Configuring Microsoft Active Directory monitoring

The Monitoring Agent for Microsoft Active Directory is automatically configured and started after installation.

Before you begin

To view data for all attributes in the dashboard, complete the following tasks:

You may choose to run the agent as non-administrator user, refer to Running Microsoft Active Directory agent as a non-administrator user

To view Expiring Certificates, Pending Certificates, and Revoked Certificates widgets, you must install and configure Microsoft PowerShell 3.0 or its later version and PowerShell PKI module.

Running the Microsoft Active Directory agent as an administrator user

You must have administrative rights to run the Microsoft Active Directory agent.

About this task

All data sets are available to the users who are members of the Administrators group. In this task, you create a user, assign administrator rights to the user, and change the user account for the agent to this user.

Steps to run the agent as an administrator user

  1. Click Start > All Programs > Administrative Tools > Active Directory Users and Computers.

  2. To expand the domain where you want to create the user, click the plus sign (+) next to the name of a domain.

  3. Right-click Users, and then click New > User.

  4. To create a new user, open the New Object - User wizard.

    By default, a new user is a member of the Domain Users group.

  5. Right-click the new user that is created in the Domain Users group, and click Properties. The Username Properties window is displayed. The username is the name of the new user.

  6. In the Username Properties window, complete the following steps:

    a. Click the Member of tab. In the Member of area, add the Administrators group.

    b. Click Apply, and then click OK.

  7. Click Start > Run, and then type services.msc.

  8. In the Services window, complete the following steps:

    a. Right-click the Monitoring Agent for Active Directory service, and click Properties.

    b. In the Monitoring Agent for Active Directory Properties window, on the Log On tab, click This Account. Enter the user credentials.

    c. Click Apply, and then click OK.

  9. Restart the agent service.

Configuring local environment variables

You must specify values for the environment variables to view the Sysvol replication data in the dashboard. Optionally, you can also update the cache interval value to enable or disable caching.

Steps to configure local environment variables

  1. In the IBM Performance Management window, from the Actions menu, click Advanced > Edit ENV File.

  2. In the K3ZENV file, change the values of the following environment variables:

    ADO_CACHE_INTERVAL: Determines whether to start or stop the caching and is used to set a value for the cache interval. Cache interval is the duration in seconds between two consecutive data collections. You can specify any positive integer value for the cache interval to start the caching. You can specify the zero value for the cache interval to stop the caching. By default, the caching is started, and the cache interval value is set to 1200.

    ADO_SYSVOL_FORCE_REPLICATION_FLAG: Determines whether the force replication that is initiated by the agent is enabled or disabled. The default value of this variable is TRUE. To disable force replication, change the value of this variable to FALSE.

    ADO_SYSVOL_REPLICATION_TEST_INTERVAL: Determines the time interval in minutes between two Sysvol replication tests. The default value of this variable is 0 minutes. To complete the Sysvol replication test, ensure that the value of this variable is greater than zero.

    ADO_SYSVOL_REPLICATION_TEST_VERIFICATION_INTERVAL: Determines the amount of time in minutes that the agent waits to verify the results of Sysvol replication after it completes the Sysvol replication test.

    The value of the ADO_SYSVOL_REPLICATION_TEST_INTERVAL variable must be greater than the value of the ADO_SYSVOL_REPLICATION_TEST_VERIFICATION_INTERVAL variable. You can use the following values for these variables:


    After you assign valid values to the two environment variables, the Microsoft Active Directory agent creates one file in the Sysvol shared folder of the managed system and initializes forced Sysvol replication. This forced replication is initialized from the managed system to the Sysvol shared folders of the Sysvol replication partners. After you verify the results of the replication test, the agent removes the files that are created and replicated from the managed system and Sysvol replication partners.

  3. Optional: In the K3ZENV file, add the APM_ATTRIBUTES_ENABLE_COLLECTION environmental variable and set its value to Yes to view data for the following data sets in the Attribute details tab.

    • Services
    • Replication
    • File Replication Service
    • Moved or Deleted Org Unit
    • LDAP
    • Security Accounts Manager
    • DFS
    • Address Book
    • Event Log
    • Password Setting Objects

    Remember: If you want to disable data collection for these data sets, set the value for the APM_ATTRIBUTES_ENABLE_COLLECTION environment variable to No.

  4. Restart the Microsoft Active Directory agent

What to do next

Log in to the IBM Cloud Pak consoleto view the data that is collected by the agent in the dashboards. For more information about using the console, see Starting the Cloud App Management UI.