Network Administration / Active Directory

Monitoring Active Directory performance

Contrary to the hopes of hardware manufacturers, sometimes the cure to poor performance doesn't lie in throwing more hardware at a network and hoping things improve. Instead, you should monitor the performance of components of your network and tweak where necessary.

If yours is a relatively small network, Active Directory (AD) performance will likely not be a major concern unless your hardware is simply not up to the task. As the number of domain controllers grows and more users and other objects are added to the directory, performance begins to become a more important consideration. In this article, I'll introduce you to several topics that will help you get started monitoring and managing Active Directory, the network, and domain controllers.

Monitoring network performance

One factor that naturally has a significant effect on Active Directory performance is network performance. LDAP queries, replication, and other directory functions take place across the network, so network performance bandwidth and performance can have an effect on AD performance. The reverse is also true: AD can impose additional load on the network, affecting other network traffic for file and print sharing, streaming audio or video, and other functions.

Windows 2000 provides two primary tools for monitoring network performance. The first of these is Network Monitor, which runs under Windows 2000 Server and enables you to track network throughput. The version of Network Monitor included with Windows 2000 Server only tracks local traffic but can be quite useful for determining network performance at the server. If you need to test network performance to and from other systems, such as between domain controllers, you can upgrade to the version of Network Monitor included with Microsoft Systems Management Server 2.0 SP1 or later. Tracked remote systems must run the Network Monitor agent, which is supported for Windows NT and Windows 2000 but not for Windows 9x clients.

The second tool for monitoring network performance is the System Monitor included with Windows 2000. Choose Start | Programs | Administrative Tools | Performance to access the System Monitor. In addition to monitoring server performance as described previously (such as CPU utilization and disk performance), you should also establish a baseline and monitor network performance to help you evaluate Active Directory's impact on the network and vice versa. By default, the System Monitor includes a performance object named Network Interface that you can use to monitor network transmission. In particular, you should add and monitor the following counters:

  • Packets Outbound Discarded: This counter monitors the length of the outbound packet queue, by number of packets waiting in the queue. A queue with a few items indicates acceptable performance, but longer queues indicate the NIC is waiting for the network and is not keeping pace with the server, indicating a bottleneck.
  • Bytes Total/Sec: Use this counter to track the rate at which bytes are sent and received on the interface. A higher number indicates better performance. Track the performance of each network interface to identify high utilization per interface and determine whether you need to use switches to segment the network or increase bandwidth.

If you install the Network Monitor driver on the system, you should see a Network Segment counter object in System Monitor, as well. Include the following counters from the Network Segment object in your monitoring scheme:

  • Broadcast Frames Received/Sec: This counter lets you define a baseline over time against which to evaluate variations in network traffic.
  • % Network Utilization: This counter provides a good indication of the bandwidth utilization for the local segment and enables you to evaluate the impact of certain network events—such as replication—on network bandwidth. Consider 30 percent utilization a maximum for unswitched Ethernet. Adjust your acceptable benchmark based on your network topology.
  • Total Frames Received/Sec: You can use this counter to monitor network-wide traffic and determine when switches and routers are becoming saturated, indicating a need for additional segmenting.

Monitoring server and domain controller performance

In addition to monitoring network performance, you also need to monitor server and domain controller performance through System Monitor. First, consider monitoring CPU utilization. In the Performance Monitor, select the Processor object and, as a minimum monitor, the % Processor Time counter. On multiprocessor systems you can monitor the total processor utilization or monitor individual CPUs. If the CPU utilization is high, it's a good indication that it's time for an upgrade, either through replacing the server or adding CPUs. You also should monitor available disk space for the volumes containing the directory database files, log files, and SYSVOL folder, which by default are stored in the \NTDS and \SYSVOL folders. Use the LogicalDisk object and monitor the Free Megabytes counter to keep tabs on free space in the target volumes.

In addition to monitoring general server performance items, you also should monitor domain controller performance issues. System Monitor provides two objects that enable you to monitor a broad range of counters for Active Directory. The first of these—the NTDS object—includes the following counters that you'll find useful for monitoring Active Directory performance:

  • DRA Inbound Bytes Total/Sec: This counter shows total bytes received through replication per second. Lack of activity indicates that the network is slowing down replication.
  • DRA Inbound Object Updates Remaining in Packet: This counter shows the number of object updates received for replication that have not yet been applied to the local server. The value should be low, with a higher value indicating that the hardware is incapable of adequately servicing replication (warranting a server upgrade).
  • DRA Outbound Bytes Total/Sec: This counter shows the total bytes sent per second. Lack of activity indicates that the hardware or network is slowing down replication.
  • DRA Pending Replication Synchronizations: This counter indicates the replication backlog on the server. This value should be low, with a higher value indicating that the hardware is not adequately servicing replication.
  • DS Threads In Use: This counter shows the number of threads in use by Active Directory, with a lack of activity typically pointing to network problems that are preventing client requests from succeeding.
  • Kerberos Authentications/Sec: This counter shows the number of Kerberos authentications on the server per second. A lack of activity can indicate network problems that are preventing authentication requests from succeeding.
  • LDAP Bind Time: This counter shows the time required for completion of the last LDAP binding, with a higher value pointing to either hardware or network performance problems.
  • LDAP Client Sessions: This counter shows the number of connected LDAP client sessions, with a lack of activity pointing to network problems.
  • LDAP Searches/Sec: This counter shows the number of LDAP searches per second performed by clients in the directory. A lack of activity points to network problems.
  • LDAP Successful Binds/Sec: This counter shows the number of successful LDAP binds per second, with a lack of activity pointing to network problems.
  • NTLM Authentications: This counter shows the number of NTLM authentications per second handled by the domain controller (from Windows 98 and Windows NT clients). A lack of activity points to network problems.

The second object that is useful for monitoring Active Directory performance is the Database object. Some of the Microsoft documentation indicates that the Database counters do not install by default, although on the systems I tested, the Database object was installed. If you open the System Monitor and can't find the Database object, use these steps to add it:

  1. Create a new folder to contain the Database object's DLL. In this example, assume you create the folder C:\dataperf.
  2. Copy the file %systemroot%\System32\Esentprf.dll to the \dataperf folder.
  3. Create the following registry keys, if they do not already exist:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESENT
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESENT\Performance
  4. Create the following values under the Performance key:
    Open : REG_SZ : OpenPerformanceData
    Collect : REG_SZ : CollectPerformanceData
    Close : REG_SZ : ClosePerformanceData
    Library : REG_SZ : C:\Performance\esentprf.dll
  5. Open a command console in %systemroot%\System32 and execute the following command:
 Lodctr.exe Esentperf.ini

After you've loaded the Database object, restart the System Monitor to work with the Database counters. The counters you'll find most useful for monitoring Active Directory performance include:

  • Cache % Hit: This counter shows the percentage of database page requests handled by the cache, thereby not causing a file I/O. A lack of activity can indicate that the server has insufficient physical memory.
  • Cache Page Fault Stalls/Sec: This counter shows the number of page faults per second that go unserviced due to lack of available pages in the database cache. A value other than zero indicates insufficient physical memory in the server.
  • Cache Page Faults/Sec: This counter shows the number of page requests per second that cause the database cache to allocate new pages from the cache. This value should be low, with a higher value indicating insufficient physical memory in the server.
  • File Operations Pending: This counter shows the number of file operations for the database file(s) currently pending by the operating system. The value should be low, with a higher value indicating insufficient physical memory and/or inadequate CPU availability or performance.
  • File Operations/Sec: This counter shows the number of file operations per second generated by the database cache manager against the database files. The value should be low, with a higher value indicating inadequate physical memory in the server.
  • Log Record Stalls/Sec: This counter shows the number of log records per second that could not be added to the log buffers because the buffers were full. The value should be zero or close to zero, with a higher value indicating inadequate physical memory in the server.
  • Log Threads Waiting: This counter indicates the number of threads waiting on pending log writes. The value should be low, with a higher value indicating insufficient physical memory, poor disk performance, or poor disk structuring.
  • Table Open Cache Hits/Sec: This counter shows the number of directory database tables open per second from the cache. A high value indicates better caching, with a lower value typically indicating inadequate physical memory in the server.

Monitoring replication

Monitoring general server performance, network performance, and NTDS/Database performance will give you a good indication of domain controller and network health. You also should monitor replication to help identify potential problems, such as network congestion, that can affect directory replication. The Microsoft Windows 2000 Resource Kit includes a handful of tools to help you monitor replication:

  • Netdiag.exe: This tool performs a wide range of tests to check network connectivity and DNS consistency. The tool has been updated to include additional tests and also to add functionality to existing tests. Netdiag.exe is a console-based command, and you can view its syntax and options by executing Netdiag.exe /? at a console prompt. The help/syntax information is relatively lengthy, so you might want to redirect the output to a text file so you can view it in Notepad.
  • Repadmin.exe: This tool lets you view replication topology and force replication events between domain controllers. Use the /showreps switch to display the DC's replication partners, when the last replication was attempted, and whether or not it was successful. Use the /showconn switch to view connection objects on the DC to determine whether the DC is configured to replicate with the appropriate servers.
  • Dcdiag.exe: This tool performs several tests to check the status and health of a DC. These tests verify connectivity, replication, topology integrity, DC roles, and other aspects of the DC's function.
  • Replmon.exe: Unlike the previous three tools, Replmon is a Windows-based application. You can use Replmon to view the status and performance of directory replication, force synchronization between DCs, and view replication topology graphically. You can generate status reports that include a wide variety of configuration and performance data on the monitored server.

Contact Us | Authors | Subject Index | RSS Feeds

Copyright ©2007 Setup32.com