Active Directory Monitoring using eG Enterprise

Slow Active Directory performance can cripple your organization. Track the availability, performance and activity of your Active Directory servers. Track logon times, logon failures, inactive users and more.

Start Your Trial

Trusted by leading companies

Complete Active Directory Health Check and Performance Assurance

Active Directory is a critical component of any modern data center. Providing network access rights management, the Active Directory Domain Service authenticates and authorizes users and computers across the network, and it also enforces security policies. A performance glitch, service failure or downtime of an Active Directory Domain Controller (DC) will result in user logon failures, account lockouts, and even Group Policy implementation lapses.

eG Enterprise is an end-to-end Active Directory monitoring and management tool that alerts system administrators of performance, availability and replication issues, service failures, Kerberos issues, DNS errors, etc., so that they can triage issues in real time. eG Enterprise helps IT teams keep Active Directory running at peak performance, avoid user productivity disruptions, reduce helpdesk complaints, and ensure compliance with security policies.

eG Innovations delivers a robust, reliable and extremely valuable solution to deliver maximum uptime and user satisfaction. Pre-emptive alerting helps us to address performance issues immediately before they affect system and application availability.

Mike Montano Senior Manager, Allscripts

Getting to the Root Cause of Active Directory Problems

Find and Fix Replication and Time Sync Issues Proactively

See Demo Start Trial

Replication is a key function of Active Directory where changes to objects, security policy or Group Policy are replicated from one DC to others in a domain or in an AD forest. When there's replication failure, there can be inconsistencies with roaming profiles, mapped drives, password resets, and Group Policy updates.

eG Enterprise provides deep visibility into the Domain Controller and monitors replication status and time sync issues. You will be the first to know when replication fails and before there's any business impact.

Active Directory Replication - AD Replication

Key AD Replication Metrics Monitored
Replication failures Sync request failures Pending replication synchronizations Replication queue size Lingering messages Staging space used/free USN records accepted	DFS errors, warnings DFS replication backlog Joins, unjoins, bindings Change orders sent/received DRA inbound/outbound objects Replication errors, warnings, information, and verbose count Inter-site and Intra-site replication in/out rates

Detect Slow Logons, Account Lockouts and Authentication Issues

Monitor the NetLogon service to find out if there are more than acceptable semaphore waiters and timeouts, which could cause authentication delays
Track AD events to identify logon failures
Monitor Group Policy changes, which might be a cause of slow logon execution
Report on the number of account lockouts and users that got locked out, and identify where the login attempts originated from

Get to know which computers and users have never been logged on, inactive and disabled in AD
Get alerted to unusually repetitive logon failures, which might indicate a security breach

Triage Active Directory Server Problems with Ease

Continuously track AD availability and response time, and get alerted to failure of AD services and processes
Track LDAP bind time, packet loss, and network delay on the FSMO Domain Controller
Monitor the asynchronous thread queue (ATQ) delay and latency
Monitor the Active Directory Application Mode (ADAM) database cache and waiting threads
Report on database file and log file storage to know how much disk space is utilized

Detect if any computer/user creations in Security Accounts Manager (SAM) fail, or if it takes too long to enumerate, evaluate, and authenticate users/user groups
Identify the number of errors in the trust relationship between the configured domain and other domains
Check if any global catalogs are unavailable on the Domain Controller

Remediate AD Issues Remotely with Built-in Troubleshooting Tools

eG Enterprise includes built-in script-based Remote Control Actions that can be used to remotely troubleshoot Active Directory issues. Some of the built-in action include:

Enabling/disabling AD account
Unlocking AD account
Purge DNS resolver cache
Query FSMO roles
Reset AD user passwords

Refresh computer Group Policy
Show group membership for a user
Show AD trusts
Show privileged accounts

Proactively Catch DNS Issues Affecting AD Performance

Synthetically check if Domain Controllers are registered in DNS, whether they can be pinged, and if they have LADP or RPC
Check whether DNS client, Netlogon, KDC, and DNS Server services are running
Test if forwarders and root links are functioning on the Domain Controller
Ensure there are not broken delegations on the DNS server
Monitor if an AD domain is configured for secure dynamic update and performs registration of a test record
Proactively check the functioning of record registration and external name resolution

Answer Key Active Directory Performance Questions

Is the AD server available? How quickly is it responding to requests?
Are there adequate work items to service blocking requests, or are too many requests getting rejected?
Have too many login attempts failed?
Is schema cache effectively utilized, or is disk read/write activity high?

Is the server currently overloaded? Are sufficient Domain Controllers available in the environment to handle the load?
Are changes to the AD server getting replicated across and within sites?
How many directory synchronizations are in queue? Is the number high enough to force a replication?

Try eG Enterprise for
free today

Works on cloud environments, hybrid-cloud setups and on-premises deployments
Deploy eG Enterprise using our SaaS platform or on-premises
Suitable for monitoring applications, digital workspaces and IT infrastructures