Information Technology Reference
In-Depth Information
could affect network operations adversely. The policy could limit Internet Explorer to 10% of
CPU resources, for instance. You can also use custom policies to exclude users, groups, and
processes from WSRM management. In addition, you can use scheduling to enable policies on
specific days and times when certain usage patterns have been identified.
As mentioned, a large part of keeping Active Directory running in peak performance is ensuring that
the AD DS server is running in peak condition. However, you should also monitor some specific
Active Directory performance indicators, such as the following, to ensure a healthy directory service:
•
AD DS
—Performance Monitor has an Active Directory Diagnostics data collector set,
which includes trace event logs, performance counters, and configuration logs specific to
the Active Directory service.
•
DNS
—DNS performance affects Active Directory performance because the services rely
on one another for operation. More than 60 counters related to DNS are available in
Performance Monitor, including counters that monitor queries, responses, updates,
WINS, and zone transfers.
•
Replication
—Active Directory replication and DFS replication must be in good working
order. Replication-specific counters for both are available in Performance Monitor. In
addition, Repadmin (introduced in Chapter 10), Replmon, and Dcdiag are command-line
tools for monitoring DNS and Active Directory replication, discussed in the next section.
•
Active Directory storage
—The volumes on which the Active Directory database is stored
must have enough free space at all times. A volume that becomes critically low on free
space has a severe adverse affect on general server performance and Active Directory oper-
ation and performance.
Correct and timely replication of Active Directory objects is critical to the operation of a Windows
Server 2008 domain. As discussed, you can monitor replication statistics with Performance
Monitor. Three additional tools can be used to monitor aspects of Active Directory replication:
•
Repadmin
—Reports replication status on each domain controller, allowing you to spot poten-
tial problems before they affect operations adversely. You can display replication partners for a
domain controller with the repadmin /showrepl command. This command informs you if a
partner isn't available or communication problems are occurring. You can also display detailed
information about connection objects with the repadmin /showconn command and view
object replication information with the repadmin /showobjmeta command. For a less detailed
summary of replication status, use the repadmin /replsummary command. Repadmin can also
be used to manage certain aspects of replication. For example, the repadmin /replicate com-
mand is used to force replication of a partition between two partners, and the epadmin /KCC
command recalculates the replication topology. For complete syntax help, type repadmin /?.
•
Replmon
—This GUI tool enables you to view the replication topology graphically and
monitor replication performance and status. It's included in the Windows Server 2003 sup-
port tools, which you can download from the Microsoft Web site. (Windows Server 2008
support tools haven't been released, at the time of this writing.)
•
Dcdiag
—Analyzes the status and overall health of Active Directory and performs replica-
tion security checks. Dcdiag also checks for correct DNS configuration and operation.
Examples of some tests you can run include the following:
• Dcdiag /test:DNS: Tests overall DNS operation.
• Dcdiag /test:Advertising: Ensures that all domain controller roles are advertised so that
client computers are aware of available services.
• Dcdiag /test:Intersite: Tests for failures in intersite replication.
• Dcdiag /test:Replications: Tests for timely and error-free replication.
• Dcdiag /test:CheckSecurityError: Verifies replication health, specifically its security.
13
Search WWH ::
Custom Search