2.6 Discovering Active Directory Resources
Use the Discovery_ActiveDS Knowledge Script to discover Active Directory servers and resources for Windows Server operating systems. For more information about specific operating systems, see Section 2.1, System Requirements. You can display the server name and the roles for the server, such as FSMO and Global Catalog.
Because the number of network computer objects stored in the Active Directory tree can be large, you can limit the number of Domain Naming Context and Configuration Container objects that are discovered:
-
Specify the container level depth for discovery. Only container levels that are within the specified level of the domain tree are discovered.
-
Specify the number of child objects to discover within a container level.
-
Specify the particular classes of objects you want to include or exclude for discovery. The option of selecting the objects to include or exclude, however, depends on which version of AppManager for Microsoft Active Directory you are using.
-
Specify whether to limit discovery to domains that have a direct trust relationship to the domain where discovery is performed, to domains that are in the same forest, or to Active Directory domains.
Depending on the version of the AppManager for Microsoft Active Directory agent on the Active Directory server, you can specify the objects you want to discover by excluding or including them.
|
If the agent version is: |
You can: |
|---|---|
|
AppManager agent v5.0 (or earlier) |
Limit the objects that are discovered by excluding particular classes from discovery. If you exclude a particular class, all objects are excluded. You cannot exclude specific instances of objects from within a class. |
|
AppManager agent v5.0.1 (or later) |
Limit the objects that are discovered by including particular classes in discovery. If you include a particular class, all objects are included. You cannot include specific instances of objects from within a class. |
By default, this script is only run once for each computer.
Set the Values tab parameters as needed:
|
Description |
How to Set It |
|---|---|
|
General Settings |
|
|
Raise event if job fails |
|
|
Event severity when job fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which the Discovery_ActiveDS job fails. The default is 35. |
|
Discover Active Directory server resources |
|
|
Discover objects Use these parameters to determine which classes of objects are included in discovery and to set depth limits on the number of tree levels to discover. For more information, see Section 2.6.1, Example of How this Knowledge Script is Used. |
|
|
Classes to include |
Specify the class names you want to discover. Use commas with no spaces to separate more than one class. Enter class names as they appear in the Active Directory schema definition. If you include a particular class, all objects are included. You cannot include specific instances of objects within a class. AppManager does not force discovery of the following classes:
To discover these classes, you must specifically enter their names in this parameter. Include the organizational Unit class to enable the monitoring of organizational units with the following Knowledge Scripts:
Include the server class to discover and use the ReplicationCheckByUSN Knowledge Script. The default is none (no classes specified). |
|
Classes to exclude |
Specify the names of classes you do not want to discover. This parameter is applicable only when running this script on an Active Directory server with version 5.0 (or earlier) of the AppManager for Microsoft Active Directory agent. This parameter is not applicable when running this script on an Active Directory server with Version 5.0.1 (or later) of the AppManager for Microsoft Active Directory agent. Discovery information about Active Directory is required to run some Active Directory Knowledge Scripts. Do not exclude the following classes:
Use commas with no spaces to separate the names of multiple classes. Specify class names as they appear in the Active Directory schema definition. The default is user,group. NOTE:If you exclude a particular class, all objects are excluded. You cannot exclude specific instances of objects from within a class. |
|
Number of children per object |
Specify the maximum number of child objects per container level to discover. Keep in mind that a child object can be another container. For more information, see Section 2.6.1, Example of How this Knowledge Script is Used. Enter 0 to return all child objects for a container. The default is 5 child objects per container. |
|
Number of levels deep to go in tree |
Specify the maximum number of container levels deep in the domain object portion of the Active Directory tree to discover. To discover the child objects in a container, specify the level of the child object. For more information, see Section 2.6.1, Example of How this Knowledge Script is Used. Enter 0 to return the complete tree structure. The default is 5 levels. |
|
Discover domains and trusts? |
Select Yes to include the Domains and Trusts resource object in the Operator Console TreeView pane. If you enable this parameter, you can use the subsequent parameters to include or exclude types of domains from the Domains and Trusts resource object. The default is Yes. |
|
Include only adjacent domains? |
Select Yes to limit discovery to domains that have a direct trust relationship to the servers where discovery is performed. By default, discovery is not limited to domains that have a direct trust relationship, and discovery walks transitive trusts within the forest. |
|
Include only domains in forest? |
Select Yes to limit discovery to domains in the same forest as the servers where discovery is performed. The default is unselected. |
|
Include only Windows 2000 or later trusting domains? |
Select Yes to limit discovery to Active Directory domains that trust the domain of the server where discovery is performed (incoming trusts). Disable this parameter to include domains regardless of trust direction, including Windows NT domains and non-Windows domains. The default is Yes. |
|
Event Notification |
|
|
Raise event if discovery succeeds? |
Select Yes to raise an event if discovery succeeds. The default is unselected. |
|
Event severity when discovery succeeds |
Set the severity level, from 1 to 40, to indicate the importance of an event in which discovery succeeds. The default is 25. |
|
Raise event if discovery fails? |
Select Yes to raise an event if discovery fails. The default is Yes. |
|
Event severity when discovery fails |
Set the severity level, from 1 to 40, to indicate the importance of an event in which discovery fails. The default is 5. |
|
Raise event if discovery partially succeeds? |
Select Yes to raise an event if discovery returns some data but also generates warning messages. The default is Yes. |
|
Event severity when discovery partially succeeds |
Set the severity level, from 1 to 40, to indicate the importance of an event in which discovery returns some data but also generates warning messages. The default is 10. |
|
Raise event if discovery is not applicable? |
Select Yes to raise an event when discovery is not applicable. This type of failure usually occurs when the target computer does not have Active Directory installed or does not have the AppManager for Microsoft Active Directory managed object for Active Directory. The default is Yes. |
|
Event severity when discovery is not applicable |
Set the severity level, from 1 to 40, to indicate the importance of an event in which discovery is not applicable. The default is 15. |
2.6.1 Example of How this Knowledge Script is Used
When you discover Active Directory, the discovered Domain Naming Context and Configuration Container branches can potentially contain millions of objects. This script allows you to control the depth (in container levels) and width (in the number of child objects per container level) of the discovered branches. In addition, you can exclude all objects that belong to a specified class from discovery. By default, this script discovers a minimal number of classes and objects.
To illustrate how the these discovery parameters work, consider the following example. Assume the complete Domain NC tree has the following structure:
The container-level and children-per-object values are applicable to the containers and objects under ralvmdomgov.local. If the number of container levels is 0 (to discover all container levels) and the number of child objects per container level is 2, the discovery result might be similar to the following structure
To further control the number of objects returned, you can exclude particular classes. When you exclude a class, no instances of those objects are displayed. For example, if the “group” class is excluded from the discovery, the results of discovery might look something like this.
The specific objects discovered when you use the Number of children per object and Number of levels of the entire tree parameters depends on how the Active Directory Services Interfaces (ADSI) enumerates the child objects.