Monitors included into Domain Controllers – Windows 2012 AD Domain Controller template
The monitors from this application template check all the essential AD services status for a Windows 2012 Active Directory Domain Controller. A domain controller is a server that is running a version of the Windows Server® operating system and has Active Directory® Domain Services installed. A domain controller stores one domain directory partition consisting of information about the domain in which it is located, plus the schema and configuration directory partitions for the entire forest.
Some of the monitors from this application template use WMI to collect their data, hence make sure the WMI services are enabled on the target host. More about templates.
Monitors list
Monitors description
Active Directory Domain Service (enabled by default) Shows if AD DS Service is alive. Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. This service is a core of AD Domain.
LDAP Server, TCP port (enabled by default) Shows if LDAP Server TCP port (default 389) is available and AD service listens on this port.
SMB port (enabled by default) Shows if SMB over TCP port (default 445) is available and AD service listens on this port.
Domain Controller 2012 status Shows Windows 2012 AD Domain Controller status on the host. This is a match monitor and hence is used only in network discovery process. You don’t need to enable it since it does not check any useful host characteristic.
Active Directory Certificate Service Shows if AD Certificate Service is alive. Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services for creating and managing public key certificates used in software security systems that employ public key technologies.
Active Directory Domain Service CPU usage Total Active Directory Domain Service CPU usage, in %.
Active Directory Domain Service memory usage Total Active Directory Domain Service memory usage in Kb.
Active Directory Web Service Shows if AD Web Service is alive. ADWS is a Windows service that provides a Web service interface to Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) instances, and Active Directory Database Mounting Tool instances that are running on the same server as ADWS. If the ADWS service is stopped or disabled, client applications, such as the Active Directory module for Windows PowerShell or the Active Directory Administrative Center will not be able to access or manage any directory service instances that are running on this server.
DNS Server Service Shows if the DNS service is alive. Off by default. Uses default port 53. Operation of Active Directory requires several special entries in DNS, you absolutely must configure all servers and clients of the domain such that they query a domain-intergrated DNS server that does have these special entries. Use this monitor to check availability of the domain-intergrated DNS service.
DNS response time Shows the domain-intergared DNS Service response time.
DFS Replication Service Shows if DFSR Service is alive. The Distributed File System Replication (DFSR) service is a new multi-master replication engine that is used to keep folders synchronized on multiple servers.
DFS Namespace Service Shows if DFS Service is alive. The Distributed File System (DFS) technologies offer wide area network file replication as well as simplified, highly-available access to dispersed files.
Intersite Messaging Service Shows if Intersite Messaging Service is alive. Intersite Messaging enables messages to be exchanged between computers running Windows Server sites. This service is used for mail-based replication between sites. Active Directory includes support for replication between sites by using SMTP over IP transport. If this service is stopped or disabled, Intersite messaging replication will not work nor will site routing information be calculated for other services.
Key Distribution Center Service Shows if Kerberos KDC Service is alive. The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS). If this service is stopped, users will be unable to log on to the domain and access services.
NETLOGON Disk space Free disk space on NETLOGON share, in %. The NETLOGON share plays a central role in domain logon and domain membership support. It is used to provide logon scripts, as well as to locate other common tools that may be needed for logon processing. This is an essential share on a domain controller.
NT File Replication Service Shows if NTFRS Service is alive. Off by default, included for compatibility only.
Net Logon Service Shows if NetLogon Service is alive. The NetLogon service verifies NTLM logon requests, and it registers, authenticates, and locates domain controllers. Also, to maintain compatibility with older operating systems, NetLogon manages replication of the user account database to back up domain controllers running Windows NT 4.0 and earlier.
RPC Locator Service Shows if RPC Locator Service is alive. Off by default, included for compatibility only.
SYSVOL Disk space Free disk space on SYSVOL share, in %. SYSVOL is a shared directory that stores the server copy of the domain’s public files that must be shared for common access and replication throughout a domain. This is an essential share on a domain controller.
Windows Time Service Shows if W32Time Service is alive. The Windows® Time service, also known as W32Time, synchronizes the date and time for all computers running in an AD DS domain. Time synchronization is critical for the proper operation of many Windows services and line-of-business applications. The Windows Time service uses the Network Time Protocol (NTP) to synchronize computer clocks on the network so that an accurate clock value, or time stamp, can be assigned to network validation and resource access requests.
ADWS port Active Directory Web Services TCP port.
Global Catalog port #1 Shows if the DC answers on Global Catalog TCP port (default 3268). The Global Catalog enables searching for Active Directory objects in any domain in the forest without the need for subordinate referrals, and users can find objects of interest quickly without having to know what domain holds the object.
Global Catalog port #2 Shows if the DC answers on Global Catalog TCP port (default 3269).
LDAP SSL port Shows if LDAP Server uses SSL-encrypted connection. Uses default port 636. This monitor is off by default.
LDAP Server, UDP port Shows if LDAP Server listens on UDP port (default 389). A client uses a so-called LDAP “Ping” to the candidate domain controller to determine whether the domain controller is handling requests. This monitor is off by default.
Templates overview
IPHost Network Monitor provides application templates (or just “templates” later in document), to create multiple relevant monitors in only a few clicks. Templates facilitate adding typical monitors sets; this can be particularly useful in case of big networks, when creating same-type monitors for many same-type devices is a common task. Application templates are sets of monitors that can be added, using specific predefined parameters, for a given host at once. The said set, added for given host, is displayed as a separate node in tree view pane, and is named application.
There are predefined templates; user can as well generate templates of their own – either out of existing monitors, or by cloning a predefined template. User-added template definitions are saved in XML files and can thus be conveniently augmented or applied to specific needs.
