Extend the platform,
empower your team.
Monitor the health and performance of Microsoft Active Directory services.
ExtensionThis Dynatrace extension monitors foundations of the Microsoft Active Directory services health and performance. Relevant metrics are obtained from the local WMI metrics store on the AD server where the extension runs. While combining all relevant data into pre-configured dashboards, this extension also enables alerting and event tracking.
This is intended for users, who:
This extension enables you to:
This extension has a companion: This is foundational extension for AD monitoring and there is a companion Active Directory extended monitoring extension available, which supplements the solution with several key metrics, for a complete AD observability pack. For best results, activate both extensions in your environment.
Simply activate this extension using the in-product Dynatrace Hub.
Further reading: broaden your knowledge on Dynatrace extensions in the Dynatrace Documentation: Extensions 2.0 overview
Note: breaking change
. Metric names changed, affecting timeseries continuity, alerts and custom dashboards.
Release 3 of the ActiveDirectory extension consolidates metrics from a number of previously available public and custom extensions that targeted ActiveDirectory. Because of the breadth of consolidation (Active Directory services, AD Replication, versions for Extension Framework 1 and 2), we had to unify metric naming and thus define all metrics names from the ground up. We trust you will find them more self-explanatory and easier to use now, as the names are shorter. They are also aligned with the companion extension mentioned earlier.
As a consequence:
add new configuration
instead of updating the previous one. Previous 2.x AD extension configuration can't be updated. Remember to remove the previous configuration, so metrics won't be collected twiceRevisit any metric alerts
and dashboards you've created using AD metrics. You need to replace previously used metrics with the new ones, as their names and IDs changedremove
Microsoft Active Directory replication and start using
Active Directory extended monitoring instead.The Active Directory services extension is built on top of the Extension Framework 2.0 and uses WMI to obtain metrics. Therefore, this extension data set is limited to KPIs available to the WMI queries.
The extension package contains:
Note on some metrics availability:
Windows Server 2022 brought a change to the metrics set returned by the Win32_PerfRawData_Lsa_SecuritySystemWideStatistics
class. Because of this change, the AD extension is unable to report on "NTLM Authentications" and "Kerberos Authentications" metrics and these metrics have been removed from the extension. Consequently, these metrics won't be reported also when this extension is activated on earlier Windows servers. More information on this change and reasons behind it can be found on Microsoft KB pages.
A: An estimated formula for DDU consumption of the extension is:
92 * number of Domain Controllers * 525.6 DDUs/year
Typical consumption for a single-domain AD server, hosting one DHCP server and one LDAP instance, amounts to 48,355 DDUs/year
. It may be slightly lower if you disable some feature sets in the extension configuration. Compare number of metrics provided in specific feature sets.
DDU cost above does not include any possible Log events or Custom events triggered by the extension. For more information on this, please visit the DDU log event cost and DDU custom event cost pages.
A: Verify whether you have specific services running on your AD server. If a service is not running - disable feature set describing that service in the extension configuration. Example error text you may encounter:
**Cannot execute query: DHCPServerv6 on device ******** err:Exception occurred. (Invalid class )**
means you should disable the DHCPv6 feature set because your AD server does not run DHCPv6 service, so extension won't be able to obtain metrics for this service.
A: Currently all WMI-based extensions can be activated either locally or remotely. Although Remote activation is technically supported, it may be challenging to arrive at the proper set of the remote user privileges required to access AD host WMI store over the network.
Note: in the future releases we plan to remove the possibility of remote activation of this extension.
A: Remote activation means that AD metrics won't be enriched with the AD host dimensions that would have been known if OneAgent were running on the AD host, which may affect reporting screens and drilldowns. Therefore, stick to the Local activation on the AD hosts, making sure that OneAgent is also installed on your AD hosts.
Note: in the future releases we plan to remove the possibility of remote activation of this extension.
Below is a complete list of the feature sets provided in this version. To ensure a good fit for your needs, individual feature sets can be activated and deactivated by your administrator during configuration.
Metric name | Metric key | Description | Unit |
---|---|---|---|
ESENT Database I/O reads rate (Local Security Authority) | active-directory.lsass.esent.database.io.reads.persec.count | Number of ESENT Database I/O reads per second for the Local Security Authority | PerSecond |
ESENT Database I/O read latency (Local Security Authority) | active-directory.lsass.esent.database.io.reads.latency.avg.count | ESENT Database I/O read latency for the Local Security Authority | MilliSecond |
ESENT Database I/O writes rate (Local Security Authority) | active-directory.lsass.esent.database.io.writes.persec.count | Number of ESENT Database I/O writes per second for the Local Security Authority | PerSecond |
ESENT Database I/O write latency (Local Security Authority) | active-directory.lsass.esent.database.io.writes.latency.avg.count | ESENT Database I/O write latency for the Local Security Authority | MilliSecond |
ESENT Log I/O reads rate (Local Security Authority) | active-directory.lsass.esent.log.io.reads.persec.count | Number of ESENT Database log I/O reads per second for the Local Security Authority | PerSecond |
ESENT Log I/O read latency (Local Security Authority) | active-directory.lsass.esent.log.io.reads.latency.avg.count | ESENT Log I/O read latency for the Local Security Authority | MilliSecond |
ESENT Log I/O writes rate (Local Security Authority) | active-directory.lsass.esent.log.io.writes.persec.count | Number of ESENT Database log I/O writes per second for the Local Security Authority | PerSecond |
ESENT Log I/O writes latency (Local Security Authorityy) | active-directory.lsass.esent.log.io.writes.latency.avg.count | ESENT Log I/O writes latency for the Local Security Authority | MilliSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
DFS Replication conflict files size | active-directory.dfs.server.replicatedfolders.conflictspaceinuse.bytes.total | Total byte size of DFS replication service of conflict files | Byte |
DFS Replication deleted files size | active-directory.dfs.server.replicatedfolders.deletedspaceinuse.bytes.total | Total byte size of DFS replication service of the deleted files | Byte |
DFS Replication staging folder size | active-directory.dfs.server.replicatedfolders.stagingspaceinuse.bytes.total | Total byte size of DFS replication service of staging folder | Byte |
DFS redundant file replication update records | active-directory.dfs.server.replicatedfolders.updates.dropped | Number of redundant file replication update records | Count |
DFS retried file installs | active-directory.dfs.server.replicatedfolders.fileinstalls.retried | Number of retried file installs | Count |
Metric name | Metric key | Description | Unit |
---|---|---|---|
Network Login Profile logons | active-directory.network.login.logons.count | Number of network logons on the network login profile | Count |
Number of logons | active-directory.network.logons.total.count | Number of network logons | Count |
Logons per second | active-directory.network.logons.persec.count | Number of network logons per second | PerSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
DFS received bytes/s | active-directory.dfs.server.replicationconnections.bytesreceived.persec | Average number of received bytes per second | BytePerSecond |
DFS bytes received on connection | active-directory.dfs.server.replicationconnections.bytesreceived.total | Total number of bytes received on the connection | Byte |
DFS files received on connection | active-directory.dfs.server.replicationconnections.filesreceived.total | Number of files that were received on the connection | Count |
Metric name | Metric key | Description | Unit |
---|---|---|---|
Used processor time | active-directory.server.host.cpu.time.processor | Percent of used processor time | Percent |
Idle processor time | active-directory.server.host.cpu.time.idle | Percent of idle processor time | Percent |
User processor time | active-directory.server.host.cpu.time.user | Percent of user processor time | Percent |
Number of Logical Processors | active-directory.server.host.cpu.logical.processors | Number of Logical Processors | Count |
Metric name | Metric key | Description | Unit |
---|---|---|---|
DHCP received requests/s | active-directory.dhcp.server.requests.persec | Rate of DHCP requests received by the DHCP server | PerSecond |
DHCP received releases/s | active-directory.dhcp.server.releases.persec | Rate of DHCP releases received by the DHCP server | PerSecond |
DHCP received declines/s | active-directory.dhcp.server.declines.persec | Rate of DHCP declines received by the DHCP server | PerSecond |
DHCP failover ack messages received/s | active-directory.dhcp.server.failover.bndack.received.persec | Number of DHCP failover Binding Ack messages received | PerSecond |
DHCP failover ack messages sent/s | active-directory.dhcp.server.failover.bndack.sent.persec | Number of DHCP failover Binding Ack messages sent | PerSecond |
DHCP binding updates dropped | active-directory.dhcp.server.failover.bndupd.dropped | Number of binding updates dropped | Count |
DHCP failover update pending messages | active-directory.dhcp.server.failover.bndupd.pendinginoutbound.queue | Number of pending outbound DHCP failover Binding Update messages | Count |
DHCP failover update messages received/s | active-directory.dhcp.server.failover.bndupd.received.persec | Number of DHCP failover Binding Update messages received | PerSecond |
DHCP failover update messages sent/s | active-directory.dhcp.server.failover.bndupd.sent.persec | Number of DHCP failover Binding Update messages sent | PerSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
Database adds per second | active-directory.database.adds.persec.count | Number of Active Directory Database adds per second | PerSecond |
Database modifies per second | active-directory.database.modifies.persec.count | Number of Active Directory Database modifies per second | PerSecond |
Database deletes per second | active-directory.database.deletes.persec.count | Number of Active Directory Database deletes per second | PerSecond |
Database recycles per second | active-directory.database.recycles.persec.count | Number of Active Directory Database recycles per second | PerSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
DHCP received renews/s v6 | active-directory.dhcp.server.v6.renews.persec | Rate of DHCP renews received by the DHCP Server v6 | PerSecond |
DHCP received releases/s v6 | active-directory.dhcp.server.v6.releases.persec | Rate of DHCP releases received by the DHCP Server v6 | PerSecond |
DHCP received declines/s v6 | active-directory.dhcp.server.v6.declines.persec | Rate of DHCP declines recevied by the DHCP Server v6 | PerSecond |
DHCP received requests/s v6 | active-directory.dhcp.server.v6.requests.persec | Rate of DHCP requests received by the DHCP Server v6 | PerSecond |
DHCP received solicits/s v6 | active-directory.dhcp.server.v6.solicits.persec | Rate of DHCP solicits received by the DHCP Server v6 | PerSecond |
DHCP received rebinds/s v6 | active-directory.dhcp.server.v6.rebinds.persec | Rate of DHCP rebinds received by the DHCP Server v6 | PerSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
LDAP Binds | active-directory.ldap.server.ldapbindtime.binds.persec | Time spent to complete LDAP bindings | MilliSecond |
LDAP Successful Binds | active-directory.ldap.server.ldapsuccessfulbinds.persec | Successful binds per second | PerSecond |
LDAP Writes per second | active-directory.ldap.server.ldapwrites.persec | The rate at which LDAP clients perform write operations | PerSecond |
LDAP UDP Operations per second | active-directory.ldap.server.ldapudpoperations.persec | The number of User Datagram Protocol (UDP) operations that the LDAP server is processing per second | PerSecond |
LDAP Active threads total | active-directory.ldap.server.ldapactivethreads.total | The current number of threads in use by the LDAP subsystem of the local directory service | Count |
LDAP Client Sessions | active-directory.ldap.server.ldapclientsessions.total | The number of sessions of connected LDAP clients | Count |
LDAP Searches per second | active-directory.ldap.server.ldapsearches.persec | The number of search operations per second performed by LDAP clients | PerSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
ATQ Outstanding queued requests total | active-directory.atq.server.atqoutstandingqueuedrequests.total | Current number of requests in the queue | Count |
ATQ Estimated queue delay | active-directory.atq.server.atqestimatedqueuedelay.persec | How long a request has to wait in the queue | Second |
ATQ Request latency | active-directory.atq.server.atqrequestlatency.persec | Time it takes to produce a request | Second |
ATQ Threads LDAP total | active-directory.atq.server.atqthreadsldap.total | The number of threads used by the LDAP server as determined by LDAP policy | Count |
ATQ Threads Other total | active-directory.atq.server.atqthreadsother.total | The number of threads used by the other services | Count |
ATQ Threads total | active-directory.atq.server.atqthreadstotal.total | All Threads currently allocated | Count |
Metric name | Metric key | Description | Unit |
---|---|---|---|
DRA Successful synch requests total | active-directory.dra.server.drasynchrequestssuccessful.total | Number of successful DRA synchronization requests | Count |
DRA Synch requests total | active-directory.dra.server.drasynchrequestsmade.total | Number of total DRA synchronization requests made | Count |
Metric name | Metric key | Description | Unit |
---|---|---|---|
NTLM Binds per second | active-directory.lsass.server.ntlm.binds.persec.count | Average NTLM binds per second | PerSecond |
Metric name | Metric key | Description | Unit |
---|---|---|---|
Service processor time | active-directory.service.cpu.time | Percent of processor time spend on a service | Percent |
Metric name | Metric key | Description | Unit |
---|---|---|---|
DNS recursive queries | active-directory.dns.server.recursive.queries | Total number of recursive queries received by DNS server | Count |
DNS dynamic update queued requests | active-directory.dns.server.dynamicupdate.queued.total.count | Total number of dynamic update requests queued by the DNS server | Count |
DNS queries received | active-directory.dns.server.totalquery.received | Total number of queries received by DNS server | Count |
DNS reponses sent | active-directory.dns.server.totalresponse.sent | Total number of reponses sent by DNS server | Count |
DNS caching memory | active-directory.dns.server.caching.memory.total | Total caching memory used by DNS server | Byte |
DNS database node memory | active-directory.dns.server.databasenode.memory.total | Total database node memory used by DNS server | Byte |
DNS Nbstat memory | active-directory.dns.server.nbstat.memory.total | Total Nbstat memory used by DNS server | Byte |
DNS TCP message memory | active-directory.dns.server.tcpmessage.memory.total | Total TCP message memory used by DNS server | Byte |
DNS dynamic update requests | active-directory.dns.server.dynamicupdate.received.total.count | Total number of dynamic update requests received by the DNS server | Count |
DNS rejected dynamic updates | active-directory.dns.server.dynamicupdate.rejected.total.count | Total number of dynamic updates rejected by the DNS server | Count |
DNS dynamic update timeouts | active-directory.dns.server.dynamicupdate.timeouts.total.count | Total number of dynamic update timeouts of the DNS server | Count |
DNS written dynamic updates | active-directory.dns.server.dynamicupdate.writtentodatabase.total.count | Total number of dynamic updates written to the database by the DNS server | Count |
DNS empty dynamic update requests/s | active-directory.dns.server.dynamicupdate.nooperation.persec | Average number of No-operation/Empty dynamic update requests per second | PerSecond |
DNS dynamic update requests/s | active-directory.dns.server.dynamicupdate.received.persec | Average number of dynamic update requests received by the DNS server per second | PerSecond |
DNS written dynamic updates/s | active-directory.dns.server.dynamicupdate.writtentodatabase.persec | Average number of dynamic updates written to the database by the DNS server per second | PerSecond |
DNS recursive queries/s | active-directory.dns.server.recursive.queries.persec | Average number of recursive queries received by DNS server per second | PerSecond |
DNS recursive query failures/s | active-directory.dns.server.recursive.queryfailure.persec | Average number of recursive query failures per second | PerSecond |
DNS recursive query timeouts/s | active-directory.dns.server.recursive.timeout.persec | Average number of recursive query sending timeouts per second | PerSecond |
DNS secure update requests | active-directory.dns.server.secureupdate.received.total | Total number of secure update requests received by the DNS server | Count |
DNS failed secure updates | active-directory.dns.server.secureupdate.failure.total | Total number of secure updates failed of the DNS server | Count |
DNS secure update requests/s | active-directory.dns.server.secureupdate.received.persec | Average number of secure update requests received by the DNS server per second | PerSecond |
DNS TCP reponses/s | active-directory.dns.server.tcpresponse.sent.persec | Average number of TCP reponses sent by DNS server per second | PerSecond |
DNS queries received/s | active-directory.dns.server.totalquery.received.persec | Average number of queries received by DNS server per second | PerSecond |
DNS reponses sent/s | active-directory.dns.server.totalresponse.sent.persec | Average number of reponses sent by DNS server per second | PerSecond |
DNS UDP queries received/s | active-directory.dns.server.udpquery.received.persec | Average number of UDP queries received by DNS server per second | PerSecond |
DNS UDP reponses sent/s | active-directory.dns.server.udpresponse.sent.persec | Average number of UDP reponses sent by DNS server per second | PerSecond |
DNS unmatched response packets received | active-directory.dns.server.unmatchedresponses.received.total | Total number of response packets received by the DNS server that do not match any outstanding remote query | Count |
DNS failed zone transfers | active-directory.dns.server.zonetransfer.failure.total | Total number of failed zone transfers of the master DNS server | Count |
DNS successful zone transfers | active-directory.dns.server.zonetransfer.success.total | Total number of successful zone transfers of the master DNS server | Count |
Patch level changes:
Patch level changes:
Patch level changes:
Recommended extension activation is Local. Although we support remote monitoring via WMI, in case of AD is it not a recommended way of running the extension.
Note: breaking change
. Metric names changed, affecting timeseries continuity, alerts and custom dashboards
Release 3 of the ActiveDirectory extension consolidates metrics from a number of previously available public and custom extensions that targeted ActiveDirectory. Because of the breadth of consolidation (Active Directory services, AD Replication, versions for Extension Framework 1 and 2), we had to unify metric naming and thus define all metrics names from the ground up. We trust you will find them more self-explanatory and easier to use now, as the names are shorter.
Removed the following metrics, which had wrong definitions:
Added new metrics for AD DB:
Modified the custom topology and out-of-the-box dashboard to reflect the above changes.
Fixed the included Overview Dashboard. These metrics were removeed from the dashboard:
These metrics now show up correctly in the dashboard:
Added metrics for:
Added the relevant entities, relationships and screens.
Metrics are now split into more feature sets.
No release notes