Skip to content

Enterprise Mobility + Security


Howdy folks,

We’ve just turned on the preview of Azure AD Connect Health for Windows Server AD. This new feature of Azure AD Premium gives IT admins the ability to monitor the health and performance of their on-premises Windows Server Domain Controllers from the cloud. This new capability has been a HUGE hit with our private preview customers and we’re hoping you’ll be excited as well.

I’ve asked Arturo Lucatero, one of the Program Managers on the Azure AD Connect Health R&D team, to write a quick blog post on this cool new feature. You’ll find his blog below.

Hopefully you will find this new capability useful! And as always, we would love to receive any feedback or suggestions you have.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

——————————–

Hello World,

I’m Arturo Lucatero, a Program Manager on the Azure AD Connect Health team. Today, I’m pleased to announce the next addition to Azure AD Connect Health, which is monitoring for Active Directory Domain Services (AD DS.) While Azure AD Connect Health has the ability to monitor ADFS and Azure AD Connect (Sync), we knew that Active Directory Domain Services is a critical component and we wanted to make sure we gave you the same, easy, low-cost and insightful monitoring experience. Starting with the quick and simple onboarding process, Azure AD Connect Health for AD DS is here to improve your monitoring experience!

Active Directory Domain Services was first introduced back in 1999 and is now the cornerstone for identity needs of most business organizations. Enabling a monitoring solution for Active Directory Domain Services is critical to a company’s reliable access to applications. Introducing the ability to monitor your AD DS infrastructure from the cloud, opens many possibilities that weren’t previously available with traditional box monitoring solutions. Let’s take a look!

The preview release of Azure AD Connect Health for AD DS has the following capabilities:

  • Monitoring alerts to detect when domain controllers are unhealthy, along with email notifications for critical alerts.
  • Domain Controllers dashboard which provides a quick view into the health and operational status of your domain controllers.
  • Replication Status dashboard with latest replication information, along with links to troubleshooting guides when errors are detected.
  • Quick anywhere access to performance data graphs of popular performance counters, necessary for troubleshooting and monitoring purposes.
  • RBAC controls to delegate and restrict access to the users managing AD DS.

Installation is extremely simple. All you have to do is install the agent (links available in our documentation as well as in the Connect Health portal) on your domain controllers. This process takes less than 5 minutes! We also provide a scriptable deployment option to automate this in larger environments.

Alerts

The Azure AD Connect Health for AD DS alerts, are intended to inform you when something is wrong in your environment. Whether a domain controller is unable to replicate successfully, not able to find a PDC, is not properly advertising or amongst many other issues, you can count on these alerts to inform you. Additionally, if you enable email notifications, you will receive these alerts straight to your inbox.

We are constantly striving to enhance our alerts, and your feedback is very important to us. You can share your thoughts about a particular alert, by clicking on the feedback command within the alert blade.

Domain Controllers Dashboard

This dashboard provides a unified lens into the health and operational status of your AD DS environment. We interviewed a number of domain admins and one of the challenges for them was the ability to have a quick glance view of their environment to detect hotspots. By presenting a topological view along with health status and key operational metrics of monitored DCs, this dashboard makes it quick and easy to identify any DCs that might require further investigation.

Knowing whether your DCs are advertising, are able to reach a Global Catalog or when was the last time they were rebooted, are a few of the metrics that you can add to your dashboard, by selecting them from the columns blade. By default, DCs are grouped by their corresponding domain; however, a single click will group them by their corresponding site. This is super helpful when trying to understand the topological composition of your environment. Lastly, if you have a large environment, you can use the find box to quickly filter out DCs.

Replication Status Dashboard

Replication is one of the most critical processes that ensures that your environment is running smoothly. This dashboard provides a view of the Replication topology along with the latest replication attempt status, for your monitored DCs. If one or more of your DCs encountered an error during the latest replication, you will find helpful details and documentation links to assist with the remediation process.

To help drive error visibility to the admins, we auto expand any domain controllers with replication errors to ensure that you can quickly focus on those that might require your attention.

Monitoring

The monitoring feature provides the ability to compare the performance of your monitored DCs against each other, as well as comparing different metrics of interest. Knowing these data points can be a critical item, when troubleshooting AD DS. Whether you are interested in knowing how your DCs are handling Kerberos Authentications per sec or knowing the Replication queue size, you can easily find these data points. This allows you to access to the performance data of your environment, completely from the cloud from anywhere in the world.

As part of our first round, we have included 13 of the most popular performance metrics, such as LDAP bind time, LDAP searches per sec, NTLM authentications per sec, amongst others. You can use the “Filter” command to add them to your blade giving you a single location where you can compare different metrics on the same view. Clicking on a chart will allow you to drill into a specific performance metric with additional controls on time and tabular view of the data that shows peaks and averages.

We are constantly adding new items to the list. If there is a particular performance metric you would find helpful to be included, please let us know!

Video

The video below provides an overview of how to get starting using Azure AD Connect Health for AD DS, as well as a walkthrough of the features we’ve discussed.

https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-AD-Connect-Health-monitors-on-premises-AD-Domain-Services

What’s coming next?

  • Additional alerts based on customer feedback and data from our support channel
  • Additional performance metrics that help with monitoring your AD DS environment

For additional information on how to get started monitoring your AD DS, see Azure AD Connect Health Documentation.

Your feedback is very important to us and I’d encourage you to post any comments, questions or concerns in our discussion forum or send us note at askaadconnecthealth@microsoft.com. Additionally, feel free to comment at the bottom of this post.

Thanks for your time,

-Arturo (@ArlucaID) & The Azure AD Connect Health Team