Professional Documents
Culture Documents
Management
Performance monitoring is the process of accurately and consistently measuring performance, so that you
can identify any potential bottlenecks which may be impairing the way in which Active Directory performs
within your environment. A bottleneck can take place on any Windows subsystem or network component,
and occurs when one resource prevents a different resource from operating optimally. Incorrectly
configured settings or the insufficient distribution of resources between network components can result in
bottlenecks occurring.
Monitoring performance can be considered the initial step in defining any performance optimization
strategy for your network or network resources. Before you can optimize performance, you have to
identify and eliminate existing bottlenecks, or potential bottlenecks. There are a few system and network
monitoring tools provided by Windows Server 2003, which can be used to monitor Active Directory
performance.
The steps involved in a typical performance monitoring process are listed below. Because performance
monitoring and optimization is a continuous process, you should regularly monitor performance,
especially when business needs and requirements change.
A few factors that should be considered when monitoring and managing performance are detailed
in the following section.
Making changes in a production environment should be done with care. You should plan for, and
test all changes prior to implementing them.
It is recommended to effect one change at a time, if you are implementing changes to improve
performance. This strategy would assist you in identifying the exact change(s) which resulted in
the performance increase.
When defining the base measurements to use to monitor performance, keep the measurement
component consistent.
Keep a record of performance history, and of any changes which were implemented to improve
performance.
When it comes to monitoring and managing Active Directory performance, the tasks which you
typically need to perform are summarized below:
You have to regularly monitor Active Directory to ensure the integrity and reliability of the Active
Directory database, and performance of your Active Directory domains and forests. Regularly
monitoring Active Directory would assist in speeding up the process of resolving performance
issues.
Error messages generated by Active Directory and the File Replication Service (FRS) are
recorded in the directory service log and file replication service log in Event Viewer. You would
need to firstly understand these logs, and then monitor them. Warning and informational
messages are also recorded in the directory and file replication service logs.
You can use the NTDS, FileReplicaConn, and FileReplicaSet performance objects to enable
System Monitor to track Active Directory and FRS replication performance.
An importance task associated with managing the performance of the Active Directory is
defragmenting the Active Directory database. Defragmenting the Active Directory database not
only improves performance, it also recovers disk space.
To improve performance you might need to move the Active Directory database or log files to a
new faster hard drive or array of hard drives. This is typically necessary when the size of the
Active Directory database and components increases, and usually involves replacing your slower
drives and controllers with faster drives and controllers.
The defragmentation of the Active Directory database is necessary because as data is deleted from the
database, gaps which ultimately reduce read or write performance, exist in the data as it is located on the
physical disk. Defragmenting the Active Directory database assists in keeping the database functioning at
its optimal performance level for read and write operations. A read operation and write operation can be
spilt into two components, namely; the data seeking component, and the data reading or writing
component. With reference to a typical write operation, seeking relates to finding the next free space that
you can write data to, and data writing refers to the commitment of data on the disk. When gaps exist in
the data as it is located on the physical disk, seek time is increased. This in turn leads to poorer
performance of the Active Directory database.
As mentioned earlier, the online defragmentation process of the Active Directory database does not
reduce the size of the database file, nor does it recover available free space. You can however perform
an offline defragmentation of the Active Directory database if you need to recover available free space
from the database.
A number of Active Directory management and maintenance tasks can be performed using the
Ntdsutil utility. These include:
To perform an offline defragmentation of the Active Directory database, you have to boot in the Directory
Services Restore Mode so that the Active Directory database remains offline. In Directory Services
Restore Mode, a domain controller boots without a copy of the Active Directory database. You can switch
to Directory Services Restore Mode by rebooting the computer, and then pressing F8 when prompted
during startup.
How to change the garbage collection interval (how often online
defragmentation of the Active Directory database occurs)
You must use of the following utilities/tools to change the garbage collection interval:
LDP.exe
ADSI script
ADSI Edit
To change the garbage collection interval, using ADSI Edit, follow the steps below.
1. Place the Windows Server 2003 CD- ROM in the CD-ROM drive.
2. Start the Windows Support Tools Setup Wizard.
3. On the End User License Agreement screen, click I Agree. Click Next.
4. Insert your name, and the name of the organization. Click Next.
5. Set the location for the installation of the support tools.
6. Click Install Now. After the installation, click Finish.
7. Click Start, Run, and enter mmc in the Run dialog box. Click OK.
8. From th File menu, click Add/Remove Snap-in.
9. When the Add/Remove Snap-in dialog box opens, click Add.
10. When the Add Standalone Snap-in dialog box opens, select ADSI Edit, and then click Add.
11. Click Close. Click OK to exit the Add/Remove Snap-in dialog box.
12. Proceed to right-click ADSI Edit, and select Connect To from the shortcut menu.
13. When the ADSI Edit Connection Settings dialog box opens, in the Select a well known Naming
Context list box, choose Configuration. Click OK.
14. In the left pane, expand the CN=Configuration,DC=(Domain name),DC=(Domain Name) node,
expand CN=Services node, and then expand the CN=Windows NT node.
15. Right-click CN=Directory Service, and choose Properties from the shortcut menu.
16. When the CN=Directory Service dialog box opens, select the garbageCollPeriod option from the
Attributes: list box.
17. A Value column setting specified as <Not Set> means that the default collection interval of 12
hours is enabled. This means that because the garbage collection process runs each 12 hours,
the online defragmentation of the Active Directory database occurs too at 12 hour intervals. The
online defragmentation of Active Directory database is the last operation performed by the
garbage collection process.
18. To change this setting, click Edit.
19. When the Integer Attribute Editor dialog box opens, set a new value (in hours) for the new
garbage collection interval.
20. Click OK.
21. Verify that the Value column setting shows the new value which you configured.
22. Click OK.
To configure the Directory Service to create an event log that estimates what free space would be
available after an offline defragmentation of the Active Directory database is performed,
1. Click Start, Run, and enter regedt32.exe in the Run dialog box. Click OK.
2. The Registry Editor opens.
3. Locate the 6 Garbage Collection entry by expanding HKEY_LOCAL_MACHINE, SYSTEM,
CurrentControlSet, Services, NTDS, and then Diagnostics.
4. Proceed to double-click 6 Garbage Collection entry.
5. Enter 1 in the Value Data text box.
6. Click OK.
Before you perform an offline defragmentation of the Active Directory database, you should first back up
system state data. System state data typically consists of boot and system files needed to start the
operating system, the COM+ Class Registration database, and the Registry.
When defining your strategy for monitoring domain controller performance within your Active Directory
environment, you should typically include the following:
You can use the Windows Server 2003 Event Viewer tool to monitor security events, system events,
application events, and events for particular services, such as directory service events. What this means
is that you can use Event Viewer to monitor Active Directory. To access Event Viewer to view the event
logs on a domain controller, click Start, Programs, Administrative Tools, and then click Event Viewer. The
following three logs are the default logs which can be viewed in Event Viewer:
Application log
System log
Security log
For all event log types, other than the Security log, three different levels of events are displayed:
When Active Directory is installed, the following two additional logs are enabled:
The event logs which are of importance for monitoring the directory service are listed below:
System: The system event log contains important information that relate to the stability and
condition of the operating system. You should reguarly monitor information included in this log
because it could impact the overall operation and performance of your domain controllers.
Application: The application event log contains information on Active Directory components.
Directory Service: The Directory service event log is the main event log used to monitor and
troubleshoot Active Directory operations and performance. The log contains a vast quantity of
information on Active Directory, including when the directory service starts and stops, and online
defragmentation. It contains all errors, warnings and other information generated by Active
Directory. Because of this, examining the Directory service event log is usually the first step in
isolating Active Directory performance problems.
File Replication Service: Because the File Replication Service (FRS) is used by Active Directory
to control the replication of SYSVOL, and to synchronize the content of the SYSVOL volume over
domain controllers; you might need to monitor the file replication service log. SYSVOL also
contains Group Policy and replication topology connection information.
DNS Server: In small organizations where a single server typically functions as a domain
controller and DNS server, monitoring the DNS server service is quite important. Monitoring DNS
is also important in Active Directory because it is used to find domain controllers and Global
Catalog servers within you Active Directory domains and forests.
Windows Server 2003 includes the Performance console which can be used to monitor Active Directory.
You can monitor the server on which Windows Server 2003 is installed, as well as remote servers. To
open the Performance console, click Start, Programs, Administrative Tools, and then click Performance.
Performance counters is the terminology used when referring to the metrics which are monitored via the
Performance console. The counters are grouped in relation to the performance objects which they
represent. An object is associated with a resource or service which can be monitored. What this means is
that for an object, you can use the counters associated with that particular object to monitor performance.
As just mentioned, System Monitor is included in the Performance console utility. When System Monitor
is selected in the left pane of the Performance console utility, the right pane shows a large graph which
illustrates the three recommended general system counters. These are Memory:Pages/sec, PhysicalDisk:
Avg disk queue length, and Processor:%Processor time. You can use the bottom section of the graph
pane to select different counters.
To monitor the performance of Active Directory, you have to first choose the performance object and the
related performance counters which you want to monitor. The specific object which should be monitored
to track Active Directory operation and performance is the NT Directory Services (NTDS) object. The
counters which represent different functions, components or aspects of Active Directory are represented
by the counters of the NTDS object, including:
While the NTDS object is the primary object for monitoring Active Directory, you should also monitor other
objects that support Active Directory. The more important counters of the NTDS object that should be
used to monitor Active Directory are listed below:
DRA Inbound Bytes Compressed (Between Sites, After Compression)/Sec; shows the
compressed size of inbound compressed replication data.
DRA Inbound Bytes Compressed (Between Sites, Before Compression)/Sec; displays the initial
size of inbound compressed replication data.
DRA Inbound Bytes Not Compressed (Within Site)/Sec; shows the bytes which were not
compressed, received via inbound replication.
DRA Inbound Bytes Total/Sec; the total bytes (compressed and uncompressed bytes) received
via inbound replication.
DRA Inbound Full Sync Objects Remaining; the number of objects remaining until the full
synchronization process has been finalized.
DRA Inbound Objects/Sec; the number of objects received from replication partners.
DRA Inbound Objects Applied/Sec; indicates the rate that replication updates are received from
replication partners, and are applied by the local directory service.
DRA Inbound Objects Filtered/Sec; the number of objects from inbound replication partners which
included no updates.
DRA Inbound Object Updates Remaining in Packet; indicates the number of object updates in
the replication update packet which are as yet not applied.
DRA Inbound Properties Applied/Sec; specifies the number of properties replicated.
DRA Inbound Properties Filtered/Sec; indicates the number of property changes which are
already acknowledged.
DRA Inbound Properties Total/Sec; indicates the total number of objects received from inbound
replication partners.
DRA Inbound Values (DNs Only)/Sec; indicates the number of object property values which have
been received via inbound replication partners that have distinguished names.
DRA Inbound Values Total/Sec; indicates the total number of object property values which have
been received via inbound replication partners.
DRA Outbound Bytes Compressed (Between Sites, After Compression)/Sec; shows the
compressed size of outbound replication data.
DRA Outbound Bytes Compressed (Between Sites, Before Compression)/Sec; the initial size of
outbound compressed replication data.
DRA Outbound Bytes Not Compressed (Within Site)/Sec; the bytes which were not compressed,
and were replicated out.
DRA Outbound Bytes Total/Sec; the total bytes (compressed and uncompressed bytes) which
were replicated out.
DRA Outbound Objects/Sec; the number of objects replicated out.
DRA Outbound Objects Filtered/Sec; the number of objects from outbound replication partners
which needed no updates.
DRA Outbound Properties/Sec; indicates the number of properties which were replicated out.
DRA Outbound Value (DNs Only)/Sec; indicates the number of object property values which have
been sent to outbound replication partners that have distinguished names.
DRA Outbound Values Total/Sec; indicates the total number of object property values which have
been sent to outbound replication partners.
DRA Pendng Replication Synchronizations; this counter becomes important if you need to
ascertain what replication backlog exists.
DRA Sync Requests Made; indicates the number of synchronization requests made to replication
partners.
LDAP Bind Time; indicates the time which the last successful LDAP binding took.
LDAP Client Sessions; shows the number of clients which are connected to the LDAP service.
LDAP Searches/Sec; displays the number of LDAP search operations performed by LDAP
clients.
LDAP Successful Binds/Sec; indicates the number of successful LDAP binds
Kerberos Authentications; shows the number of domain authentications occurring using the
Kerberos authentication protocol.
NTLM Authentications; shows the number of domain authentications occurring using the NTLM
authentication protocol.
The important counters of the FileReplicaSet object that should be monitored as part of your Active
Directory monitoring strategy are listed below:
Change Orders Received; indicates how many change notifications were received from inbound
partners.
Change Orders Sent; indicates how many change notifications were sent to outbound partners.
File Installed, shows the number of replicated files installed.
KB of Staging Space Free; shows the amount of free space in the staging directory. This is where
FRS stores files prior to replicating them.
KB of Staging Space In; indicates the amount of space being used by FRS in the staging
directory.
Packets Received; shows the number of FRS data and control packets that FRS received.
Packets Sent; shows the number of FRS data and control packets sent by FRS.
USN Records Accepted; shows the number of records which were approved for replication.
Other important System, Processor, and Memory object counters that should be monitored when
monitoring Active Directory are listed below.
Counter logs: You can use counter logs to gather performance data on resources and services.
You can view and analyze any data collected by counter logs in System Monitor, or you can
alternatively export the data to a spreadsheet or database application.
Trace logs: You can use trace logs to gather event traces which determine performance statistics
related to events such as page faults, and disk I/O.
Alerts: You can use alerts to set when a specific counter value should trigger a specific action;
such as sending an email to a designated user, running a program, or logging an entry in a log
file.
Click OK.
14. Click the Schedule tab, and set the appropriate schedule options.
15. Click OK.
You should strive to keep any overhead relating to monitoring Active Directory performance using
System Monitor at a minimal figure. Using the System Monitor graph, and specifying a vast
number of objects and counters for monitoring, results in an increase in monitoring overhead.
Because running System Monitor typically consumes resources, you should perform certain tasks
on the computer to conserve resources before using the tool. These should include disabling
services and screen saver programs which are not needed for the performance monitoring
process. The same measure should be used when using Performance Logs And Alerts to monitor
performance.
You should increase the size of the paging file to one and a half times the size of the physical
memory of the computer before running System Monitor. The ame measure should be used when
using Performance Logs And Alerts to monitor performance.
Logging information in log files also affects performance. This is because of the file size, and the
available disk space needed by log files. Lengthening the update interval could assist in keeping
the overhead associated with the directory service log file at an acceptable figure.
When monitoring performance with Performance Logs And Alerts, use the following strategies: