Templates: Domain Controllers – Samba4 AD Domain Controller

Monitors included into Domain Controllers – Samba4 AD Domain Controller (Linux/UNIX) template

The monitors from this application template check overall status and performance of the essential DC daemons of a Samba4 Active Directory Domain Controller. Most of the monitors collect their data over SSH, hence the sshd daemon should be running on a target host. More about templates.

Monitors list

Monitors description

Samba server process count (enabled by default) ‘Samba -D’ process count.  samba is the server daemon that provides Active Directory, filesharing and printing services to clients. The server provides filespace and directory services to clients using the SMB (or CIFS) protocol and other related protocols such as DCE/RPC, LDAP and Kerberos.

LDAP server, TCP port (enabled by default) Shows if LDAP Server TCP port (default 389) is available and SMB daemon listens on this port.

SMB port (enabled by default) Shows if SMB over TCP port (default 445) is available and SMB daemon listens on this port.

DNS response time Shows DNS server response time. Off by default. Uses default port 53. Operation of Active Directory requires several special entries in DNS, you absolutely must configure all servers and clients of the domain such that they query a DNS server that does have these special entries. Use this monitor to check performance of this DNS server.

DNS server process count Shows if the DNS server is alive. Use this monitor to check availability of the domain-specific DNS server.

Global Catalog port #1 Shows if the DC answers on Global Catalog TCP port (default 3268). The Global Catalog enables searching for Active Directory objects in any domain in the forest without the need for subordinate referrals, and users can find objects of interest quickly without having to know what domain holds the object.

Global Catalog port #2 Shows if the DC answers on  Global Catalog TCP port (default 3269).

KDC server process count Shows if Key Distribution Center daemon is alive. The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS).

LDAP SSL port Shows if LDAP Server uses SSL-encrypted connection. Uses default port 636. This monitor is off by default.

LDAP server, UDP port Shows if LDAP Server listens on UDP port (default 389). A client uses a so-called LDAP “Ping” to the candidate domain controller to determine whether the domain controller is handling requests. This monitor is off by default.

NETLOGON share disk space Free disk space on NETLOGON share. The NETLOGON share plays a central role in domain logon and domain membership support. It is used to provide logon scripts, as well as to locate other common tools that may be needed for logon processing. This is an essential share on a domain controller.

NTP daemon process count Shows if Network Time Protocol daemon is up and running. ntpd allows time synchronization with external sources and can also be configured to be a time source for others. An accurate time synchronization is absolutely necessary for a AD domain.

SMB daemon CPU usage Shows Samba server (smbd) CPU usage.

SMB daemon memory usage Shows Samba server (smbd) memory usage.

SMB daemon process count Shows Samba server process count. smbd is the server daemon that provides filesharing and printing services. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol.

SYSVOL share disk space Shows free disk space on SYSVOL share. SYSVOL is a shared directory that stores the server copy of the domain’s public files that must be shared for common access and replication throughout a domain. This is an essential share on a domain controller.

Samba server CPU usage Shows Samba server (samba -D) CPU usage.

Samba server memory usage Shows Samba server (samba -D) memory usage.

Samba4 AD Domain Controller (Linux/UNIX) tips

  • enable process count monitor for every essential DC service
  • enable NETLOGON and SYSVOL shares disk space monitor to make sure all the user logon procedures and shared resources are available
  • collect data on CPU/memory usage from all the DC essential process during several days and add state conditions to the corresponding monitors, so that an alert is issued if a value exceeds the configured limit

Templates overview

IPHost Network Monitor provides application templates (or just “templates” later in document), to create multiple relevant monitors in only a few clicks. Templates facilitate adding typical monitors sets; this can be particularly useful in case of big networks, when creating same-type monitors for many same-type devices is a common task. Application templates are sets of monitors that can be added, using specific predefined parameters, for a given host at once. The said set, added for given host, is displayed as a separate node in tree view pane, and is named application.

There are predefined templates; user can as well generate templates of their own – either out of existing monitors, or by cloning a predefined template. User-added template definitions are saved in XML files and can thus be conveniently augmented or applied to specific needs.