• EnglishEspañol日本語한국어Português
  • Log inStart now

Active Directory integration

With our Active Directory integration, you can easily monitor the health of your directory services environment and proactively alert on potential issues.

Built with our infrastructure agent, the Active Directory integration gives you a set of pre-built and that let you view your most critical performance data, all in one place.

After setting up the Active Directory integration with New Relic, see your data in a dashboard like this, right out of the box.

To get the most out of this page, select the installation method that fits your environment. You need a New Relic account before starting the installation process.

Tip

Use guided install to quickly see your data in the UI

The guided install is a single CLI command you can run to monitor your Active Directory services. It's a good option for small organizations, or for anyone who wants to test out New Relic.

Guided install

For a more permanent and scalable solution, we recommend the standard manual install of the integrations: keep reading for how to do that.

Install the infrastructure agent

To use the Active Directory integration, you need to first install the infrastructure agent on the same host. The infrastructure agent monitors the host itself, while the integration you'll install in the next step extends your monitoring with Active Directory-specific data.

Clone the Active Directory integration repo

Run the following command in your CLI to clone the New Relic Active Directory integration repository:

bash
$
git clone https://github.com/newrelic/newrelic-active-directory-integration.git

Copy configuration files

Copy the relevant configuration files from the repository to the agent, replacing $ROOT_PATH with the path where you cloned the repository:

# integrations.d
Copy-Item -Path "$ROOT_PATH\newrelic-active-directory-integration\integrations.d\*"     -Destination "C:\Program Files\New Relic\newrelic-infra\integrations.d" -Recurse


# logging.d
Copy-Item -Path "$ROOT_PATH\newrelic-active-directory-integration\logging.d\*"     -Destination "C:\Program Files\New Relic\newrelic-infra\logging.d" -Recurse

Install the integration

Install the Active Directory quickstart from the New Relic I/O catalog to add the relevant dashboard and alerts.

Find and use data

The collection of telemetry from Active Directory depends on various configuration and script files located in the infrastructure agent's directory structure like this:

C:\Program Files\New Relic\newrelic-infra\
    ├── integrations.d
    │   ├── windows-active-directory-performance-counters.ps1
    │   ├── windows-active-directory-performance-counters.yml
    │   ├── windows-active-directory-replication-checks.yml
    │   ├── windows-active-directory-replication-failures.ps1
    │   ├── windows-active-directory-replication-partners.ps1
    │   └── windows-active-directory-services.yml
    └── logging.d
        └── windows-active-directory.yml

Each of these files works together to present a full observability footprint. The resulting telemetry in New Relic consists of Metrics, Events, and Log data.

Event details

EVENT ATTRIBUTE

COUNTER NAME

DESCRIPTION

addressBookClientSessions

\NTDS\AB Client Sessions

Number of connected address book client sessions

inboundFullSyncObjectsRemaining

\NTDS\DRA Inbound Full Sync Objects Remaining

The number of objects remaining until the full synchronization is completed

draInbound

\NTDS\DRA Inbound Values (DNs only)/sec

The number of object property values received from inbound replication partners that are DNs that reference other objects

draOutbound

\NTDS\DRA Outbound Values (DNs only)/sec

The number of object property values containing DNs sent to outbound replication partners

draPendingReplicationSync

\NTDS\DRA Pending Replication Synchronizations

The number of directory synchronizations that are queued for this server but not yet processed

directoryReadsPerSec

\NTDS\DS Directory Reads/sec

The number of directory reads per second

directoryWritesPerSec

\NTDS\DS Directory Writes/sec

The number of directory writes per second

directoryNotifyQueueSize

\NTDS\DS Notify Queue Size

The number of pending update notifications that are queued but not yet transmitted to clients

directoryThreadsInUse

\NTDS\DS Threads in Use

The current number of threads that the directory service is using

ldapActiveThreads

\NTDS\LDAP Active Threads

The current number of threads that the LDAP subsytem of the local directory service uses

ldapBindTime

\NTDS\LDAP Bind Time

The time (in milliseconds) that is taken to complete the last LDAP bind

ldapClientSessions

\NTDS\LDAP Client Sessions

The number of currently connected LDAP client sessions

ldapSearchesPerSec

\NTDS\LDAP Searches/sec

The rate at which LDAP clients perform search operations

ldapSuccessfulBindsPerSec

\NTDS\LDAP Successful Binds/sec

The number of LDAP binds per second

contextSwitchesPerSec

\System\Context Switches/sec

The combined rate at which all processors on the computer are switched from one thread to another

processorQueueLength

\System\Processor Queue Length

The number of threads waiting to be executed in queue

Windows Services

Collection of Active Directory Windows Services is accomplished via the native Windows Services integration using this configuration file:

windows-active-directory-services.yml

The results of this collection are stored as dimensional metrics with the decorated label: label.primary_app = 'active_directory'.

Metric details

SERVICE NAME

DESCRIPTION

ADWS

Active Directory Web Services

DFS

Distributed File System

DFSR

DFS Replication

DNS

DNS Server

Dnscache

DNS Client

IsmServ

Intersite Messaging

kdc

Kerberos Key Distribution Center

lanmanserver

Server

lanmanworkstation

Workstation

Netlogon

Net logon

NTDS

Active Directory Domain Services

RpcSs

Remote Procedure Call (RPC)

SamSs

Security Accounts Manager

W32Time

Windows Time

Event details

EVENT NAME

ATTRIBUTE

DESCRIPTION

activeDirectoryReplicationFailures

failureCount

Integer indicating the total count of replication failures that have occurred on the specified domain controller.

activeDirectoryReplicationFailures

failureType

String representation of the latest type of replication failure experienced by the specified domain controller.

activeDirectoryReplicationFailures

firstFailureTime

Timestamp (MM/dd/yyyy h:mm:ss tt) string indicating the first observed failure on the specified domain controller.

activeDirectoryReplicationFailures

lastError

Integer indicating the last error code received for a replication failure on the specified domain controller.

activeDirectoryReplicationFailures

server

String name of the domain controller where the replication failure occurred.

activeDirectoryReplicationPartners

lastReplicationAttempt

Timestamp (MM/dd/yyyy h:mm:ss tt) string indicating the last attempt at replication between the server and partner.

activeDirectoryReplicationPartners

lastReplicationSuccess

Timestamp (MM/dd/yyyy h:mm:ss tt) string indicating the last successful replication between the server and partner.

activeDirectoryReplicationPartners

partner

Short name of the remote partner for replication.

activeDirectoryReplicationPartners

server

Short name of the local server for

Windows Event Logs

Collection of Active Directory Windows Events is performed with the integrated log forwarder on the infrastructure agent using this configuration file:

windows-active-directory.yml

The results of this collection are stored as logs with the decorated label: logtype = 'active_directory'.

Log details

CHANNEL

EVENT ID

DESCRIPTION

Security

4609

Windows is shutting down

Security

4616

The system time was changed

Security

4625

An account failed to log on

Security

4648

A logon was attempted using explicit credentials

Security

4649

A replay attach was detected

Security

4950

An IPsec Main Mode security association was established

Security

4697

A service was installed in the system

Security

4713

Kerberos policy was changed

Security

4714

Encrypted data recovery policy was changed

Security

4719

System audit policy was changed

Security

4720

A user account was created

Security

4723

An attempt was made to change an account's password

Security

4724

An attempt was made to reset an accounts password

Security

4725

A user account was disabled

Security

4726

A user account was deleted

Security

4738

A user account was changed

Security

4739

Domain Policy was changed

Security

4740

A user account was locked out

Security

4781

A computer account was created

System

1083

The security descriptor version number could not be determined

System

1202

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done

System

1265

The attempt to establish a replication link for the following writable directory partition failed

System

1311

The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition

System

1388

During the past [number] days; replication errors in one or more directory partitions have caused replication to be disabled for the specified naming context on the current domain controller

System

1645

Active Directory Domain Services has detected that the domain is still using the default password for the 'Administrator' account

System

5805

The session setup from the computer [computer name] failed to authenticate

System

5807

During the past [number] days; there have been a few replication errors in the forest. There may be network or connectivity problems in the forest

Check the source code

This integration is open source software. That means you can browse its source code and send improvements, or create your own fork and build it.

Copyright © 2024 New Relic Inc.
CareersTerms of ServiceDMCA PolicyPrivacy NoticeCookie PolicyUK Slavery Act

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.