Using System Monitor Counters
In part one of this series ( How and Why to Monitor Active Directory Performance ), I gave you some general information about how to monitor the Active Directory's performance in Windows 2000. As I did, I discussed how to use tools like the Event Viewer and System Monitor to search for potential problems. However, before you can use System Monitor effectively, you need to know what to look for. System Monitor contains dozens of counters which range from very useful to extremely obscure. In this article, I'll discuss some of the system monitor counters that you might find useful when monitoring Active Directory.
|"The System Monitor uses a variety of counters to monitor the system's performance. Each counter monitors one very specific aspect of the system's performance. The counters are organized into groups called Performance Objects."|
As I explained in part one, the System Monitor uses a variety of counters to monitor the system's performance. Each counter is designed to monitor one very specific aspect of the system's performance. The counters are organized into groups called Performance Objects, which exist for things like your system's processor, physical memory, or hard disk. If you scroll through the list of available Performance Objects, you'll notice that there's no Active Directory Performance Object. Instead, all of the Active Directory-related counters are stored under the NTDS Performance Object. The NTDS object itself contains too many counters to mention, so this article will focus on the more important ones.
Because of the high number of counters available for monitoring Active Directory and my space limitations, it's most effective to discuss the important counters in groups. The primary groups of counters that I'm discussing in this article are DRA inbound and outbound counters, DS counters, Kerberos counters, LDAP counters, and XDS counters.
DRA Inbound and Outbound Counters
Without a doubt, the largest group of important Active Directory-related counters deal with directory replication (DRA). The DRA counters are divided into two basic groups: inbound and outbound. In most cases, each inbound DRA counter has a corresponding outbound DRA counter that measures the data moving in the opposite direction.
As you page through the list of available DRA counters, you'll notice that many of the counters relate to bytes compressed or bytes not compressed. These counters refer to the size in bytes of the inbound or outbound replication data that's being sent to or received from other sites within the Active Directory. For example, the counter DRA Inbound Bytes Compressed (Between Sites, After Compression) / Sec measures the number of bytes per second of inbound compressed replication data from other sites.
In some environments, a byte count may be meaningless to you when you're looking at replication performance. In such environments, a measure of the actual number of objects that have been replicated may be more meaningful. The DRA Inbound Full Sync Objects Remaining counter displays the number of inbound Active Directory objects that remain before the entire replication process has completed. Other helpful counters are the DRA Inbound Objects per second counter, which measures the number of replicated objects received each second, and the DRA Inbound Objects Applied / Sec counter, which measures how many replicated objects are received and applied to the local copy of the Active Directory each second.
Occasionally, you may have a situation in which no objects seem to be replicating. This may mean that replication isn't working, or it could mean that no objects need to be replicated. To find out, try using the DRA Inbound Objects Filtered / Sec counter. This counter displays the number of inbound objects from other sites that don't contain any updates.
The counters that I've listed describe the basic functionality of the DRA section. Remember that the inbound and outbound counters work pretty much the same way. You should also remember that some basic vocabulary knowledge will help you figure out the counters that I haven't discussed. For example, the Active Directory is filled with objects. Each object contains properties and each object property contains values. Therefore, if a counter measures inbound values per second, you know that it's counting the individual values for each property associated with each object.
The counters that begin with the letters DS refer to the Directory Service. The most important of these counters are self-explanatory. For example, the DS Directory Reads / Sec and DS Directory Writes / Sec count the number of Active Directory reads and writes per second, respectively. Another useful counter is the DS Threads in Use counter. You can use this counter to measure the impact that the directory services are having on your local machine.
|"If you'd like more information on a specific counter, select the counter within the Performance Console's Add Counter dialog box and click Explain."|
There's really only one Kerberos-related counter that you need to be aware of: Kerberos Authentications. This counter tracks the number of times per second that clients use a Kerberos ticket to authenticate to the domain controller that you're monitoring.
As you may know, the Active Directory is fully extensible through the Lightweight Directory Access Protocol (LDAP) protocol. Therefore, the various LDAP counters are very helpful when trying to check up on your Active Directory. The LDAP-related counters allow you to check things like the LDAP bind time and LDAP successful binds per second. You can also view the current number of LDAP sessions and the number of LDAP searches per second. In the case of LDAP-related counters, you can easily determine the function of the counter by looking at the counter's name. Each of the LDAP counters use obvious names, such as LDAP Client Sessions.
The primary XDS-related counter is the XDS Client Sessions counter. This counter tracks the current number of extended directory service connections made by clients. Usually, extended directory service connections are made by Windows 2000 services or administrative programs.
As you can see, you can use many different counters to monitor Active Directory. If you'd like more information on a specific counter, select the counter within the Performance Console's Add Counter dialog box and click the Explain button. You can also find explanations of some of the counters in the Windows 2000 Active Directory Service MCSE training kit from Microsoft Press. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.