Lab: Monitoring Active Directory Domain Services • Exercise 1: Monitor AD DS Using Event Viewer. • Exercise 2: Monitor AD DS Using Performance and Reliability Monitor[r]
Trang 1Module 8: Implementing an Active
Directory Domain Services Monitoring
Plan
Trang 2Module Overview
• Monitoring Active Directory Domain Services Using Event Viewer
• Monitoring Active Directory Domain Servers Using
Reliability and Performance Monitor
• Configuring Active Directory Domain Services Auditing
Trang 3Lesson 1: Monitoring Active Directory Domain Services Using Event Viewer
• Event Viewer Features
• Demonstration: Overview of the Event Viewer
• Active Directory Domain Services Logs
• What Are Custom Views?
• What Are Subscriptions?
• Demonstration: Configuring Custom Views
and Subscriptions
Trang 4Event Viewer Features
Trang 5Demonstration: Overview of the Event Viewer
In this demonstration, you will see how to navigate the Event Viewer
Trang 6Active Directory Domain Services Logs
The following logs can provide specific information about Active Directory issues :
Trang 7What Are Custom Views?
Event 1 Security log
Event 2 System log
Event 3: DFS log
Event Viewer
Custom views :
• Allow you to aggregate
and filter information
from multiple logs
into a single view
• Are reusable
• Can be exported to
other computers
Trang 8What Are Subscriptions?
Subscriptions collect
events from multiple
computers and store
them locally
Trang 9Demonstration: Configuring Custom Views
and Subscriptions
In this demonstration, you will see how to:
• Create a custom view and add the AD DS specific logs to the view
• Create a subscription to collect logs from multiple
domain controllers
Trang 10Lesson 2: Monitoring Active Directory Domain
Servers Using Reliability and Performance Monitor
• Reliability and Performance Monitor Features
• Demonstration: Overview of the Reliability and
Performance Monitor
• Monitoring AD DS Using Performance Monitor
• What Is an Active Directory Baseline?
• Monitoring Service Availability with Reliability Monitor
• Monitoring Active Directory Domain Services Using Data Collector Sets
• Demonstration: Monitoring AD DS
Trang 11Reliability and Performance Monitor Features
Reliability and Performance Monitor allows you to:
Perform real-time monitoring
Trang 12Demonstration: Overview of the Reliability and Performance Monitor
In this demonstration, you will see an overview of the Reliability and Performance monitor
Trang 13Monitoring AD DS Using Performance Monitor
Useful NTDS Counters for Monitoring Active Directory: NTDS\ DRA Inbound Bytes Total/sec
Trang 14What Is an Active Directory Baseline?
A baseline defines what a server looks like under normal
Problems areas can be identified by comparing baseline
measurements to current statistics
Trang 15Monitoring Service Availability with Reliability Monitor
Trang 16Monitoring Active Directory Domain Services Using Data Collector Sets
• Organizes multiple data collection points into a
single component
• Can be grouped with other data collection sets
• Can be incorporated into logs
• Can be created individually or from templates
Data Collector Sets can contain the following types of data collectors:
• Performance counters
• Event trace data
• System configuration information (registry key values)
Trang 17Demonstration: Monitoring AD DS
In this demonstration, you will see how to set up monitoring of Active Directory
Trang 18Lesson 3: Configuring Active Directory Domain Services Auditing
• What Is Active Directory Domain Services Auditing?
• Demonstration: Configuring an Audit Policy
• Types of Events to Audit
• Demonstration: Configuring AD DS Auditing
Trang 19What Is Active Directory Domain
Directory service access
Directory service changes
Directory service replication
Detailed Directory service replication
• Only directory service access is enabled for success by default
• Use the Auditpol.exe command-line tool to view or set audit policy subcategories
Trang 20Demonstration: Configuring an Audit Policy
In this demonstration, you will see how to configure a global audit policy with the GPMC and adjust it with Auditpol.exe
Trang 21Event ID Category Event
4662 Directory service access An operation was performed on an Active Directory object
4722 User account management A user account was enabled
4726 User account management A user account was deleted
4738 User account management A user account was changed
5136 Directory service changes An Active Directory object was modified
5137 Directory service changes A new Active Directory object was created
5138 Directory service changes An Active Directory object was undeleted
Types of Events to Audit
Trang 22Demonstration: Configuring AD DS Auditing
In this demonstration, you will see how to configure the site link object to manage replication between sites
Trang 23Lab: Monitoring Active Directory Domain Services
• Exercise 1: Monitor AD DS Using Event Viewer
• Exercise 2: Monitor AD DS Using Performance and
Reliability Monitor
• Exercise 3: Configure AD DS Auditing
Logon information
Virtual machine NYC-DC1, NYC- DC2
User name Administrator
Password Pa$$w0rd
Estimated time: 60 minutes
Trang 24Lab Review
• You want to enable the Directory Service Changes
subcategory without enabling a global audit policy How could you do this?
• What services must be running on a source computer in order to provide information to a subscription?
• You have enabled a global audit policy to collect directory service access events, but no events are showing up in the security log What might the problem be?
Trang 25Module Review and Takeaways
• Review questions
• Considerations
Trang 26Beta Feedback Tool
• Beta feedback tool helps:
Collect student roster information, module feedback, and course evaluations
Identify and sort the changes that students request, thereby facilitating a quick team triage
Save data to a database in SQL Server that you can later query
• Walkthrough of the tool
Trang 27Beta Feedback
• Overall flow of module:
Which topics did you think flowed smoothly, from topic to topic?
Was something taught out of order?
• Pacing:
Were you able to keep up? Are there any places where the pace felt too slow?
Were you able to process what the instructor said before
moving on to next topic?
Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions?
knowledge in your work environment?
Were there any discussion questions or reflection questions that really made you think? Were there questions you
thought weren’t helpful?