Product Reviews

Active Directory Monitoring Made Easier

Make life with Windows 2000 easier by closely monitoring and troubleshooting Active Directory.

If your Active Directory malfunctions, your users may be denied access to critical network resources. If an employee is fired, replication problems may allow that employee to access resources on your network even after you’ve removed his or her account. Since directory services are new to Windows and therefore new to most Windows 2000 administrators, would you know how to troubleshoot these problems? Would you even be aware if they existed in your network?

NetPro has released a new product that anyone who administers a Win2K network should consider buying. It’s called DirectoryAnalyzer, and it’s designed to help you monitor and troubleshoot one of the most important services on your network: Active Directory. Fortunately, NetPro has a lot more experience with directory services than almost anyone else, since they’ve been making utilities to help administrators with Banyan and Novell directories for years.

DirectoryAnalyzer monitors your Active Directory infrastructure by means of a software agent installed on each of your domain controllers. These agents report through a hierarchy and ultimately to an administrative console installed on your desktop. This distributed agent allows you to monitor how any part of your directory is functioning from a single console. Sure, you can use the MMC interface included with Win2K to view objects in your directory, but it won’t tell you how long replication is taking at an individual domain controller.

First, DirectoryAnalyzer monitors your directory services for problems and alerts you if (and when) they occur. For example, if replication takes longer than the threshold you specify, an alert will occur. This alert is sent via SMTP and can be viewed either in the Event Viewer or the DirectoryAnalyzer client. Similarly, it can alert you to problems with resolving those mysterious SRV records that clients depend on to locate directory servers in the first place.

Why do you need DirectoryAnalyzer to alert you to these problems? Because problems with the Active Directory may manifest themselves in subtle and constantly changing ways. If one Active Directory server is taking a long time to respond to queries, your users’ networked applications may seem lethargic. They may be refused access to files they need. The Exchange Server may fail. Without DirectoryAnalyzer, it could take hours to isolate the problematic domain controller.

Once you’ve identified a problem, you can use the included Knowledge Base to read expert information provided by NetPro. This Knowledge Base is context sensitive; the DirectoryAnalyzer client lets you jump directly to the correct page detailing a problem you’re experiencing.

DirectoryAnalyzer can help you prevent problems, too, by alerting you to slowing response times before it has gotten slow enough to cause applications to time out. We’ve all seen servers slow down over time, often the result of an application or service with a memory leak. With a new operating system such as Win2K, you can expect some unpredictability. By carefully tuning the thresholds within DirectoryAnalyzer, you can detect a problem and schedule a server reboot before it has to be done as an emergency.

Finally, you can use the troubleshooting tools to further isolate the problem. You can easily discover packet round-trip times between domain controllers and check on how long it takes to get an answer to an Active Directory query. Sure, you could do this in other ways: manually pinging between domain controllers provides round-trip times, and Network Monitor can be used to check Active Directory query times. However, DirectoryAnalyzer provides this information in a few seconds instead of several minutes. The client also allows you to browse the Active Directory from the perspective of a single domain controller.

If your network is small—only a handful of domain controllers—you probably won’t ever need a sophisticated tool like DirectoryAnalyzer. For simple networks, the Active Directory administrative tools included with Win2K Server will suffice. However, if you have more than five domain controllers, or if you’re responsible for a worldwide network using low-bandwidth WAN links or unpredictable VPN connections, DirectoryAnalyzer will make your life easier by saving you troubleshooting time. Your manager will like it, too, because the alerting tools will help you avoid downtime and thereby improve user productivity.

About the Author

Tony Northrup, MCSE, Compaq ASE, lives in the Boston area and is currently a systems architect at Genuity. He’s the author of Introducing Windows 2000 Server (Microsoft Press) and NT Network Plumbing (IDG Books), and co-author of Networking Essentials Unleashed (SAMS Publishing).

comments powered by Disqus
Most   Popular