health at server, domain, forest or site level.
- Active Directory Binding Status: The binding time is the time it takes for the Active Directory to exchange incoming credentials for a token that authenticates the user for one or several applications. The binding time generally increases because the server is loaded, and some applications will refuse authentication if the binding time is too high. Tracking the binding time and the number of client sessions allows the IT team to drastically reduce the MTTR of authentication issues. GSX retrieves the LDAP Binding Time and LDAP Client Session these statistics in order to continuously follow the performance of the main service of the Active Directory.
- Role assignment: GSX is looking for role assignment in real time and can send alert if a role is not anymore on a specific Active Directory.
What are the benefits of monitoring the Active Directory?
End-to-end monitoring of Active Directory using end-user scenarios enables true proactivity in Active Directory management and allows you to track critical performance counters for efficient replication health monitoring. GSX’s real-time dashboard can be shared across multiple teams relying directly on Active Directory performance and health, so that you can measure performance from multiple locations to detect IT bottlenecks. This means easier troubleshooting, reduced MTTR, and less calls to the help desk.