Module 8: Implementing an Active Directory Domain Services Monitoring Plan
description
Transcript of Module 8: Implementing an Active Directory Domain Services Monitoring Plan
![Page 1: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/1.jpg)
Module 8: Implementing an Active
Directory Domain Services Monitoring
Plan
![Page 2: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/2.jpg)
Module Overview
• Monitoring Active Directory Domain Services Using Event Viewer
• Monitoring Active Directory Domain Servers Using Reliability and Performance Monitor
• Configuring Active Directory Domain Services Auditing
![Page 3: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/3.jpg)
Lesson 1: Monitoring Active Directory Domain Services Using Event Viewer
• Event Viewer Features
• Demonstration: Overview of the Event Viewer
• Active Directory Domain Services Logs
• What Are Custom Views?
• What Are Subscriptions?
• Demonstration: Configuring Custom Views and Subscriptions
![Page 4: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/4.jpg)
Event Viewer Features
![Page 5: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/5.jpg)
Demonstration: Overview of the Event Viewer
In this demonstration, you will see how to navigate the Event Viewer
![Page 6: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/6.jpg)
Active Directory Domain Services Logs
The following logs can provide specific information about Active Directory issues:
• Application log connections
• System Log
• DFS Replication log
• Directory Service Log
• DNS Server log
• Group Policy\Operational
![Page 7: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/7.jpg)
What Are Custom Views?
Event 1.Security log
Event 2.System log
Event 3: DFS logEvent ViewerEvent Viewer
Custom views :
• Allow you to aggregate and filter information from multiple logs into a single view
• Are reusable
• Can be exported to other computers
![Page 8: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/8.jpg)
What Are Subscriptions?
Subscriptions collect events from multiple computers and store them locally
![Page 9: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/9.jpg)
Demonstration: Configuring Custom Views and Subscriptions
In this demonstration, you will see how to:
• Create a custom view and add the AD DS specific logs to the view.
• Create a subscription to collect logs from multiple domain controllers
![Page 10: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/10.jpg)
Lesson 2: Monitoring Active Directory Domain Servers Using Reliability and Performance Monitor
• Reliability and Performance Monitor Features
• Demonstration: Overview of the Reliability and Performance Monitor
• Monitoring AD DS Using Performance Monitor
• What Is an Active Directory Baseline?
• Monitoring Service Availability with Reliability Monitor
• Monitoring Active Directory Domain Services Using Data Collector Sets
• Demonstration: Monitoring AD DS
![Page 11: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/11.jpg)
Reliability and Performance Monitor Features
Reliability and Performance Monitor allows you to:
Perform real-time monitoring
Track performance of applications and services
Collect data
Generate alerts
Take action when thresholds are reached
Generate reports
![Page 12: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/12.jpg)
Demonstration: Overview of the Reliability and Performance Monitor
In this demonstration, you will see an overview of the Reliability and Performance monitor
![Page 13: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/13.jpg)
Monitoring AD DS Using Performance Monitor
Useful NTDS Counters for Monitoring Active Directory:
NTDS\ DRA Inbound Bytes Total/sec
NTDS\ DRA Outbound Bytes Total/sec
NTDS\ DRA Inbound Object
NTDS\ DRA Pending Replication Synchronizations
NTDS\ Kerberos Authentications/sec
NTDS\ NTLM Authentications
![Page 14: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/14.jpg)
What Is an Active Directory Baseline?
A baseline defines what a server looks like under normal workload conditions
Baseline measurements should include basic server counters and function specific counters
Servers performing different functions will have different baselines measurements
Problems areas can be identified by comparing baseline measurements to current statistics
![Page 15: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/15.jpg)
Monitoring Service Availability with Reliability Monitor
![Page 16: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/16.jpg)
Monitoring Active Directory Domain Services Using Data Collector Sets
• Organizes multiple data collection points into a single component
• Can be grouped with other data collection sets
• Can be incorporated into logs
• Can be created individually or from templates
Data Collector Sets can contain the following types of data collectors:
• Performance counters
• Event trace data
• System configuration information (registry key values)
![Page 17: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/17.jpg)
Demonstration: Monitoring AD DS
In this demonstration, you will see how to set up monitoring of Active Directory
![Page 18: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/18.jpg)
Lesson 3: Configuring Active Directory Domain Services Auditing
• What Is Active Directory Domain Services Auditing?
• Demonstration: Configuring an Audit Policy
• Types of Events to Audit
• Demonstration: Configuring AD DS Auditing
![Page 19: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/19.jpg)
What Is Active Directory Domain Services Auditing?
• Active Directory auditing can show old values and new values of changed attributes in audit entries
• Active Directory audit policy is divided into four subcategories
Directory service access
Directory service changes
Directory service replication
Detailed Directory service replication
• Only directory service access is enabled for success by default
• Use the Auditpol.exe command-line tool to view or set audit policy subcategories
![Page 20: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/20.jpg)
Demonstration: Configuring an Audit Policy
In this demonstration, you will see how to configure a global audit policy with the GPMC and adjust it with Auditpol.exe
![Page 21: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/21.jpg)
Event ID Category Event
4662 Directory service access An operation was performed on an Active Directory object
4722 User account management A user account was enabled
4726 User account management A user account was deleted
4738 User account management A user account was changed
5136 Directory service changes An Active Directory object was modified
5137 Directory service changes A new Active Directory object was created
5138 Directory service changes An Active Directory object was undeleted
Types of Events to Audit
![Page 22: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/22.jpg)
Demonstration: Configuring AD DS Auditing
In this demonstration, you will see how to configure the site link object to manage replication between sites
![Page 23: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/23.jpg)
Lab: Monitoring Active Directory Domain Services
• Exercise 1: Monitor AD DS Using Event Viewer
• Exercise 2: Monitor AD DS Using Performance and Reliability Monitor
• Exercise 3: Configure AD DS Auditing
Logon information
Virtual machine NYC-DC1, NYC-DC2
User name Administrator
Password Pa$$w0rd
Estimated time: 60 minutes
![Page 24: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/24.jpg)
Lab Review
• You want to enable the Directory Service Changes subcategory without enabling a global audit policy. How could you do this?
• What services must be running on a source computer in order to provide information to a subscription?
• You have enabled a global audit policy to collect directory service access events, but no events are showing up in the security log. What might the problem be?
![Page 25: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/25.jpg)
Module Review and Takeaways
• Review questions
• Considerations
![Page 26: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/26.jpg)
Beta Feedback Tool
• Beta feedback tool helps: Collect student roster information, module feedback, and
course evaluations. Identify and sort the changes that students request, thereby
facilitating a quick team triage. Save data to a database in SQL Server that you can later
query.
• Walkthrough of the tool
![Page 27: Module 8: Implementing an Active Directory Domain Services Monitoring Plan](https://reader036.fdocuments.us/reader036/viewer/2022081519/56813d7d550346895da75c2b/html5/thumbnails/27.jpg)
Beta Feedback
• Overall flow of module: Which topics did you think flowed smoothly, from topic to
topic? Was something taught out of order?
• Pacing: Were you able to keep up? Are there any places where the
pace felt too slow? Were you able to process what the instructor said before
moving on to next topic? Did you have ample time to reflect on what you learned? Did
you have time to formulate and ask questions?• Learner activities:
Which demos helped you learn the most? Why do you think that is?
Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this knowledge in your work environment?
Were there any discussion questions or reflection questions that really made you think? Were there questions you thought weren’t helpful?