Skip to technology filters Skip to main content
Dynatrace Hub

Extend the platform,
empower your team.

Popular searches:
Home hero bg
Microsoft Active Directory monitoringMicrosoft Active Directory monitoring
Microsoft Active Directory monitoring

Microsoft Active Directory monitoring

Monitor health and performance of the Microsoft Active Directory, all-on-one.

Extension
Free trialDocumentation
Active Directory dashboardActive Directory dashboard chartsActive Directory analysis screen
  • Product information
  • Release notes

Overview

Get insights into performance and usage of the Microsoft ActiveDirectory services:

  • DHCP, DNS, DFS, LDAP, ATQ, Kerberos and NTLM
  • AD Network adapters and AD/LSA database
  • AD replication status
  • LDAP BIND performance, FSMO consistency, AD database disk usage
  • System-dependent services status like time synchronization, volume health and network adapter health

This extension obtains signals through WMI queries and execution of the PowerShell snippets, depending on where is the source of specific metric. It is designed to work on the AD hosts where the OneAgent is already deployed.

⚠️ Note: important change. This extension replaces previously available Active Directory monitoring extensions This Dynatrace extension supersedes both Active Directory services and Active Directory extended monitoring extensions.

  • Please remove both Active Directory services and Active Directory extended monitoring extensions
  • Revisit any metric alerts and dashboards you've created using AD metrics provided by the previously used extensions. You may need to replace previously used metrics with the new ones, as some metrics might have their IDs changed.

Use cases

  • Operational monitoring of your Active Directory services, tenant, for usage, performance and availability
  • Analyze trends and baselines of the Active Directory services usage
  • Raise alerts on anomalies detected
  • Monitor vital AD log signals in Dynatrace

Get started

This extension is designed to run locally on your AD servers. It doesn't offer remote monitoring of your AD servers. Additionally, compared to typical extensions, which run as LOCAL SERVICE, this one requires elevated privileges to obtain the AD observability signals.

Default way of assuring the extension runs with elevated privileges is to elist this extension to run as LOCAL SYSTEM in the OneAgent settings on AD hosts. Alternatively, it is also possible to specify a privileged user name in the extension configuration and let the extension run with this users' privileges.

To start using this extension:

  • Install OneAgent on your AD servers
  • The extension has two options for assigning the correct permissions:
    • A. Configure the Dynatrace OneAgent EEC to run this extension with elevated LOCAL SYSTEM account privileges. To achieve this, in C:ProgramData\dynatrace\oneagent\agent\config\extensionsuser.conf file on AD servers where the extension is intended to run, add a line
      • elevated_privileges_extensions=[com.dynatrace.extension.active-directory-python-unabridged:*]
      • Meaning of this line: elevated_privileges_extensions is a comma-separated list of extensions to run as LOCAL SYSTEM (instead of the default LOCAL SERVICE). The format is: <extensionName>:<extensionVersion>
      • See Q&A section for more details on why the privileged mode is required.
    • B. Enable custom credentials in the monitoring configuration and provide the credentials for a user account that has the following permissions assigned to it:
      • Able to logon locally on the AD host (note that it doesn't have to be a local user - it can be a domain user with local login privileges)
      • The account requires KEY_READ permission to read registry keys from HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
      • If collecting DHCP scope metrics, the user must be part of the DHCP Users group
  • Activate this extension using the in-product Dynatrace Hub.
  • In the extension configuration, enable it on your Active Directory hosts
  • When asked on the extension's Active Directory Configuration screen, provide an API token with settings.read and settings.write scopes
    • You need to generate token on your Dynatrace tenant, in Menu > Access Tokens; make sure to give it with settings.read and settings.write scopes
    • Insert the Access Token into the API key configuration field
  • You may choose which feature sets you want to activate.
    • Disable feature sets that are not relevant to your environment.
    • This way you will avoid errors reported in the extension log, when the extension will try to retrieve metrics that are not available.
    • See Q&A section for more details.
  • Make sure that log monitoring is enabled to be able to efficiently troubleshoot the monitoring.
  • Make sure to remove both Active Directory services and Active Directory extended monitoring extensions
    • You don't need Active Directory services extension anymore, as this new extension delivers all metrics previously offered by the Active Directory services extension.
    • You don't need Active Directory extended monitoring extension anymore, as this new extension delivers all metrics previously offered by the Active Directory extended monitoring extension.
    • Note that if you keep the previous extensions intact, you may end up with double metric values.

Details

This extension is intended to work locally on the AD server. It executes:

  • WMI queries to obtain metrics from the local WMI metrics store on the AD server where the extension runs.
  • PowerShell snippets to access Windows registry and specific AD metrics available only through PowerShell. Several of these metrics map to metrics available through commonly used DCDIAG tool.
  • API calls against the OS Service Monitoring, to report AD services availability
  • Log ingestion of the AD services logs

Additionally, it delivers:

  • Alert templates for time skew monitoring, database file space, ATQ thread usage and replication consistency
  • Topology rules and screen definitions that weave this extension metrics into the host entities instantiated by the OneAgent that runs on AD servers
  • Log ingest rules, applied on AD hosts, which further enable alerting on AD services-related issues logged into Windows logs system
  • Log processing rules, which enrich logs ingested with a field that flag AD-related context where content pertains to AD services
  • Log event extraction rules, which scan logs ingested for AD-related context and trigger alerts when log information carries potential AD issue or error information

Log ingest configured by this extension: By default, this extension sets up log ingestion rules on hosts where it is installed. Note that log monitoring must be enabled on these hosts, as the extension delivers rules, but relies on OneAgent to follow them. AD services logs are used to generate events and further alert on service anomalies and malfunctions.

You can disable log ingestion with a settings toggle in the extension configuration screen. Note that this setting does not control any other log ingestion rules that might have been configured on hosts where this extension has been activated.

Following log ingestion rules are being set up by this extension:

  • Windows Event Log
    • source is
      • Active Directory Web Services
      • DFS Replication
      • Directory Service
      • DNS Server
    • and log record level is in (ERROR WARN CRITICAL SEVERE)
    • or source is
      • Directory Service
    • and event id is in [1311, 1644, 1864, 1865, 2042, 2087, 2089, 13508]
  • Windows Log
    • source is
      • Windows Application Log
      • Windows System Log,
      • Security

And the following events from each event provider.

Event ProviderEvent IDs
Microsoft-Windows-ADFS102, 104, 111, 356, 385, 509, 546, 549, 1034, 1036
Microsoft-Windows-Directory-Services-SAM12299, 16643
Microsoft-Windows-Time-Service21, 34, 36
DNSAPI11150, 11162, 11151, 11155, 11163, 11167, 11154, 11166, 11152, 11153, 11164, 11165
Microsoft-Windows-Kerberos-Key-Distribution-Center6, 15, 17
Microsoft-Windows-Security-Auditing1102, 4616, 4621, 4649, 4660, 4675, 4707, 4710, 4712, 4715, 4716, 4730, 4740, 4743, 4764, 4766, 4771, 4866, 4867, 4935, 5025, 5030, 5034, 5035, 5037, 5139, 5141, 5483, 5484, 6008, 6145
Microsoft-Windows-CertificationAuthority0, 3, 5, 9, 16, 17, 19, 20, 21, 22, 23, 28, 33, 34, 35, 38, 39, 40, 42, 43, 44, 48, 49, 51, 59, 60, 63, 65, 74, 75, 78, 82, 83, 86, 87, 90, 92, 94, 95, 96, 98, 99, 100, 102, 106, 107, 130, 132
Microsoft-Windows-OnlineResponder39, 60, 92
Microsoft-Windows-DNS-Server512, 513, 515, 516, 518, 4013
Microsoft-Windows-DHCP-Server73, 74, 1001, 1002, 1003, 1004, 1021, 1025, 1027, 1050, 1051, 1052, 1053, 1054, 1055, 1056, 1057, 1058

Compatibility information

  • Only on-premises Active Directory deployments are supported
  • OneAgent 1.305+ is required (elevated user permissions support is required)
  • Azure AD is not supported
  • This extension has been verified with Windows Server 2016, 2019, 2022
  • Activate this extension locally on your AD hosts. Remote AD monitoring is not supported.

Licensing

There is no charge for obtaining the extension, only for the data that the extension ingests. The details of license consumption will depend on which licensing model you are using. This will either be Dynatrace classic licensing or the Dynatrace Platform Subscription (DPS) model.

Metrics

License consumption is based on the number of metric data points ingested. The following formula will provide approximate annual data points ingested assuming all feature sets are enabled.

( 
  (
    (77 * Number of Domain Controllers)
  + (3 * Number of Replication Partners per host)
  + (3 * Number of Network Adapters per host)
  + (26 * Number of DNS Servers)
  + (11 * Number of DHCPv6 Servers)
  + (15 * Number of DHCPv4 Servers)
  ) / <Metrics Collection Interval>
) * 60 minutes * 24 hours * 365 days data points per year

Classic licensing

In the classic licensing model, metric ingestion will consume Davis Data Units (DDUs) at the rate of .001 DDUs per metric data point. Multiply the above formula for annual data points by .001 to estimate annual DDU usage.

Q&A

Q: I see this extension failing with an Error status in my environment?

A: Verify whether you have specific services running on your AD server. If a service is not running - disable feature set describing that service in the extension configuration. Example error text you may encounter:

**Cannot execute query: DHCPServerv6 on device ******** err:Exception occurred. (Invalid class )**

means you should disable the DHCPv6 feature set because your AD server does not run DHCPv6 service, so extension won't be able to obtain metrics for this service.

Q: Why I can't find NTLM Authentications and Kerberos Authentications metrics?

A: Windows Server 2022 brought a change to the metrics set returned by the Win32_PerfRawData_Lsa_SecuritySystemWideStatistics class. Because of this change, the AD extension is unable to report on "NTLM Authentications" and "Kerberos Authentications" metrics and these metrics have been removed from the extension. Consequently, these metrics won't be reported also when this extension is activated on earlier Windows servers. More information on this change and reasons behind it can be found on Microsoft KB pages.

Q: Does this extension collect KPIs available from DCDIAG?

A: Equivalents of the DCDIAG KPIs are available in Dynatrace:

  • NTDS Service - monitored through OneAgent OS Service Monitoring
  • Services - monitored through OneAgent OS Service Monitoring
  • Replications - similar data is available through parsing of the repadmin outputs, in this extension
  • FSMO KnowsOfRoleHolders - can be found as part of the FSMO role holder ping/LDAP metrics
  • Advertising - delivered by the FSMO role holder consistency metric

Q: Why do I need to enable elevated privileges for this extension if OneAgent already runs under LocalSystem?

A: Although OneAgent typically runs as LocalSystem account, Python extensions run as LocalService. The LocalService account has the minimum privileges on the local computer, which means it can't run PowerShell snippets that read AD performance counters, access WMI objects that store AD metrics, or run AD-specific cmdlets like repadmin and dcdiag. Therefore, OneAgent needs to be explicitly instructed to run this extension with LocalSystem privileges or the extension needs to be provided with a privileged user account able to run locally on the AD server.

Q: What is the Dynatrace API token used for?

A: API token is required to enable integration of the AD-related log ingestion and the OS service monitoring with out of the box host-level reporting. No metrics are ingested using the API token. API token is used to allow the services to be seen on the Dynatrace Host UA screen and the logs on the AD Instance UA screen.

Q: What do I need OS Service Monitoring for?

A: The extension utilizes the API token to add entries into the OneAgent's OS Service Monitoring. The OneAgent will ingest availability metrics and alerts so you know when a critical service is down. In some cases log events can refer to the OS Service which emitted the event.

Q: Why is the extension invoking net.exe process periodically?

A: Complete replication status reporting requires information on the SYSVOL share availability on the domain controller. SYSVOL is where all the GPOs (Group Policy Objects) and on-event scripts are located to be shared by all DCs in the domain. If SYSVOL wasn't mounted the DC wouldn't be able to pull GPOs and if users have any on-logon scripts they also wouldn't be run. Extension runs net view command to check availability of the SYSVOL share, which is reported in the SYSVOL Health metric.

Dynatrace
Documentation
By Dynatrace
Dynatrace support center
Subscribe to new releases
Copy to clipboard

Extension content

Content typeNumber of items included
screen dql table
24
alerts
4
screen injections
1
document dashboard
1
metric metadata
127
screen layout
26
generic relationship
25
screen entities lists
14
generic type
13
screen properties
12
screen message cards
20
dashboards
1
screen chart groups
58
metric query
4

Feature sets

Below is a complete list of the feature sets provided in this version. To ensure a good fit for your needs, individual feature sets can be activated and deactivated by your administrator during configuration.

Feature setsNumber of metrics included
Metric nameMetric keyDescriptionUnit
Kerberos Replication Partner Countactive-directory.replication.partner.count.totalKerberos replication partners count in Active Directory domainCount
Replication Queue Countactive-directory.replication.queue.count.totalCount of items in replication queue by Active Directory Domain Controller monitorCount
Global Catalog Search Response Timeactive-directory.globalcatalog.searchtime.millisGlobal catalog search response time of Domain ControllerMilliSecond
Replication Consistency Statusactive-directory.replication.consistency.statusWhether or not strict replication consistency is enabledCount
Time Skew in secondsactive-directory.timeskew.secsTime difference between the local domain controller and a target domain controllerSecond
Lost and Found Objectsactive-directory.lostandfound.object.count.totalCount of lost and found objects by Active Directory Domain monitorCount
FSMO Role Holder Consistencyactive-directory.fsmoroleholder.consistencyWhether or not the domain controllers agree on who the FSMO role holders areCount
FSMO Checkactive-directory.fsmo.checkContains a 'message' dimension about whether or not the correct services can be found from the domain controllerCount
SYSVOL Healthactive-directory.sysvol.healthThe SYSVOL share's healthCount
Metric nameMetric keyDescriptionUnit
Shared Resource Availableactive-directory.replication.shared.availablePercentage of replication shared resources that are availablePercent
Replication - Destination Deltaactive-directory.replication.destination.deltaReplication time delta between this server and the destination server.Second
Replication - Source Deltaactive-directory.replication.source.deltaReplication time delta between this server and the source server.Second
Replication - Destination Errorsactive-directory.replication.destination.errorsReplication errors between this server and the destination server.Count
Replication - Source Errorsactive-directory.replication.source.errorsReplication errors between this server and the source server.Count
Metric nameMetric keyDescriptionUnit
LDAP Bindsactive-directory.ldap.server.ldapbindtime.binds.persecTime spent to complete LDAP bindingsMilliSecond
LDAP Successful Bindsactive-directory.ldap.server.ldapsuccessfulbinds.persecSuccessful binds per secondPerSecond
LDAP Writes per secondactive-directory.ldap.server.ldapwrites.persecThe rate at which LDAP clients perform write operationsPerSecond
LDAP UDP Operations per secondactive-directory.ldap.server.ldapudpoperations.persecThe number of User Datagram Protocol (UDP) operations that the LDAP server is processing per secondPerSecond
LDAP Active threads totalactive-directory.ldap.server.ldapactivethreads.totalThe current number of threads in use by the LDAP subsystem of the local directory serviceCount
LDAP Client Sessionsactive-directory.ldap.server.ldapclientsessions.totalThe number of sessions of connected LDAP clientsCount
LDAP Searches per secondactive-directory.ldap.server.ldapsearches.persecThe number of search operations per second performed by LDAP clientsPerSecond
LDAP Bind Timeactive-directory.ldap.server.bindtime.millisTime taken to bind to the fsmo role holder using LDAPMilliSecond
LDAP Bind Availabilityactive-directory.ldap.bind.availabilityWhether or not the domain controller can bind to the domain DNS serverCount
Metric nameMetric keyDescriptionUnit
Good Network Adapter Countactive-directory.network.goodadapter.totalThe number of enabled network adapters that can ping the Domain DNS Server.Count
Bad Network Adapter Countactive-directory.network.badadapter.totalThe number of enabled network adapters that cannot ping the Domain DNS Server.Count
Total Network Adapter Countactive-directory.network.adapter.totalThe total number of enabled network adapters.Count
Metric nameMetric keyDescriptionUnit
DHCP Scope Delay v4active-directory.dhcp.server.scope.delayDHCP Scope Delay v4 in millisecondsMilliSecond
DHCP Scope Addresses Free v4active-directory.dhcp.server.scope.addresses.freeNumber of DHCPv4 scope addresses freeCount
DHCP Scope Addresses Used v4active-directory.dhcp.server.scope.addresses.usedNumber of DHCPv4 scope addresses usedCount
DHCP Scope Addresses Reserved v4active-directory.dhcp.server.scope.addresses.reservedNumber of DHCPv4 scope addresses reservedCount
Percent of DHCP Scope Addresses Used v4active-directory.dhcp.server.scope.addresses.used.pctPercent of DHCPv4 scope addresses usedPercent
DHCP Scope Pending Offers v4active-directory.dhcp.server.scope.pending.offersNumber of DHCPv4 scope pending offersCount
Metric nameMetric keyDescriptionUnit
DHCP received renews/s v6active-directory.dhcp.server.v6.renews.persecRate of DHCP renews received by the DHCP Server v6PerSecond
DHCP received releases/s v6active-directory.dhcp.server.v6.releases.persecRate of DHCP releases received by the DHCP Server v6PerSecond
DHCP received declines/s v6active-directory.dhcp.server.v6.declines.persecRate of DHCP declines recevied by the DHCP Server v6PerSecond
DHCP received requests/s v6active-directory.dhcp.server.v6.requests.persecRate of DHCP requests received by the DHCP Server v6PerSecond
DHCP received solicits/s v6active-directory.dhcp.server.v6.solicits.persecRate of DHCP solicits received by the DHCP Server v6PerSecond
DHCP received rebinds/s v6active-directory.dhcp.server.v6.rebinds.persecRate of DHCP rebinds received by the DHCP Server v6PerSecond
Metric nameMetric keyDescriptionUnit
ESENT Database I/O reads rate (Local Security Authority)active-directory.lsass.esent.database.io.reads.persec.countNumber of ESENT Database I/O reads per second for the Local Security AuthorityPerSecond
ESENT Database I/O read latency (Local Security Authority)active-directory.lsass.esent.database.io.reads.latency.avg.countESENT Database I/O read latency for the Local Security AuthorityMilliSecond
ESENT Database I/O writes rate (Local Security Authority)active-directory.lsass.esent.database.io.writes.persec.countNumber of ESENT Database I/O writes per second for the Local Security AuthorityPerSecond
ESENT Database I/O write latency (Local Security Authority)active-directory.lsass.esent.database.io.writes.latency.avg.countESENT Database I/O write latency for the Local Security AuthorityMilliSecond
ESENT Log I/O reads rate (Local Security Authority)active-directory.lsass.esent.log.io.reads.persec.countNumber of ESENT Database log I/O reads per second for the Local Security AuthorityPerSecond
ESENT Log I/O read latency (Local Security Authority)active-directory.lsass.esent.log.io.reads.latency.avg.countESENT Log I/O read latency for the Local Security AuthorityMilliSecond
ESENT Log I/O writes rate (Local Security Authority)active-directory.lsass.esent.log.io.writes.persec.countNumber of ESENT Database log I/O writes per second for the Local Security AuthorityPerSecond
ESENT Log I/O writes latency (Local Security Authorityy)active-directory.lsass.esent.log.io.writes.latency.avg.countESENT Log I/O writes latency for the Local Security AuthorityMilliSecond
Metric nameMetric keyDescriptionUnit
DHCP received requests/sactive-directory.dhcp.server.requests.persecRate of DHCP requests received by the DHCP serverPerSecond
DHCP received releases/sactive-directory.dhcp.server.releases.persecRate of DHCP releases received by the DHCP serverPerSecond
DHCP received declines/sactive-directory.dhcp.server.declines.persecRate of DHCP declines received by the DHCP serverPerSecond
DHCP failover ack messages received/sactive-directory.dhcp.server.failover.bndack.received.persecNumber of DHCP failover Binding Ack messages receivedPerSecond
DHCP failover ack messages sent/sactive-directory.dhcp.server.failover.bndack.sent.persecNumber of DHCP failover Binding Ack messages sentPerSecond
DHCP binding updates droppedactive-directory.dhcp.server.failover.bndupd.droppedNumber of binding updates droppedCount
DHCP failover update pending messagesactive-directory.dhcp.server.failover.bndupd.pendinginoutbound.queueNumber of pending outbound DHCP failover Binding Update messagesCount
DHCP failover update messages received/sactive-directory.dhcp.server.failover.bndupd.received.persecNumber of DHCP failover Binding Update messages receivedPerSecond
DHCP failover update messages sent/sactive-directory.dhcp.server.failover.bndupd.sent.persecNumber of DHCP failover Binding Update messages sentPerSecond
Metric nameMetric keyDescriptionUnit
DFS Replication conflict files sizeactive-directory.dfs.server.replicatedfolders.conflictspaceinuse.bytes.totalTotal byte size of DFS replication service of conflict filesByte
DFS Replication deleted files sizeactive-directory.dfs.server.replicatedfolders.deletedspaceinuse.bytes.totalTotal byte size of DFS replication service of the deleted filesByte
DFS Replication staging folder sizeactive-directory.dfs.server.replicatedfolders.stagingspaceinuse.bytes.totalTotal byte size of DFS replication service of staging folderByte
DFS redundant file replication update recordsactive-directory.dfs.server.replicatedfolders.updates.droppedNumber of redundant file replication update recordsCount
DFS retried file installsactive-directory.dfs.server.replicatedfolders.fileinstalls.retriedNumber of retried file installsCount
Metric nameMetric keyDescriptionUnit
DNS dynamic update queued requestsactive-directory.dns.server.dynamicupdate.queued.total.countTotal number of dynamic update requests queued by the DNS serverCount
DNS caching memoryactive-directory.dns.server.caching.memory.totalTotal caching memory used by DNS serverByte
DNS database node memoryactive-directory.dns.server.databasenode.memory.totalTotal database node memory used by DNS serverByte
DNS Nbstat memoryactive-directory.dns.server.nbstat.memory.totalTotal Nbstat memory used by DNS serverByte
DNS TCP message memoryactive-directory.dns.server.tcpmessage.memory.totalTotal TCP message memory used by DNS serverByte
DNS dynamic update requestsactive-directory.dns.server.dynamicupdate.received.total.countTotal number of dynamic update requests received by the DNS serverCount
DNS rejected dynamic updatesactive-directory.dns.server.dynamicupdate.rejected.total.countTotal number of dynamic updates rejected by the DNS serverCount
DNS dynamic update timeoutsactive-directory.dns.server.dynamicupdate.timeouts.total.countTotal number of dynamic update timeouts of the DNS serverCount
DNS written dynamic updatesactive-directory.dns.server.dynamicupdate.writtentodatabase.total.countTotal number of dynamic updates written to the database by the DNS serverCount
DNS empty dynamic update requests/sactive-directory.dns.server.dynamicupdate.nooperation.persecAverage number of No-operation/Empty dynamic update requests per secondPerSecond
DNS dynamic update requests/sactive-directory.dns.server.dynamicupdate.received.persecAverage number of dynamic update requests received by the DNS server per secondPerSecond
DNS written dynamic updates/sactive-directory.dns.server.dynamicupdate.writtentodatabase.persecAverage number of dynamic updates written to the database by the DNS server per secondPerSecond
DNS recursive queries/sactive-directory.dns.server.recursive.queries.persecAverage number of recursive queries received by DNS server per secondPerSecond
DNS recursive query failures/sactive-directory.dns.server.recursive.queryfailure.persecAverage number of recursive query failures per secondPerSecond
DNS recursive query timeouts/sactive-directory.dns.server.recursive.timeout.persecAverage number of recursive query sending timeouts per secondPerSecond
DNS secure update requestsactive-directory.dns.server.secureupdate.received.totalTotal number of secure update requests received by the DNS serverCount
DNS failed secure updatesactive-directory.dns.server.secureupdate.failure.totalTotal number of secure updates failed of the DNS serverCount
DNS secure update requests/sactive-directory.dns.server.secureupdate.received.persecAverage number of secure update requests received by the DNS server per secondPerSecond
DNS TCP responses/sactive-directory.dns.server.tcpresponse.sent.persecAverage number of TCP responses sent by DNS server per secondPerSecond
DNS queries received/sactive-directory.dns.server.totalquery.received.persecAverage number of queries received by DNS server per secondPerSecond
DNS responses sent/sactive-directory.dns.server.totalresponse.sent.persecAverage number of responses sent by DNS server per secondPerSecond
DNS UDP queries received/sactive-directory.dns.server.udpquery.received.persecAverage number of UDP queries received by DNS server per secondPerSecond
DNS UDP responses sent/sactive-directory.dns.server.udpresponse.sent.persecAverage number of UDP responses sent by DNS server per secondPerSecond
-active-directory.dns.server.unmatchedresponses.received.count--
DNS failed zone transfersactive-directory.dns.server.zonetransfer.failure.totalTotal number of failed zone transfers of the master DNS serverCount
DNS successful zone transfersactive-directory.dns.server.zonetransfer.success.totalTotal number of successful zone transfers of the master DNS serverCount
Metric nameMetric keyDescriptionUnit
ATQ Outstanding queued requests totalactive-directory.atq.server.atqoutstandingqueuedrequests.totalCurrent number of requests in the queueCount
ATQ Estimated queue delayactive-directory.atq.server.atqestimatedqueuedelay.persecHow long a request has to wait in the queueSecond
ATQ Request latencyactive-directory.atq.server.atqrequestlatency.persecTime it takes to produce a requestSecond
ATQ Threads LDAP totalactive-directory.atq.server.atqthreadsldap.totalThe number of threads used by the LDAP server as determined by LDAP policyCount
ATQ Threads Other totalactive-directory.atq.server.atqthreadsother.totalThe number of threads used by the other servicesCount
ATQ Threads totalactive-directory.atq.server.atqthreadstotal.totalAll Threads currently allocatedCount
ATQ Average Thread Usageactive-directory.atq.server.average.thread.usageAverage usage of threads in Domain Controller ATQPercent
Metric nameMetric keyDescriptionUnit
Database adds per secondactive-directory.database.adds.persec.countNumber of Active Directory Database adds per secondPerSecond
Database modifies per secondactive-directory.database.modifies.persec.countNumber of Active Directory Database modifies per secondPerSecond
Database deletes per secondactive-directory.database.deletes.persec.countNumber of Active Directory Database deletes per secondPerSecond
Database recycles per secondactive-directory.database.recycles.persec.countNumber of Active Directory Database recycles per secondPerSecond
Metric nameMetric keyDescriptionUnit
DFS received bytes/sactive-directory.dfs.server.replicationconnections.bytesreceived.persecAverage number of received bytes per secondBytePerSecond
DFS bytes received on connectionactive-directory.dfs.server.replicationconnections.bytesreceived.totalTotal number of bytes received on the connectionByte
DFS files received on connectionactive-directory.dfs.server.replicationconnections.filesreceived.totalNumber of files that were received on the connectionCount
Metric nameMetric keyDescriptionUnit
Network Login Profile logonsactive-directory.network.login.logons.countNumber of network logons on the network login profileCount
Number of logonsactive-directory.network.logons.total.countNumber of network logonsCount
Logons per secondactive-directory.network.logons.persec.countNumber of network logons per secondPerSecond
Metric nameMetric keyDescriptionUnit
Disk Free Spaceactive-directory.database.diskfree.totalFree disk space of the disk containing the database file.Byte
Total Disk Spaceactive-directory.database.disk.totalTotal disk space of the disk containing the AD database file.Byte
Disk Free Space Percentageactive-directory.database.diskfreePercent of free disk space of the disk containing the database file.Percent
Metric nameMetric keyDescriptionUnit
DRA Successful synch requests totalactive-directory.dra.server.drasynchrequestssuccessful.totalNumber of successful DRA synchronization requestsCount
DRA Synch requests totalactive-directory.dra.server.drasynchrequestsmade.totalNumber of total DRA synchronization requests madeCount
Metric nameMetric keyDescriptionUnit
DHCP Scope Addresses Free v6active-directory.dhcp.server.v6.scope.addresses.freeNumber of DHCPv6 scope addresses freeCount
DHCP Scope Addresses Used v6active-directory.dhcp.server.v6.scope.addresses.usedNumber of DHCPv6 scope addresses usedCount
DHCP Scope Addresses Reserved v6active-directory.dhcp.server.v6.scope.addresses.reservedNumber of DHCPv6 scope addresses reservedCount
Percent of DHCP Scope Addresses Used v6active-directory.dhcp.server.v6.scope.addresses.used.pctPercent of DHCPv6 scope addresses usedPercent
DHCP Scope Pending Advertises v6active-directory.dhcp.server.v6.scope.pending.advertisesNumber of DHCPv6 scope pending advertisesCount
Metric nameMetric keyDescriptionUnit
NTLM Binds per secondactive-directory.lsass.server.ntlm.binds.persec.countAverage NTLM binds per secondPerSecond
Metric nameMetric keyDescriptionUnit
Used processor timeactive-directory.server.host.cpu.time.processorPercent of used processor timePercent
Idle processor timeactive-directory.server.host.cpu.time.idlePercent of idle processor timePercent
User processor timeactive-directory.server.host.cpu.time.userPercent of user processor timePercent
Number of Logical Processorsactive-directory.server.host.cpu.logical.processorsNumber of Logical ProcessorsCount
Service processor timeactive-directory.service.cpu.timePercent of processor time spend on a servicePercent

Full version history

To have more information on how to install the downloaded package, please follow the instructions on this page.
ReleaseDate

Full version history

New features:

  • Added support for running the extension with a different privileged user than LOCAL_SYSTEM. See hub tile text for details how to use this option.

Patch level changes:

  • Removed the requirement to grant the entities.read permission to the access token.
  • Fixed an issue causing non UTF-8 characters to be returned from WMI queries.

Full version history

New features:

  • Added additional event IDs for DNS, DHCP and Directory Service

Patch level changes:

  • Fixed an issue with extension instability on some systems where extension assets path character length sometimes exceeded maximum Windows OS limit of 260 characters. Affected behaviors included inability to start, inability to update extension configuration, inability to upgrade the extension, potentially also other unexpected effects.

Full version history

Patch level changes:

  • Fix to the Unified Analysis screens on Dynatrace Gen2 (Managed), where some chart sections disappeared after last upgrade

Full version history

Patch level changes:

  • Minor updates to the Unified Analysis screens for Dynatrace Platform
  • Remove from distribution the Python libraries that are not used by the extension

Full version history

⚠️IMPORTANT CHANGE: This extension release requires Dynatrace cluster version 1.313 or later.

New features:

  • The dt.security_context attribute is now propagated to all entities created by the extension. When enabling entity access control based on dt.security_context ensure you set the Grail security context destination property to dt.security_context
  • Enabled the extension to present the Dynatrace Platform (a.k.a. Gen3) entity details screens in the future platform apps that will expect these screens

Full version history

Patch level changes

  • Addressed an issue with incorrectly handled rollups of some metric. Metric name changes were required to get rid of ".count" suffix. Affected metrics:
    • active-directory.replication.partner.count has been renamed to active-directory.replication.partner.count.total
    • active-directory.replication.queue.count has been renamed to active-directory.replication.queue.count.total

Full version history

Patch level changes:

  • Fixed bugs preventing ATQ, DRA, Network and NTLM metrics collection under certain conditions.
  • Fixed the query collecting the active-directory.service.cpu.time metric.
  • Fixed a bug preventing tasks from being submitted under a local service account.

Full version history

⚠️IMPORTANT CHANGE: This extension release requires Dynatrace cluster version 1.310 or later.

New features:

  • Added the Dynatrace Platform (a.k.a. Gen3) dashboard

Full version history

New features:

  • This extension replaces previously available Active Directory monitoring extensions.

It supersedes both Active Directory services and Active Directory extended monitoring extensions.

  • You don't need Active Directory services extension anymore, as this new extension delivers all metrics previously offered by the Active Directory services extension.
  • You don't need Active Directory extended monitoring extension anymore, as this new extension delivers all metrics previously offered by the Active Directory extended monitoring extension.

Note that this is a Breaking change for those previously available extensions. Revisit any metric alerts and dashboards you've created using AD metrics provided by the previously used extensions. You may need to replace previously used metrics with the new ones, as some metrics might have their IDs changed.

Dynatrace Hub
Get data into DynatraceBuild your own app
All (807)Log Management and AnalyticsKubernetesAI and LLM ObservabilityInfrastructure ObservabilitySoftware DeliveryApplication ObservabilityApplication SecurityDigital ExperienceBusiness Observability
Filter
Type
Built and maintained by
Deployment model
SaaS
  • SaaS
  • Managed
Partner FinderBecome a partnerDynatrace Developer

Discover recent additions to Dynatrace

Problems logo

Problems

Analyze abnormal system behavior and performance problems detected by Davis AI.

Logs logo

Logs

Explore all your logs without writing a single query.

Security Investigator logo

Security Investigator

Fast and precise forensics for security and logs on Grail data with DQL queries.

Business Flow logo

Business Flow

Track, analyze, and optimize your critical business processes.

Cost & Carbon Optimization logo

Cost & Carbon Optimization

Track, analyze, and optimize your IT carbon footprint and public cloud costs.

Davis Anomaly Detection logo

Davis Anomaly Detection

Detect anomalies in timeseries using the Davis AI

Analyze your data

Understand your data better with deep insights and clear visualizations.

Notebooks logo

Notebooks

Create powerful, data-driven documents for custom analytics and collaboration.

Dashboards logo

Dashboards

Transform complex data into clear visualizations with custom dashboards.

Automate your processes

Turn data and answers into actions, securely, and at scale.

Workflows logo

Workflows

Automate tasks in your IT landscape, remediate problems, and visualize processes

Jira logo

Jira

Create, query, comment, transition, and resolve Jira tickets within workflows.

Slack logo

Slack

Automate Slack messaging for security incidents, attacks, remediation, and more.

Secure your cloud application

See vulnerabilities and attacks in your environment.

Security Overview logo

Security Overview

Get a comprehensive overview of the security of your applications.

Code-Level Vulnerabilities logo

Code-Level Vulnerabilities

Detect vulnerabilities in your code in real time.

Security Posture Management logo

Security Posture Management

Detect, prioritize, and remediate security and compliance findings with SPM.

Threats & Exploits logo

Threats & Exploits

Understand, triage, and investigate detection findings and alerts.

Are you looking for something different?

We have hundreds of apps, extensions, and other technologies to customize your environment

Leverage our newest innovations of Dynatrace Saas

Kick-start your app creation

Kick-start your app creation

Whether you’re a beginner or a pro, Dynatrace Developer has the tools and support you need to create incredible apps with minimal effort.
Go to Dynatrace Developer
Upgrading from Dynatrace Managed to SaaS

Upgrading from Dynatrace Managed to SaaS

Drive innovation, speed, and agility in your organization by seamlessly and securely upgrading.
Learn More
Log Management and Analytics

Log Management and Analytics

Innovate faster and more efficiently with unified log management and log analytics for actionable insights and automation.
Learn more