A Windows Server 2012 domain controller (DC)
houses Active Directory Domain Services (AD DS) and may have additional
roles such as being responsible for one or more Operations Master (OM)
roles (schema master, domain naming master, relative ID master, PDC
emulator, or infrastructure master) or a Global Catalog (GC) server.
Also, depending on the size and design of the system, a DC might serve
many other functional roles, such as domain name system (DNS) or
Dynamic Host Configuration Protocol (DHCP). In this section, AD,
replication, and DNS monitoring are explored.
Monitoring Active Directory and Active Directory Replication
AD DS is the heart of Windows Server 2012
domains and has been the directory of choice for years. AD has
continuously been improved with each release, including performance
enhancements. AD DS is used for many different facets, including
authentication, authorization, encryption, and group policies. Because
AD plays a vital role in a Windows Server 2012 network environment and
organizations rely on it heavily for communication and user management,
it must perform its responsibilities as efficiently as possible.
The Directory Services Performance Monitor
object provides various AD performance indicators and statistics that
are useful for determining AD’s workload capacity. You can use many of
these counters to determine current workloads and how these workloads
can affect other system resources. This object has quite a few
counters, so it’s recommended to identify your specific monitoring
needs in advance. The naming convention of many counters is used to
group them by component, such as Lightweight Directory Access Protocol
(LDAP), DRA (directory replication agent), DS, and Security Accounts
Manager (SAM). With this combination of counters, you can review the
status of every component of AD DS and determine whether the system is
overloaded and whether AD performance is impacted.
Measuring AD DS replication performance is a
complex process because of the many variables associated with
replication, including the following:
• Intrasite versus intersite replication
• The compression being used (if any)
• Available bandwidth
• Inbound versus outbound replication traffic
Fortunately, there are
performance counters for every possible AD replication scenario. These
counters are located within the Directory Services object and are
prefixed by the primary process that is responsible for AD DS
replication: the DRA. Therefore, to monitor AD replication, you need to
choose those counters beginning with DRA.
Like most other server products, AD
DS uses a database, and its performance should also be monitored to
provide an accurate reflection of AD DS performance. Understanding a
domain controller’s overall system resource usage and the performance
of AD DS will help you align future upgrades and changes with capacity
and performance needs. As companies continue to grow, it is essential
that the systems be able to grow with them, especially with regard to
something critical like AD DS. Many counters are available, and Table 1
describes some of the relevant counters necessary to monitor AD DS and
the database. This is only a sample list, and additional counters might
need to be added, depending on the desired outcome of the monitoring
and specific AD DS functionality.
Table 1. Performance Counters Relative to AD DS Performance and Replication
Monitoring DNS
The domain name system (DNS) has been the
primary name-resolution mechanism in almost all networks, and this
continues with Windows Server 2012. Numerous counters are available for monitoring various aspects of DNS
in Windows Server 2012. The most important categories in terms of
capacity analysis are name-resolution response times and workloads and
replication performance.
The counters listed in Table 2
are used to compute name query traffic and the workload that the DNS
server is servicing. These counters should be monitored along with the
common set of bottlenecks to determine the system’s health under
various workload conditions. If users are noticing slower responses,
you can compare the query workload usage growth with your performance
information from memory, processor, disk subsystem, and network
subsystem counters.
Table 2. Performance Counters to Monitor DNS
Comparing results with other DNS servers in
the environment can also help you to determine whether you should
relinquish some of the name query responsibility to other DNS servers
that are less busy.
Replication performance
is another important aspect of DNS. Windows Server 2012 supports legacy
DNS replication, also known as zone transfers, which populate
information from the primary DNS to any secondary servers. There are
two types of legacy DNS replication: incremental (propagating only
changes to save bandwidth) and full (the entire zone file is replicated
to secondary servers).
Asynchronous full zone transfers (AXFR) occur
on the initial transfer, and then the incremental zone transfers (IXFR)
are performed thereafter. The performance counters for both AXFR and
IXFR (see Table 3)
measure both the requests and successful transfers. It is important to
note that if your network environment integrates DNS with non-Windows
systems, it is recommended that those systems support IXFR.
Table 3. DNS Zone Transfer Counters
Note
If your network environment is fully AD integrated, the counters listed in Table 3 will all be zero because AD-integrated DNS replicates with AD DS.