Active Directory

Supported OS Windows

통합 버전4.2.0

개요

Microsoft Active Directory의 메트릭을 통해 성능을 시각화하고 모니터링합니다.

설정

설치

Agent의 Active Directory 검사는 Datadog Agent 패키지에 포함되어 있으므로 서버에 다른 것을 설치할 필요가 없습니다.

도메인 환경에 Datadog Agent를 설치하는 경우 Agent 설치 요구 사항을 참조하세요.

구성

메트릭 수집

  1. Agent의 설정 디렉터리 루트에서 conf.d/ 폴더에 있는 active_directory.d/conf.yaml 파일을 편집하여 Active Directory 성능 데이터 수집을 시작하세요. 기본 설정에서는 이미 로컬호스트에 대한 메트릭을 수집해야 합니다. 사용 가능한 모든 설정 옵션은 샘플 active_directory.d/conf.yaml을 참조하세요.

  2. Agent를 재시작합니다

참고: 이 검사의 1.13.0 이상 버전에서는 메트릭 수집을 위한 새로운 구현을 사용하므로 Python 3이 필요합니다. Python 3을 사용할 수 없거나 이 검사의 레거시 버전을 사용하려는 호스트의 경우 다음 설정을 참조하세요.

검증

Agent의 상태 하위 명령을 실행하고 Checks 섹션에서 active_directory를 찾습니다.

수집한 데이터

메트릭

active_directory.dfsr.conflict_space_in_use
(gauge)		The total size (in bytes) of conflict files generated during DFS replication..
Shown as byte
active_directory.dfsr.deleted_space_in_use
(gauge)		The total size (in bytes) of files that have been deleted but are still in the staging folder.
Shown as byte
active_directory.dfsr.file_installs_retried
(gauge)		The total number of file installations that required retry during DFS replication.
Shown as event
active_directory.dfsr.staging_space_in_use
(gauge)		The current size (in bytes) of the DFS replication staging folder.
Shown as byte
active_directory.dhcp.failover.binding_updates_dropped
(gauge)		The number of DHCP binding update messages dropped.
Shown as message
active_directory.dhcp.failover.binding_updates_pending
(gauge)		The number of pending DHCP failover update messages.
Shown as message
active_directory.dhcp.failover.binding_updates_received
(gauge)		The number of DHCP failover update messages received (per second) from the failover partner.
Shown as message
active_directory.dhcp.failover.binding_updates_sent
(gauge)		The number of DHCP failover update messages sent (per second) to the failover partner.
Shown as message
active_directory.dra.inbound.bytes.after_compression
(gauge)		The compressed size (in bytes) of compressed replication data inbound from directory system agents (DSAs) in other sites (per second).
Shown as byte
active_directory.dra.inbound.bytes.before_compression
(gauge)		The uncompressed size (in bytes) of compressed replication data inbound from DSAs in other sites (per second).
Shown as byte
active_directory.dra.inbound.bytes.not_compressed
(gauge)		The uncompressed size (in bytes) of replication data that was not compressed at the source - that is, inbound from other DSAs in the same site (per second).
Shown as byte
active_directory.dra.inbound.bytes.total
(gauge)		The total number of bytes (per second) received through replication. It is the sum of the number of bytes of uncompressed data (never compressed) and compressed data (after compression).
Shown as byte
active_directory.dra.inbound.objects.applied_persec
(gauge)		The number of objects received (per second) from replication partners and applied by the local directory service. This counter excludes changes that are received but not applied (for example, when the update is already made). This counter indicates how many replication updates are occurring on the server as a result of changes generated on other servers.
Shown as object
active_directory.dra.inbound.objects.filtered_persec
(gauge)		The number of objects received (per second) from replication partners that contained no updates that needed to be applied.
Shown as object
active_directory.dra.inbound.objects.persec
(gauge)		The number of objects received (per second) through inbound replication from replication partners.
Shown as object
active_directory.dra.inbound.objects.remaining
(gauge)		The number of objects remaining until the full synchronization process is completed.
Shown as object
active_directory.dra.inbound.objects.remaining_in_packet
(gauge)		The number of object updates received in the current directory replication update packet that have not yet been applied to the local server. This counter tells you whether the monitored server is receiving changes, but is taking a long time applying them to the database.
Shown as object
active_directory.dra.inbound.properties.applied_persec
(gauge)		The number of changes (per second) to object properties that are applied through inbound replication as a result of reconciliation logic.
Shown as operation
active_directory.dra.inbound.properties.filtered_persec
(gauge)		The number of changes (per second) to object properties received during the replication that are already made.
Shown as operation
active_directory.dra.inbound.properties.total_persec
(gauge)		The total number of changes (per second) to object properties received from replication partners.
Shown as operation
active_directory.dra.inbound.values.dns_persec
(gauge)		The number of values of object properties received (per second) from replication partners in which the values are for object properties that belong to distinguished names. This number includes objects that reference other objects. A high number from this counter might explain why inbound changes are slow to be applied to the database.
Shown as operation
active_directory.dra.inbound.values.total_persec
(gauge)		The total number of values of object properties received (per second) from replication partners. Each inbound object has one or more properties, and each property has zero or more values. A value of zero indicates that the property is to be removed.
Shown as operation
active_directory.dra.outbound.bytes.after_compression
(gauge)		The compressed size (in bytes) of compressed replication data that is outbound to DSAs in other sites (per second).
Shown as byte
active_directory.dra.outbound.bytes.before_compression
(gauge)		The uncompressed size (in bytes) of compressed replication data outbound to DSAs in other sites (per second).
Shown as byte
active_directory.dra.outbound.bytes.not_compressed
(gauge)		The uncompressed size (in bytes) of outbound replication data that was not compressed - that is, outbound to DSAs in the same site (per second).
Shown as byte
active_directory.dra.outbound.bytes.total
(gauge)		The total number of bytes sent (per second). It is the sum of the number of bytes of uncompressed data (never compressed) and compressed data (after compression).
Shown as byte
active_directory.dra.outbound.objects.filtered_persec
(gauge)		The number of objects (per second) acknowledged by outbound replication partners that required no updates. This counter includes objects that the outbound partner did not already have.
Shown as object
active_directory.dra.outbound.objects.persec
(gauge)		The number of objects sent (per second) though outbound replication to replication partners.
Shown as object
active_directory.dra.outbound.properties.persec
(gauge)		The number of properties sent (per second). This counter tells you whether a source server is returning objects or not. Sometimes, the server might stop working correctly and not return objects quickly or at all.
Shown as operation
active_directory.dra.outbound.values.dns_persec
(gauge)		The number values of object properties sent (per second) to replication partners in which the values are for object properties that belong to distinguished names.
Shown as operation
active_directory.dra.outbound.values.total_persec
(gauge)		The total number of values of object properties sent (per second), to replication partners.
Shown as operation
active_directory.dra.replication.pending_synchronizations
(gauge)		The number of directory synchronizations that are queued for this server that are not yet processed. This counter helps in determining replication backlog - the larger the number, the larger the backlog.
Shown as event
active_directory.dra.sync_requests_made
(gauge)		The number of synchronization requests made to replication partners since computer was last restarted.
Shown as request
active_directory.ds.client_binds_persec
(gauge)		The number of LDAP client bind operations (per second) including both successful and failed attempts.
Shown as operation
active_directory.ds.threads_in_use
(gauge)		The current number of threads in use by the directory service (different from the number of threads in the directory service process). This counter represents the number of threads currently servicing API calls by clients, and you can use it to determine whether additional CPUs would be beneficial.
Shown as thread
active_directory.ldap.active_threads
(gauge)		The current number of threads in use by the LDAP subsystem for processing requests.
Shown as thread
active_directory.ldap.bind_time
(gauge)		The time (in milliseconds) required for the completion of the last successful LDAP binding.
Shown as millisecond
active_directory.ldap.client_sessions
(gauge)		The number of sessions of connected LDAP clients.
Shown as session
active_directory.ldap.searches_persec
(gauge)		The number of search operations (per second) performed by LDAP clients.
Shown as operation
active_directory.ldap.successful_binds_persec
(gauge)		The number of LDAP bindings (per second) that occurred successfully.
Shown as operation
active_directory.ldap.writes_persec
(gauge)		The number of LDAP write operations performed (per second).
Shown as operation
active_directory.netlogon.semaphore_acquires
(count)		The total number of times the Netlogon semaphore has been obtained since system startup.
Shown as event
active_directory.netlogon.semaphore_hold_time
(gauge)		The average time (in seconds) that the Netlogon semaphore is held. High values indicate slow authentication processing.
Shown as second
active_directory.netlogon.semaphore_holders
(gauge)		The number of threads currently holding the Netlogon semaphore.
Shown as thread
active_directory.netlogon.semaphore_timeouts
(count)		The total number of times a thread has timed out while waiting for the Netlogon semaphore.
Shown as timeout
active_directory.netlogon.semaphore_waiters
(gauge)		The number of threads waiting to obtain the Netlogon semaphore. A high value indicates authentication bottlenecks.
Shown as thread
active_directory.security.kerberos_authentications
(gauge)		The number of Kerberos authentications processed (per second).
Shown as operation
active_directory.security.ntlm_authentications
(gauge)		The number of NTLM authentications processed (per second).
Shown as operation

The integration collects metrics from the following Windows performance objects:

  • NTDS: Core Active Directory metrics including replication, LDAP operations, and directory service threads
  • Netlogon: Authentication performance metrics including semaphore statistics for monitoring authentication bottlenecks
  • Security System-Wide Statistics: Authentication protocol usage metrics (NTLM vs Kerberos)
  • DHCP Server: DHCP failover and binding update metrics (when DHCP Server role is installed)
  • DFS Replicated Folders: DFS replication health, conflicts, and staging metrics (when DFSR role is installed)
    • Note: Metrics are tagged with instance containing the DFS replication group name

이벤트

Active Directory 검사에는 이벤트가 포함되지 않습니다.

서비스 점검

Active Directory 검사에는 서비스 점검이 포함되지 않습니다.

트러블슈팅

도움이 필요하신가요? Datadog 지원팀에 문의하세요.