monitoring Domain Controllers
list Paul Root
Hi,
Recently, I inherited some Windows machines. Including a pair of Domain controllers.
I'm wondering what are somethings I'm going to want to monitor to make sure these things keep running?
I have the Powershell client installed no problem.
I see DNS and DHCP services, and am adding those. Then I see ADWS, the active director. Each machine has it as starting automatically, but only one is running. I assume that's correct, and that they watch each other so only one is running, right?
Is there a way to do a combo test to make sure it is running on only one?
Thanks,
Paul.
Paul Root
Lead Engineer
XXX Commerce Dr
Woodbury, Mn 55125
XXX-XXX-XXXX
user-76fdb6883669@xymon.invalid
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
list Timothy Williams
NTDS is the core AD service, ADWS is only web services to allow connectivity to AD using http/https. All 12 of our DC's have them running at the same time. Tim Williams On Thu, Jan 31, 2019 at 1:37 PM Root, Paul T <user-76fdb6883669@xymon.invalid>
▸
wrote:
Hi,
Recently, I inherited some Windows machines. Including a
pair of Domain controllers.
I’m wondering what are somethings I’m going to want to
monitor to make sure these things keep running?
I have the Powershell client installed no problem.
I see DNS and DHCP services, and am adding those. Then I
see ADWS, the active director. Each machine has it as starting
automatically, but only one is running. I assume that’s correct, and that
they watch each other so only one is running, right?
Is there a way to do a combo test to make sure it is
running on only one?
Thanks,
Paul.
Paul Root
Lead Engineer
XXX Commerce Dr
Woodbury, Mn 55125
XXX-XXX-XXXX
user-76fdb6883669@xymon.invalid
This communication is the property of CenturyLink and may contain
confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have
received this communication in error, please immediately notify the sender
by reply e-mail and destroy all copies of the communication and any
attachments.
list Paul Root
Thanks,
I’m obviously not a Windows guy.
Paul.
▸
From: Timothy Williams <user-1a5482fb085e@xymon.invalid>
Sent: Thursday, January 31, 2019 12:48 PM
To: Root, Paul T <user-76fdb6883669@xymon.invalid>
Cc: Xymon MailingList <xymon at xymon.com>
Subject: Re: [Xymon] monitoring Domain Controllers
NTDS is the core AD service, ADWS is only web services to allow connectivity to AD using http/https. All 12 of our DC's have them running at the same time.
Tim Williams
On Thu, Jan 31, 2019 at 1:37 PM Root, Paul T <user-76fdb6883669@xymon.invalid<mailto:user-76fdb6883669@xymon.invalid>> wrote:
Hi,
Recently, I inherited some Windows machines. Including a pair of Domain controllers.
I’m wondering what are somethings I’m going to want to monitor to make sure these things keep running?
I have the Powershell client installed no problem.
I see DNS and DHCP services, and am adding those. Then I see ADWS, the active director. Each machine has it as starting automatically, but only one is running. I assume that’s correct, and that they watch each other so only one is running, right?
Is there a way to do a combo test to make sure it is running on only one?
Thanks,
Paul.
Paul Root
Lead Engineer
XXX Commerce Dr
Woodbury, Mn 55125
XXX-XXX-XXXX
user-76fdb6883669@xymon.invalid<mailto:user-76fdb6883669@xymon.invalid>
▸
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
list Adam Thorn
▸
On 31/01/2019 18:29, Root, Paul T wrote:
Hi, Recently, I inherited some Windows machines. Including a pair of Domain controllers.
I’m wonderingwhat are somethings I’m going to want to monitor to make sure these things keep running?
▸
I have the Powershell client installed no problem.
I see DNS and DHCP services, and am adding those. Not quite answering your question, but: rather than testing those on the client, you could also consider a server-side test - e.g. a good way to check on a DNS server is to send a DNS query and check the response. You can do that just by adding the "dns" flag in hosts.cfg http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html#lbAP Or to test a DHCP server, send a DHCP request to it - here's a script that uses the dhcping (sic) tool to do that: https://wiki.xymonton.org/doku.php/monitors:dhcp A functioning DC ought to respond to ldap queries, so... http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html#lbAS Adam
list Paul Root
That's not a bad idea. Unfortunately, there is work to do there. I created the DNS domain originally, and then another group got on "my" network and did windows. Then another group got on and used the domain. The first group pulled out, after building up their own network, but the Windows Domain is still needed. The first group never integrated the Windows DNS with the real DNS domain in the corporation. Somehow, I have to do that.
▸
-----Original Message-----
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Adam Thorn
Sent: Thursday, January 31, 2019 1:59 PM
To: xymon at xymon.com
Subject: Re: [Xymon] monitoring Domain Controllers
On 31/01/2019 18:29, Root, Paul T wrote:Hi, Recently, I inherited some Windows machines. Including a pair of Domain controllers. I’m wonderingwhat are somethings I’m going to want to monitor to make sure these things keep running? I have the Powershell client installed no problem. I see DNS and DHCP services, and am adding those.
Not quite answering your question, but: rather than testing those on the client, you could also consider a server-side test - e.g. a good way to check on a DNS server is to send a DNS query and check the response. You can do that just by adding the "dns" flag in hosts.cfg http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html#lbAP Or to test a DHCP server, send a DHCP request to it - here's a script that uses the dhcping (sic) tool to do that: https://wiki.xymonton.org/doku.php/monitors:dhcp A functioning DC ought to respond to ldap queries, so... http://xymon.sourceforge.net/xymon/help/manpages/man5/hosts.cfg.5.html#lbAS Adam This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
list Zak Beck
Hi Apart from the other suggestions, which are all valid, as you're using the Powershell client you can specify "adreplicationcheck" in the client-local.cfg for these domain controllers and the client will check and report the replication status, and alert if any DCs stop replicating. Zak
▸
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Root, Paul T
Sent: Thursday, 31 January 2019 18:30
To: Xymon MailingList <xymon at xymon.com>
Subject: [External] [Xymon] monitoring Domain Controllers
Hi,
Recently, I inherited some Windows machines. Including a pair of Domain controllers.
I'm wondering what are somethings I'm going to want to monitor to make sure these things keep running?
I have the Powershell client installed no problem.
I see DNS and DHCP services, and am adding those. Then I see ADWS, the active director. Each machine has it as starting automatically, but only one is running. I assume that's correct, and that they watch each other so only one is running, right?
Is there a way to do a combo test to make sure it is running on only one?
Thanks,
Paul.
Paul Root
Lead Engineer
XXX Commerce Dr
Woodbury, Mn 55125
XXX-XXX-XXXX
user-76fdb6883669@xymon.invalid<mailto:user-76fdb6883669@xymon.invalid>
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Alessandro Tinivelli
I confirm the "adreplicationcheck" is very good and reports immediately any replication issue, not only the status of services. This can, sometimes, save a lot of time in diagnosing problems. Alessandro Da: Xymon [mailto:xymon-bounces at xymon.com] Per conto di Beck, Zak Inviato: venerdì 1 febbraio 2019 10:54 A: Root, Paul T <user-76fdb6883669@xymon.invalid>; Xymon MailingList <xymon at xymon.com> Oggetto: [EXCH Prio5]Re: [Xymon] monitoring Domain Controllers [bayes][heur]
▸
Hi
Apart from the other suggestions, which are all valid, as you're using the Powershell client you can specify "adreplicationcheck" in the client-local.cfg for these domain controllers and the client will check and report the replication status, and alert if any DCs stop replicating.
Zak