Monitoring Active Directory (public preview)

After you enable the Microsoft Active Directory on the host, the Active Directory sensor is automatically installed. You can view metrics that are related to the Microsoft Active Directory sensor in the Instana UI after you configure Microsoft Active Directory sensor as outlined in the Configuring section.

See the following sections to learn how to monitor Active Directory:

Support information

Supported operating systems

The Microsoft Active Directory sensor supports the following operating systems:

  • Microsoft Windows Server 2022 Editions

Supported versions

The Instana agent supports the following Microsoft Active Directory version:

  • Active Directory Schema version 88

Configuring

The Active Directory sensor supports local monitoring of the Microsoft Active Directory

Local monitoring

Enable the Active Directory sensor to achieve local monitoring of Microsoft Active Directory. To enable the sensor, set the enabled parameter to true in the configuration.yaml file.

#Active Directory
com.instana.plugin.activedirectory:
  enabled: false # To enable the sensor, set its value to ‘true’.
  poll_rate: 30 #Default value is 10 seconds.

Viewing metrics

To view the metrics, complete the following steps:

  1. From the navigation menu in the Instana UI, select Infrastructure.
  2. Click a specific monitored host.

You can view the host dashboard with all the collected metrics and monitored processes.

The following metrics are available for Active Directory:

Metric Description Granularity
LDAPbusyretries Number of threads currently being used by the Lightweight Directory Access Protocol (LDAP) 30 seconds
LDAPAddOperations Number of add operations by the LDAP 30 seconds
LDAPAddOperationsPersec Number of Add operations per second by the LDAP 30 seconds
LDAPClientSessions Number of connected LDAP client sessions 30 seconds
LDAPClosedConnectionsPersec Number of LDAP connections closed in the last second 30 seconds
LDAPDeleteOperations Number of delete operations by LDAP 30 seconds
LDAPDeleteOperationsPersec Number of Delete operations in the last second by LDAP 30 seconds
LDAPModifyDNOperations Number of modify Distinguished Name (DN) operations by LDAP 30 seconds
LDAPModifyDNOperationsPersec Number of modify DN operations in the last second by LDAP 30 seconds
LDAPModifyOperations Number of modify operations by LDAP 30 seconds
LDAPModifyOperationsPersec Number of modify operations in the last second by LDAP 30 seconds
LDAPNewConnectionsPersec Number of new connections by LDAP in the last second 30 seconds
LDAPSearchesPersec Number of searches by LDAP in the last second 30 seconds
LDAPSuccessfulBindsPersec Number of successful binds by LDAP in the last second 30 seconds
LDAPThreadsSleepingonBUSY Number of LDAP busy threads that are sleeping 30 seconds
LDAPUDPoperationsPersec Number of UDP operations in the last second by LDAP 30 seconds
LDAPWritesPersec Number of writes operations in the last second by LDAP 30 seconds
LDAPbatchslotsavailable Number of LDAP batch slots available 30 seconds
LDAPActiveThreads Number of LDAP threads that are active 30 seconds
ABANRPersec The rate at which Address Book clients perform Ambiguous Name Resolution (ANR) operations 30 seconds
ABBrowsesPersec The rate at which Address Book clients perform Browse operations 30 seconds
ABClientSessions The number of connected Address Book client sessions 30 seconds
ABMatchesPersec The rate at which Address Book clients perform find operations 30 seconds
ABPropertyReadsPersec The rate at which Address Book clients perform property read operations 30 seconds
ABProxyLookupsPersec The rate at which proxy clients perform search operations 30 seconds
ABSearchesPersec The rate at which Address Book clients perform key search operations 30 seconds
DSClientBindsPersec Number of ntdsapi.dll binds per second serviced by this Domain Controller (DC) 30 seconds
DSClientNameTranslationsPersec Number of ntdsapi.dll name translations per second serviced by this DC 30 seconds
DSDirectoryReadsPersec Number of directory reads per second 30 seconds
DSDirectorySearchesPersec Number of directory searches per second 30 seconds
DSDirectoryWritesPersec Number of directory writes per second 30 seconds
DSMonitorListSize The number of requests to be notified when objects are updated that are currently registered with this Directory System Agent(DSA) 30 seconds
DSNameCachehitrate The percentage of directory object name component look ups that are satisfied out of the DSAs name cache 30 seconds
DSNotifyQueueSize The number of pending update notifications that have been queued, but not yet transmitted to clients 30 seconds
DSPercentReadsfromDRA Percentage of directory reads coming from Directory Replication Agent (DRA) 30 seconds
DSPercentReadsfromNTDSAPI Percentage of directory reads coming from NTDSAPI calls 30 seconds
DSPercentReadsfromSAM Percentage of directory reads coming from Security Account Manager (SAM) 30 seconds
DSPercentReadsOther Percentage of directory reads not coming from SAM/DRA/LDAP/LSA/XDS/KCC/NSPI 30 seconds
DSPercentSearchesfromDRA Percentage of directory searches coming from DRA 30 seconds
DSPercentSearchesfromLDAP Percentage of directory searches coming from LDAP 30 seconds
DSPercentSearchesfromNTDSAPI Percentage of directory searches coming from NTDSAPI 30 seconds
DSPercentSearchesfromSAM Percentage of directory searches coming from SAM 30 seconds
DSPercentSearchesOther Percentage of directory searches not coming from SAM/DRA/LDAP/LSA/XDS/KCC/NSPI 30 seconds
DSPercentWritesfromDRA Percentage of directory writes coming from DRA 30 seconds
DSPercentWritesfromLDAP Percentage of directory writes coming from LDAP 30 seconds
DSPercentWritesfromNTDSAPI Percentage of directory writes coming from NTDSAPI 30 seconds
DSPercentWritesfromSAM Percentage of directory writes coming from SAM 30 seconds
DSPercentWritesOther Percentage of directory writes not coming from SAM/DRA/LDAP/LSA/XDS/KCC/NSPI 30 seconds
DSSearchsuboperationsPersec Number of search sub-operations per second 30 seconds
DSSecurityDescriptorPropagationsEvents Number of Security Descriptor Propagation Events that are queued but not yet processed 30 seconds
DSSecurityDescriptorPropagatorAverageExclusionTime Average length of time the Security Descriptor Propagator spends waiting for exclusive access to data base elements during a Security Descriptor Propagation sub-operation 30 seconds
DSSecurityDescriptorPropagatorRuntimeQueue Number of objects remaining to examine while processing the current Directory Services (DS) Security Descriptor Propagator Event 30 seconds
DSSecurityDescriptorsuboperationsPersec Number of Security Descriptor Propagation sub-operations per second 30 seconds
DSPercentReadsfromKCC Percentage of directory reads from KCC 30 seconds
DSPercentWritesfromKCC Percentage of directory writes from KCC 30 seconds
DSPercentSearchesfromKCC Percentage of directory searches from KCC 30 seconds
DSPercentSearchesfromLSA Percentage of directory searches from LSA 30 seconds
DSPercentReadsfromLSA Percentage of directory reads from LSA 30 seconds
DSPercentWritesfromLSA Percentage of directory writes from LSA 30 seconds
DSPercentWritesfromNSPI Percentage of directory writes from NSPI 30 seconds
DSPercentSearchesfromNSPI Percentage of directory searches from NSPI 30 seconds
DSPercentReadsfromNSPI Percentage of directory reads from NSPI 30 seconds
SAMAccountGroupEvaluationLatency Security Accounts Manager(SAM) account group evaluation latency 30 seconds
SAMDisplayInformationQueriesPersec SAM display information queries 30 seconds
SAMDomainLocalGroupMembershipEvaluationsPersec SAM domain local group membership evaluation per second 30 seconds
SAMEnumerationsPersec SAM enumerations per second 30 seconds
SAMGCEvaluationsPersec SAM GC evaluations per second 30 seconds
SAMGlobalGroupMembershipEvaluationsPersec SAM global group membership evaluations per second 30 seconds
SAMMachineCreationAttemptsPersec SAM machine creation attempts per second
SAMMembershipChangesPersec SAM membership changes per second 30 seconds
SAMNonTransitiveMembershipEvaluationsPersec SAM non transitive membership evaluations per second 30 seconds
SAMPasswordChangesPersec SAM password changes per second 30 seconds
SAMResourceGroupEvaluationLatency SAM resources group evaluation latency 30 seconds
SAMSuccessfulComputerCreationsPersecIncludesallrequests SAM successful computer creations per second 30 seconds
SAMSuccessfulUserCreationsPersec SAM successful user creations per second 30 seconds
SAMTransitiveMembershipEvaluationsPersec SAM transitive membership evaluations per second 30 seconds
SAMUniversalGroupMembershipEvaluationsPersec SAM universal group membership evaluations per second 30 seconds
SAMUserCreationAttemptsPersec SAM user creation attempts per second 30 seconds