Use this Knowledge Script to monitor the health of an Active Directory domain controller.
By default, this script checks to see if essential Active Directory services are installed and/or running. You can also monitor the optional DNS server service, and you can disable monitoring of any essential service.
This script using the WMI (Windows Management Instrumentation) replication provider service to check for error conditions related to replication, and uses the WMI Trustmon provider service to verify trust relationships between domains. The WMI Trustmon provider service was introduced in Windows Server 2003 and is not available in earlier versions of Windows. This script raises an event if the WMI Trustmon provider service is not installed. The event provides information on how to install the WMI provider.
You can configure events of varying severity levels to identify critical conditions, error conditions, warning conditions, and informational conditions. You can also set thresholds for the maximum time that can elapse between successful replications and the maximum consecutive number of synchronization failures.
Active Directory domain controller
The default interval for this script is Every 10 minutes.
Set the following parameters as needed:
Parameter |
How to Set It |
---|---|
General Settings |
|
Raise event if job fails |
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the ServerHealth job fails. The default is 35. |
Monitor essential services? |
|
Services |
|
DNS Client |
Select Yes to monitor the health of the DNS Client service. The default is Yes. |
DNS Server |
Select Yes to monitor the health of the DNS Server service. The default is Yes. |
Event Log |
Select Yes to monitor the health of the Event Log service. The default is Yes. |
File Replication Service |
Select Yes to monitor the health of the File Replication Service (FRS) service. The default is Yes. |
Intersite Messaging |
Select Yes to monitor the health of the Intersite Messaging service. The default is Yes. |
Kerberos Key Distribution Center |
Select Yes to monitor the health of the Kerberos Key Distribution Center (KDC) service. The default is Yes. |
Net Logon |
Select Yes to monitor the health of the Net Logon service. The default is Yes. |
Server |
Select Yes to monitor the health of the Server service. The default is Yes. |
Windows Management Instrumentation (for monitoring) |
Select Yes to monitor the health of the Windows Management Instrumentation (WMI) service. The default is Yes. |
Windows Time |
Select Yes to monitor the health of the Windows Time service. The default is Yes. |
Workstation |
Select Yes to monitor the health of the Workstation service. The default is Yes. |
Event Notification |
|
Raise event if service is installed but not running? |
Select Yes to enable events if the monitored service is installed but has not been started. The default is Yes. |
Event severity when service not running |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the monitored service is installed but has not been started. The default is 10. |
Monitor Active Directory replication? |
|
Event Notification |
|
Raise event if WMI replication provider not installed? |
Select Yes to raise an event if the WMI Active Directory replication provider service is not found. The default is Yes. |
Event severity when WMI replication provider not installed |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the WMI Active Directory replication provider service is not found. The default is 30. |
Raise event if replication is not healthy? |
Select Yes to raise an event if replication error conditions are detected. The default is Yes. |
Error threshold -- Maximum time since last successful replication |
Specify the maximum number of days that can elapse since the last successful replication occurred. If the threshold is exceeded, an event is raised. The default is 3 days. |
Warning threshold -- Maximum consecutive sync failures |
Specify the maximum number of synchronization failures that can occur before an event is raised. The default is 3 failures. |
Event severity for critical error event |
Set the severity level, from 1 to 40, to indicate the importance of an event in which a condition is detected that constitutes a critical error. The default is 5. An event is always raised if a critical error is detected. |
Event severity for Error event |
Set the severity level, from 1 to 40, to indicate the importance of an event in which a medium-severity event condition is detected. The default is 10. |
Event severity for Warning event |
Set the severity level, from 1 to 40, to indicate the importance of an event in which a high-severity event condition is detected. The default is 20. |
Raise event if replication is healthy? |
Select Yes to raise an event if no replication error conditions are detected. The default is unselected. |
Event severity for Information event |
Set the severity level, from 1 to 40, to indicate the importance of an event in which a low-severity event condition is detected. The default is 30. |
Monitor trusts? |
|
Trust verification level |
Select the verification level to use for trust verification: SC_QUERY, Password, or SC_RESET. The default is Password. In order for the parameter setting to take effect, restart the WMI service after you run the job for the first time. Important Restarting the WMI service can cause Knowledge Script jobs to fail and raise events. Stop any running Knowledge Script jobs before restarting the WMI service. |
Event Notification |
|
Raise event if WMI Trustmon provider is not installed? |
Select Yes to raise an event if the WMI Trustmon provider service cannot be found. The default is Yes. |
Event severity when WMI Trustmon provider not installed |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the WMI Trustmon provider service cannot be found. The default is 30. |
Raise event if Windows trust in error? |
Select Yes to raise an event if an error is found in the Windows trust. The default is Yes. |
Event severity when Windows trust in error |
Set the severity level, from 1 to 40, to indicate the importance of an event in which an error is found in the Windows trust. The default is 10. |
Raise event if trusts are found that cannot be monitored? |
Select Yes to raise an event if trusts are found that cannot be monitored. NOTE:The WMI Trustmon provider (installed by default on Windows Server 2003) can only monitor Windows trusts that are inbound-only. Non-Windows trusts cannot be monitored with this script. The default is unselected. |
Event severity when trusts not monitored |
Set the severity level, from 1 to 40, to indicate the importance of an event in which trusts are found that cannot be monitored. The default is 25. |