Use this Knowledge Script to monitor the number of Active Directory search operations per second. If the search rate exceeds the threshold you set, an event is raised.
If you use this script to collect data, use the Data collection mode parameter to choose what is included in the data stream and data detail message:
One data stream that records the total search rate. The data detail message describes the percentage of Active Directory searches that are being performed by various services, such as DRA, KCC, LDAP, LSA, NSPI, SAM, XDS, NTDSAPI.
One data stream that records the total search rate, but without the detail message breakdown.
Data streams that track the total number of searches per second and the number of searches per second for various services independently, such as data streams for the search rate of DRA, KCC, LDAP, LSA, NSPI, SAM, XDS, and NTDSAPI.
If you collect data, keep in mind that the more data streams and detail you collect, the greater the impact on your database management system and overall performance. For example, if you choose the third data collection option, consider adjusting your archive policies or increase the frequency at which you check the size of Data tables in the AppManager repository.
This script gathers the following Windows performance counter values for use in data collection and threshold monitoring:
Performance Objects |
Counters |
---|---|
NTDS DirectoryServices |
For monitoring, only the following counter is used to determine whether the threshold has been crossed and an event should be raised:
If data collection is enabled and data collection mode 1 or 3 is specified, values for the following counters are included in the data detail message:
|
Active Directory domain controller
The default interval for this script is Every 30 minutes.
Set the following parameters as needed:
Parameter |
How to Set It |
---|---|
General Settings |
|
Raise event if job fails |
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the SearchStat job fails. The default is 35. |
Monitor rate of search operations |
|
Event Notification |
|
Raise event if search rate exceeds threshold? |
Select Yes to raise an event if the number of search operations per second exceeds the threshold you set. The default is Yes. |
Threshold -- Maximum search rate |
Specify the maximum number of Active Directory search operations allowed per second before an event is raised. The default is 1 search per second. |
Event severity when search rate exceeds threshold |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the number of search operations per second exceeds the threshold. The default is 20. |
Data Collection |
|
Collect data for search rate? |
Select Yes to collect data for charts and reports. If you enable data collection, specify the data collection mode to use in the Data collection mode parameter. The default is unselected. |
Data collection mode |
Specify the type of data you want to collect. The following entries are valid:
The default is 1 (one data stream and detail message). |