3.45 SearchStat

Use this Knowledge Script to monitor the number of Active Directory search operations per second. If the search rate exceeds the threshold you set, an event is raised.

If you use this script to collect data, use the Data collection mode parameter to choose what is included in the data stream and data detail message:

  • One data stream that records the total search rate. The data detail message describes the percentage of Active Directory searches that are being performed by various services, such as DRA, KCC, LDAP, LSA, NSPI, SAM, XDS, NTDSAPI.

  • One data stream that records the total search rate, but without the detail message breakdown.

  • Data streams that track the total number of searches per second and the number of searches per second for various services independently, such as data streams for the search rate of DRA, KCC, LDAP, LSA, NSPI, SAM, XDS, and NTDSAPI.

If you collect data, keep in mind that the more data streams and detail you collect, the greater the impact on your database management system and overall performance. For example, if you choose the third data collection option, consider adjusting your archive policies or increase the frequency at which you check the size of Data tables in the AppManager repository.

This script gathers the following Windows performance counter values for use in data collection and threshold monitoring:

Performance Objects

Counters

NTDS

DirectoryServices

For monitoring, only the following counter is used to determine whether the threshold has been crossed and an event should be raised:

  • DS Directory Searches/sec

If data collection is enabled and data collection mode 1 or 3 is specified, values for the following counters are included in the data detail message:

  • DS % Searches from DRA

  • DS % Searches from KCC

  • DS % Searches from LDAP

  • DS % Searches from LSA

  • DS % Searches from NSPI

  • DS % Searches from SAM

  • DS % Searches from XDS

  • DS % Searches from NTDSAPI (Windows Server 2003 and Windows Server 2008)

3.45.1 Resource Objects

Active Directory domain controller

3.45.2 Default Schedule

The default interval for this script is Every 30 minutes.

3.45.3 Setting Parameter Values

Set the following parameters as needed:

Parameter

How to Set It

General Settings

Raise event if job fails

Event severity when job fails

Set the severity level, from 1 to 40, to indicate the importance of an event in which the SearchStat job fails. The default is 35.

Monitor rate of search operations

Event Notification

Raise event if search rate exceeds threshold?

Select Yes to raise an event if the number of search operations per second exceeds the threshold you set. The default is Yes.

Threshold -- Maximum search rate

Specify the maximum number of Active Directory search operations allowed per second before an event is raised. The default is 1 search per second.

Event severity when search rate exceeds threshold

Set the event severity level, from 1 to 40, to indicate the importance of an event in which the number of search operations per second exceeds the threshold. The default is 20.

Data Collection

Collect data for search rate?

Select Yes to collect data for charts and reports. If you enable data collection, specify the data collection mode to use in the Data collection mode parameter. The default is unselected.

Data collection mode

Specify the type of data you want to collect. The following entries are valid:

  • 1 -- one data stream that records the total search rate (searches/second). The data detail message describes the percentage of Active Directory search operations that are performed by various services.

  • 2 -- one data stream that records the total search rate without any detail message.

  • 3 -- several data streams: total search rate for all Active Directory services, and one data stream for each separate service.

The default is 1 (one data stream and detail message).