Translations of this page:

Osmius

Osmius Agent for Active Directory
Agent name: osm_ag_MSACTDIR Agent code: MSACTDIR
Content: Osmius Agent for Active Directory User Manual
Date: 09/04/2010 Revision Date: / /

General Information

This agent can monitor various parameters of Active Directory mail servers using WMI technology. It has been tested in different environments. However, we recommend checking its functionality before implanting it in a production environment.

Active Directory agent has been developed using functionalities and enhancements of Osmius framework and ACE libraries, so it is necessary to install the ACE libraries for the proper deployment and operation of Active Directory Osmius agent. See chapter: installation.

MSACTDIR agent provides up to 20 basic events with configuration parameters to allow scaling of a very simple way, in addition 1 informative event provides details of the monitored system. Events have been selected by the Research and Development Osmius Team as the most interesting for this first development.

Events are based on WQL statements, so local and remote monitoring is possible.

Active Directory Instance

As a general rule each Osmius agent can monitor one instance type. If you are not familiar with these concepts check out the glossary. Each instance is individually defined in the configuration file (if you want further information go to agents and instances); depending on agent type is the instance type and depending on instance is the connection info.

CONNECTION_INFO

The connection information or connection_info is data that the agent needs to know to connect to the instance. (See more about the connection_info

For Active Directory Osmius agent the connection_info prototype would be:

CONNECTION_INFO= -h HOST -d DOMAIN -u USER -p PASSWORD

Replace the following:

  • HOST: IP address or host name where Active Directory server is. Optional. About firewall settings
  • DOMAIN: Domain or WorkGroup name. Mandatory if HOST has been declared.
  • USER: Username with WMI permissions. Mandatory if HOST has been declared. About user permissions settings
  • PASSWORD: password for user specified above. Mandatory if HOST has been declared.

For local monitoring (monitoring the system where the agent is installed) connection_info must be empty, because we don't need connect anywhere.

Examples:

CONNECTION_INFO= -h 192.168.1.1 -d WORKGROUP -u admin -p pass
CONNECTION_INFO=

TYPE

The type defines the instance type to be monitored. Every declared instance must be associated with a type as you can see here

For Active Directory:

TYPE= MSACTDIR

Event summary table for Active Directory

Here's briefly the capabilities of this agent, further down on this page each event is described in more detail.

EVENT DESCRIPTION c w a tseconds Extra parameters / Remarks
AVAILABL Active Directory availability 1 0 0 300 Silent mode ( -s) recommmended
ADTHREAD DS Threads in use 0 200 300 300 Silent mode ( -s) recommmended
ADDSWRTS DS Directory Writes per second 0 100 200 600 Interesant parameter for capacity plannings
ADDSREAS DS Directory Reads per second 0 200 400 600 Interesant parameter for capacity plannings
ADDSSCHS DS Directory Searches per second 0 200 400 600 Interesant parameter for capacity plannings
ADCBINDS DS Client Binds per second 0 50 100 600 Interesant parameter for capacity plannings
ADSBINDS DS Server Binds per second 0 20 50 600 Interesant parameter for capacity plannings
ADKDCASR KDC AS Requests per second 0 25 50 600 Silent mode ( -s) recommmended
ADKDCTGS KDC TGS Requests per second 0 50 100 600 Silent mode ( -s) recommmended
ADKRBAUT Kerberos Authentications per second 0 400 600 600 Silent mode ( -s) recommmended
ADNTLMAU NTLM Authentications per second 0 25 50 600 Silent mode ( -s) recommmended
ADLDPCLS LDAP Client Sessions 0 25 50 600 Interesant parameter for capacity plannings
ADLDPATH LDAP Active Threads 0 20 30 600 Silent mode ( -s) recommmended
ADLDPWPS LDAP Writes per Second 0 25 50 600 Interesant parameter for capacity plannings
ADLDPSPS LDAP Searchs per Second 0 25 50 600 Interesant parameter for capacity plannings
ADLDPBPS LDAP Successful Binds per Second 0 25 50 600 Interesant parameter for capacity plannings
ADLDPCNS LDAP New Connections per Second 0 200 250 600 Silent mode ( -s) recommmended
ADLDPCSS LDAP New SSL Connections per Second 0 25 50 600 Silent mode ( -s) recommmended
ADLDPCCS LDAP Closed Connections per Second 0 25 50 600 Interesant parameter for capacity plannings
ADLDPUPS LDAP UDP operations per Second 0 25 50 600 Interesant parameter for capacity plannings

Information Events

Info events retieve general data about instance, usually this data doesn't change over time. This kind of events have no severity, simply provides instance details.

EVENT DESCRIPTION tseconds Observations
ADINFDNM INFO: Domain Name 86400 (24 hours) server domain name

Active Directory agent events

AVAILABL

AVAILABL event will return Active Directory availability

Return values:

VALUE MEANING
-1 Error
0 No connect
1 Active Directory availability

Recommended parameters:

Tipo de comparación Inverse. The higher value the lower severity (-c 1)
Monitoring interval 60 seconds – 300 seconds –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

AVAILABL = -t 300 -c 1 -w 0 -a 0 -T "Active Directory availability "

Remarks:

ADTHREAD

ADTHREAD event will return the number of active threads in the Active Directory

Return values:

VALUE MEANING
-1 Error
X DS Threads in use

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 300 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADTHREAD = -t 300 -c 0 -w 200 -a 300 -T "DS Threads in use"

Remarks:

ADDSWRTS

ADDSWRTS will return the number of DS Directory Writes per second

Return values:

VALUE MEANING
-1 Error
X DS Directory Writes per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADDSWRTS = -t 600 -c 0 -w 100 -a 200 -T "DS Directory Writes per second"

Remarks:

ADDSREAS

ADDSREAS will return the number of DS Directory Reads per second

Return values:

VALUE MEANING
-1 Error
X DS Directory Reads per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADDSREAS = -t 600 -c 0 -w 200 -a 400 -T "DS Directory Reads per second"

Remarks: It seems that some active directory servers miscalculate this WMI variable and show it in absolute value and not in per second value.

ADDSSCHS

ADDSSCHS will return the number of DS Directory Searches per second

Return values:

VALUE MEANING
-1 Error
X DS Directory Searches per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADDSSCHS = -t 600 -c 0 -w 200 -a 400 -T "DS Directory Searches per second"

Remarks: It seems that some active directory servers miscalculate this WMI variable and show it in absolute value and not in per second value.

ADCBINDS

ADCBINDS will return the number of DS Client Binds per second

Return values:

VALUE MEANING
-1 Error
X DS Client Binds per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADCBINDS = -t 600 -c 0 -w 50 -a 100 -T "DS Client Binds per second"

Remarks: It seems that some active directory servers miscalculate this WMI variable and show it in absolute value and not in per second value.

ADSBINDS

ADSBINDS will return the number of DS Server Binds per second

Return values:

VALUE MEANING
-1 Error
X DS Server Binds per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADSBINDS = -t 600 -c 0 -w 50 -a 100 -T "DS Server Binds per second"

Remarks: It seems that some active directory servers miscalculate this WMI variable and show it in absolute value and not in per second value.

ADKDCASR

ADKDCASR will return the number of KDC AS Requests per second

Return values:

VALUE MEANING
-1 Error
X KDC AS Requests per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADKDCASR = -t 600 -c 0 -w 25 -a 50 -T "KDC AS Requests per second"

Remarks:

ADKDCTGS

ADKDCTGS will return the number of KDC TGS Requests per second

Return values:

VALUE MEANING
-1 Error
X KDC TGS Requests per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADKDCTGS = -t 600 -c 0 -w 50 -a 100 -T "KDC TGS Requests per second"

Remarks:

ADKRBAUT

ADKRBAUT will return the number of Kerberos Authentications per second

Return values:

VALUE MEANING
-1 Error
X Kerberos Authentications per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADKRBAUT = -t 600 -c 0 -w 400 -a 600 -T "Kerberos Authentications per second"

Remarks:

ADNTLMAU

ADNTLMAU will return the number of NTLM Authentications per second

Return values:

VALUE MEANING
-1 Error
X NTLM Authentications per second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADNTLMAU = -t 600 -c 0 -w 25 -a 50 -T "NTLM Authentications per second"

Remarks: It seems that some active directory servers miscalculate this WMI variable and show it in absolute value and not in per second value.

ADLDPCLS

ADLDPCLS will return the number of LDAP Client Sessions

Return values:

VALUE MEANING
-1 Error
X LDAP Client Sessions

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPCLS = -t 600 -c 0 -w 25 -a 50 -T "LDAP Client Sessions"

Remarks:

ADLDPATH

ADLDPATH will return the number of LDAP Active Threads

Return values:

VALUE MEANING
-1 Error
X LDAP Active Threads

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPATH = -t 600 -c 0 -w 20 -a 30 -T "LDAP Active Threads"

Remarks:

ADLDPWPS

ADLDPWPS will return the number of LDAP Writes per Second

Return values:

VALUE MEANING
-1 Error
X LDAP Writes per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPWPS = -t 600 -c 0 -w 25 -a 50 -T "LDAP Writes per Second"

Remarks:

ADLDPSPS

ADLDPSPS will return the number of LDAP Searchs per Second

Return values:

VALUE MEANING
-1 Error
X LDAP Searchs per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPSPS = -t 600 -c 0 -w 25 -a 50 -T "LDAP Searchs per Second"

Remarks: It seems that some active directory servers miscalculate this WMI variable and show it in absolute value and not in per second value.

ADLDPBPS

ADLDPBPS will return the number of LDAP Successful Binds per Second

Return values:

VALUE MEANING
-1 Error
X LDAP Successful Binds per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPBPS = -t 600 -c 0 -w 25 -a 50 -T "LDAP Successful Binds per Second"

Remarks:

ADLDPCNS

ADLDPCNS will return the number of LDAP New Connections per Second

Return values:

VALUE MEANING
-1 Error
X LDAP New Connections per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPCNS = -t 600 -c 0 -w 200 -a 250 -T "LDAP New Connections per Second"

Remarks:

ADLDPCSS

ADLDPCSS will return the number of LDAP New SSL Connections per Second

Return values:

VALUE MEANING
-1 Error
X LDAP New SSL Connections per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPCSS = -t 600 -c 0 -w 25 -a 50 -T "LDAP New SSL Connections per Second"

Remarks:

ADLDPCCS

ADLDPCCS will return the number of LDAP Closed Connections per Second

Return values:

VALUE MEANING
-1 Error
X LDAP Closed Connections per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPCCS = -t 600 -c 0 -w 25 -a 50 -T "LDAP Closed Connections per Second"

Remarks:

ADLDPUPS

ADLDPUPS will return the number of LDAP UDP operations per Second

Return values:

VALUE MEANING
-1 Error
X LDAP UDP operations per Second

Recommended parameters:

Comparison type Direct. The higher value the higher severity (-c 0)
Monitoring interval 600 seconds – 1 hour –> depends on instance importance
Warning threshold Consult with your Active Directory administrator
Alert threshold Consult with your Active Directory administrator

Parameter setting example:

ADLDPUPS = -t 600 -c 0 -w 25 -a 50 -T "LDAP UDP operations per Second"

Remarks:

Active Directory agent prerequisites

In order to compile, this agent requires a set of prerequisites, which are generic to compile any Osmius agent, you can see these prerequisites.

Verify that your system supports WMI.

Active Directory agent makefiles and compilation

  • Make Project Creator (MPC) is used by Osmius, so creating Makefiles is a trivial task. If you want to learn more about MPC and Osmius check out the section of Makefiles on Osmius.
  • In the particular case of Active Directory Osmius agent and Visual C 8 you can easily generate Makefile as follows:

From the agent directory using console or terminal.

%ACE_ROOT%\bin\mpc.pl -type vc8 osm_ag_activedirectory.mpc
  • Now that you created the Makefile, agent compiling is extremely simple.
Double click on Osm_Ag_Activedirectory_Osmius.vcproj and the project will be opened with Visual C.
Select the Rebuild option to compile.

Binaries are automatically installed in the bin directory of OSM_ROOT base directory.

Run Active Directory agent

Active Directory agent have the same running features of the other Osmius agents. You can check it out int he section Start and Stop Agents.

To run Active Directory agent without Osmius web console:

osm_ag_MSACTDIR.exe -c osm_ag_MSACTDIR.ini -m MASTERAG -p 1950 -d » [>> osm_ag_Active directory.log]1)

Running in standalone mode

Active Directory Osmius agent, like the others Osmius agents, allows the execution in standalone mode. This option may be particularly useful when developing a new agent or to perform specific agent tests.

Basically you have to add a new value, called SNDCMD, to Active Directory Osmius agent configuration file (osm_ag_MSACTDIR.ini) as shown here.

Then you must run the Active Directory Osmius agent setting Master Agent communications port to zero, for example:

osm_ag_MSACTDIR.exe -c osm_ag_MSACTDIR.ini -m 00000000 -p 0 -d

Tests list

Performed test for Active Directory Osmius agent.

Date: / /
Test Results Comment
Creating an instance with all its events in silent mode - -
Creating an instance with all its events with custom text - -
Creating an instance with all its events but no custom text - -
Declaration of 3 instances with all its events to 5 seconds and keep it
running for 48 hours
- -
Declare 2 instances, cause a disconnect and then reconnect - -
Declare 1 instance and test each event - -
Elimination of general parameter and check unbootable - -
Elimination of instance CONN_INFO and check unbootable - -

APPENDIX

User permissions settings

To set up an user to access WMI without adding the user to an Administrative group, follow the next steps.

  1. Click Start, click Run, type wmimgmt.msc in the Open box, and then click OK.
  2. Right-click WMI Control, and then click Properties.
  3. Click the Security tab.
  4. Expand the Root folder, select the CIMV2 folder, and then click Security.
  5. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  6. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Execute Methods
    2. Enable Account
    3. Remote Enable
    4. Read Security
  7. Click Advanced. In the Permission entries list, select the user you added in step 5, and then click Edit.
  8. In the Apply onto box, click This namespace and subnamespaces.
  9. Click OK three times.
  10. Quit the WMI Control snap-in.
  11. Click Start, click Run, type dcomcnfg.exe in the Open box, and then click OK.
  12. Select Component Services and then expand it. Then expand Computers. Right-click My Computer and select Properties.
  13. Select the COM Security tab.
  14. In the Access Permissions section, click Edit Limits….
  15. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  16. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Local Access
    2. Remote Access
    3. Click OK.
  17. In the Launch and Activation Permissions section, click Edit Limits….
  18. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  19. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Local Launch
    2. Remote Launch
    3. Local Activation
    4. Remote Activation
    5. Click OK twice.
  20. Expand My Computer and expand DCOM Config.
  21. Right-click Windows Management and Instrumentation and click Properties.
  22. Click the Security tab.
  23. In the Access Permissions section, click Edit….
  24. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
  25. In the Permissions for User list, click the Allow check box next to the following permissions:
    1. Local Access
    2. Remote Access
    3. Click OK twice.
  26. Quit the Component Services snap-in.
  27. Restart the target computer.

Firewall settings

To enable or disable WMI traffic using Windows firewall user interface

  1. Control Panel - Security - Windows Firewall.
  2. Click Change Settings and then click the Exceptions tab.
  3. In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall.


You can do it at the command prompt.

  1. To enable WMI traffic through the Windows firewall.
    • netsh advfirewall firewall set rule group=“windows management instrumentation (wmi)” new enable=yes
  2. To disable WMI traffic through the Windows firewall.
    • netsh advfirewall firewall set rule group=“windows management instrumentation (wmi)” new enable=no


If you have another firewall other than Windows, is good to know that DCOM communications (used by WMI) are usually made using port 135.

1) Optional, to store agent messages in a file
 
en/agentes/msactdir.txt · Last modified: 2012/12/05 19:30 by osmius
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki