In part one of this series ( How and Why to Monitor Active Directory Performance ), I gave you some general information about how to monitor the Active Directory's performance in Windows 2000. As I did, I discussed how to use tools like the Event Viewer and System Monitor to search for potential problems. However, before you can use System Monitor effectively, you need to know what to look for. System Monitor contains dozens of counters which range from very useful to extremely obscure. In this article, I'll discuss some of the system monitor counters that you might find useful when monitoring Active Directory.
|"The System Monitor uses a variety of counters to monitor the system's performance. Each counter monitors one very specific aspect of the system's performance. The counters are organized into groups called Performance Objects."|
As I explained in part one, the System Monitor uses a variety of counters to monitor the system's performance. Each counter is designed to monitor one very specific aspect of the system's performance. The counters are organized into groups called Performance Objects, which exist for things like your system's processor, physical memory, or hard disk. If you scroll through the list of available Performance Objects, you'll notice that there's no Active Directory Performance Object. Instead, all of the Active Directory-related counters are stored under the NTDS Performance Object. The NTDS object itself contains too many counters to mention, so this article will focus on the more important ones.
Because of the high number of counters available for monitoring Active Directory and my space limitations, it's most effective to discuss the important counters in groups. The primary groups of counters that I'm discussing in this article are DRA inbound and outbound counters, DS counters, Kerberos counters, LDAP counters, and XDS counters.
DRA Inbound and Outbound Counters
Without a doubt, the largest group of important Active Directory-related counters deal with directory replication (DRA). The DRA counters are divided into two basic groups: inbound and outbound. In most cases, each inbound DRA counter has a corresponding outbound DRA counter that measures the data moving in the opposite direction.
As you page through the list of available DRA counters, you'll notice that many of the counters relate to bytes compressed or bytes not compressed. These counters refer to the size in bytes of the inbound or outbound replication data that's being sent to or received from other sites within the Active Directory. For example, the counter DRA Inbound Bytes Compressed (Between Sites, After Compression) / Sec measures the number of bytes per second of inbound compressed replication data from other sites.
In some environments, a byte count may be meaningless to you when you're looking at replication performance. In such environments, a measure of the actual number of objects that have been replicated may be more meaningful. The DRA Inbound Full Sync Objects Remaining counter displays the number of inbound Active Directory objects that remain before the entire replication process has completed. Other helpful counters are the DRA Inbound Objects per second counter, which measures the number of replicated objects received each second, and the DRA Inbound Objects Applied / Sec counter, which measures how many replicated objects are received and applied to the local copy of the Active Directory each second.
Occasionally, you may have a situation in which no objects seem to be replicating. This may mean that replication isn't working, or it could mean that no objects need to be replicated. To find out, try using the DRA Inbound Objects Filtered / Sec counter. This counter displays the number of inbound objects from other sites that don't contain any updates.
The counters that I've listed describe the basic functionality of the DRA section. Remember that the inbound and outbound counters work pretty much the same way. You should also remember that some basic vocabulary knowledge will help you figure out the counters that I haven't discussed. For example, the Active Directory is filled with objects. Each object contains properties and each object property contains values. Therefore, if a counter measures inbound values per second, you know that it's counting the individual values for each property associated with each object.