Templates available in Domain Controllers category
Domain Controllers category offers 8 generic templates that can be applied to watch the health and state variables of different implementations of Windows domain services: from NT domains (Samba v3) to various features and versions of Active Directory domains.
Please have a look at Domain Controllers application templates section of our Application Templates Community where you can add your own templates, or download application templates offered by other users.
The below templates belong to Domain Controllers category:
Samba3 Domain Controller (Linux/UNIX) supports SMB and SMB2 specifications, thus allowing to work with Windows-provided domains supporting corresponding SMB (Server Message Block) protocol versions and extensions. The latest Samba v3 releases can join Windows AD (Active Directory) domains, while cannot operate as domain controllers. Samba v3 can operate as domain controllers of pre-AD SMB implementations. Samba v3 implementations provide a number of protocols/techniques implemented along with SMB (NMB, CIFS, MSRPC, WINS, SAM etc).
Samba3 Domain Controller over SNMP (Linux/UNIX) supports basically the same functionality as above, using SNMP to access the corresponding data.
Samba4 AD Domain Controller (Linux/UNIX) is implementation of modern SMB state, supporting Windows AD domains and capable of working as AD domain controller (of any type). Note that Samba v4 implements its own LDAP server, and doesn’t use external LDAP backend.
Samba4 AD Domain Controller over SNMP (Linux/UNIX): same as above, but utilizing SNMP to access the data.
Windows 2000 AD Domain Controller is historically first Windows server release offering switch to AD domain (from NT domains used since Windows NT). Computers were logically joined into trees and forests under AD.
Windows 2003 AD Domain Controller offered functionality improvements compared to Windows 2000 AD, examples: global catalog was cached across domain controllers to prevent logon failures when a specific controller was unreachable; inter-forest trusts introduced; migration from NT domain or cross-forest migration became available etc.
Windows 2008 AD Domain Controller was another upgrade of Windows domains services, introducing shadow copies for every folder, read-only domain controllers, recycling bin for AD, Managed Service accounts, offline domain join and multiple other features.
Windows 2012 AD Domain Controller introduced, among other functionality changes, SMB 3.0 – with features like direct to memory data transfer and SMB data encryption, directory leasing, VSS for SMB file shares, with failover options significantly improved.
Domain Controllers monitoring use cases
- if you domain controller is above Windows NT, most probably you are using Active Directory domain; check domain controller’s operating system version to get more clue which of AD mentioned above to use (for example, Windows 2000 AD Domain Controller in case your PDC is Windows 2000 Server
- if you upgrade Samba v3 domain to version 4, use Samba4 AD Domain Controller template and please make sure you have tested all the computers in your network first for compatibility with AD: there’s no way to downgrade domain membership back to NT domain (Samba v3)
- pre-Active Directory domains are known as NT domains; their Samba v3 implementations are still in wide use; if in doubt which domain you are trying to watch, attempt Samba3 Domain Controller (Linux/UNIX) or its SNMP alternative, if you cannot guess the exact features list
- other conditions equal, using SNMP with Linux servers allows accessing state variables with less resources consumption; consider using Samba4 AD Domain Controller over SNMP (Linux/UNIX) when using Samba4 AD domain controller, to save resources and reducing server load; domain controllers are crucial parts of network, and diminishing server load will improve system stability in general
Domain Controllers monitoring tips
- note that domain controller’s administrators are by default local administrators as well; you can use domain administrators credentials to run local WMI queries if necessary
- note that authentication across domains, or from standalone Windows computer to a domain resource may be tricky; read about domain trust and try using, when in doubt, domain administrative, or local administrative credentials; always look into Logs view of the monitor, for exact error number, to troubleshoot the issue quicker
- do never use actual, live-person domain account for authentication in monitors; create a special technical account instead; this way, if you lock out the account by mistake (expired password is one reason for it), you will not lock out the actual user; that said, avoid using actual Administrator account, create a special account instead and add it to corresponding Administrators group
- when moving IPHost installation onto another computer, stop monitoring service and check, after GUI client runs, that you are using correct Windows credentials: there’s big chance, unless you relocate installation to the neighbor computer within the same room, that credentials might stop to work; you can save your time from handling lockout or multiple Down alerts raising by checking new credentials outside IPHost – for example, try to connect to a share on the target computer and try entering test credentials