This Knowledge Script has been supplanted by a Knowledge Script that is better designed to monitor Active Directory replication: Section 3.41, ReplicationLatency.
Use this Knowledge Script to dynamically observe all replication partners using connection objects. If differences in the object attributes are detected, an event is raised. This Knowledge Script also provides options to monitor replication for the Domain Naming Context and the global catalog server.
The ReplicationByObject Knowledge Script requires that the container where the objects will be created already exist.
Use a tool such as ADSI Edit from the Windows Support Tools or an ADSI script to create the required container object. The following examples show how to create the default “netiq” container in the Configuration and Domain Partitions using the ADSI Edit tool.
This example applies when Monitor replication for is set to Configuration Partition.
To create the default “netiq” container:
Log on as a user with permission to create a container object in the configuration partition.
Example: To create the default “netiq” container in the top-level “configuration” object of the configuration partition, you must have the Create Container Objects permission (or Create All Child Objects permission). By default, an Enterprise Administrator has these required permissions.
Start ADSI Edit.
Select the configuration object under Configuration Container.
Example: CN=Configuration,DC=mydomain,DC=com
Click Action > New > Object....
In the Create Object wizard, select container as the class name, and then click Next.
Type netiq as the value for the cn attribute, and then click Next.
Click Finish to create the container object.
NOTE:The accounts under which the netiqmc service runs must have Read and Create Container Objects (or Create All Child Objects) permissions for the container. This permission is particularly important if, for example, an Enterprise Administrator creates the container in the Configuration Partition and the netiqmc service runs as a Domain Administrator account.
This example applies when Monitor replication for is set to Domain Partition.
To create the default “netiq” container:
Log on as a user with permission to create a container object in the domain partition.
Example: To create the default “netiq” container in the top-level domainDNS object of the domain partition, you must have the Create Container Objects permission (or Create All Child Objects permission). By default, a Domain Administrator has these required permissions.
Start ADSI Edit.
Select the domainDNS object under Domain NC.
Example: DC=mydomain,DC=com
Click Action > New > Object....
In the Create Object wizard, select container as the class name, and then click Next.
Type netiq as the value for the cn attribute, and then click Next.
Click Finish to create the container object.
This script creates a container object under the container path you specify for the Specify the container path to create the object parameter. For more information, see “Prerequisite for using this script,” above.
If you leave this parameter blank, it uses the default container path of “netiq” to create the object. The script uses suffix, user, and password parameter values to create the object and increments the description property on each iteration. If you do not provide the credentials, the script uses the default AppManager agent credentials.
You can also specify whether you want intersite or intrasite monitoring. If you select intrasite replication, the script monitors replication between the target agent and the replication partners within the same site as the agent. If you select intersite replication, then the script monitors the replication between the target agent and all the replication partners. If both options are selected, then the script monitors replication between the agent and all replication partners. You can optionally specify that the script also monitor global catalog replication.
By default, this script runs every 30 minutes, which should be a sufficient interval in most organizations. However, because multimaster replication among peer domain controllers is such an important part of Active Directory, we recommend that you set the job interval to run this script at least every five to ten minutes in more active organizations where you are making more frequent changes to Active Directory objects. If the job interval is too short, for example to run every few seconds, you may raise false events.
Active Directory domain controller
The default interval for this script is Every 30 minutes.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Raise event if replication failure detected? |
Set to Yes to raise an event if replication failure has occurred. The default is Yes. |
|
Collect data for replication status? |
Set to Yes to collect data for charts and reports. If enabled, data collection returns:
The default is unchecked. |
|
Suffix of object name |
Enter the suffix of the Active Directory object to check for. By default, the object name is netiq‑<servername>. You can use this parameter to refine your replication monitoring to accurately reflect whether replication is successful when the replication schedules are different between domain controllers. For example, if the replication schedule for a domain controller is set for every 15 minutes and the replication schedule for another domain controller is set for 30 minutes, you can specify a suffix of 15min to test replication for the first server and a suffix of 30min to test replication for the second server. In this case, if you used the default object name without specifying a suffix, you might see false alarms for replication on the second server because the netiq-<servername> object is not replicated until the 30-minute replication interval passes. |
|
Threshold -- Maximum number of differences between objects |
specify the maximum number of differences between replicated objects that can occur before an event is raised. The default is 3 differences. |
|
Event severity when replication failure detected |
Set the severity level, from 1 to 40, to indicate the importance of an event in which replication failure has occurred. The default is 5 (red event indicator). |
|
Event severity when Knowledge Script error occurs |
Set the severity level, from 1 to 40, to indicate the importance of an event in which an error in the Knowledge Script job occurs. The default is 35 (magenta event indicator). |
|
Active Directory patch for AppManager 5.0.1 or later |
Use the following parameters for AppManager versions 5.0.1 and later to which the Active Directory patch has been applied. |
|
Monitor replication for: |
Select the type of partition for which you want to monitor replication: Configuration Partition or Domain Partition. The default is Configuration Partition. |
|
Site option |
Select the type of replication monitoring you want the script to perform: Intrasite, Intersite, or Both. The default is Both. |
|
Container path to create the object |
Specify the container path (distinguished name) where the script creates the object for testing replication. For example: ‘cn=netiq,cn=configuration,DC=mydomain, DC=com’, where mydomain=your domain name. If you do not specify the path, the script uses the default container path ‘netiq’ to create the object. NOTE:See “Prerequisite for using this script” above for details on creating the default ‘netiq’ container object. |
|
Username to create an object |
Enter the user name for the account used to create the object. |
|
User password |
Enter the password for the account used to create the object. NOTE:Maximum password length allowed is 32 characters. |
|
Monitor replication for global catalog? |
Set to Yes to monitor the global catalog. The default is unchecked. |