Technical “How-To’s”

How to Monitor Active Directory with OpenTelemetry

Brandon Johnson
Brandon Johnson

We’re excited to announce that we’ve recently contributed Active Directory Domain Services (abbreviated Active Directory DS) monitoring support to the OpenTelemetry collector. You can check it out here!

You can utilize this receiver in conjunction with any OTel collector: including the OpenTelemetry Collector and observIQ’s distribution of the collector.

Below are steps to get up and running quickly with observIQ’s distribution, and shipping Active Directory DS metrics from Windows to a popular backend: Google Cloud Monitoring. You can find out more on observIQ’s GitHub page:

What signals matter?

Monitoring an Active Directory DS instance can be daunting, but we’ve focused the performance metrics to just a few key components:

  • The Directory Replication Agent (DRA)

The Directory Replication Agent controls replication of domains across multiple domain controllers. This component is important for keeping your directory data safe and available in the case of outages.

  • LDAP

LDAP (Lightweight Directory Access Protocol) is the protocol used to access your directory. The performance of this component is critical to accessing data in your directory over the network.

  • The Domain Controller

The domain controller itself is what manages directory data. The performance of this component is critical to accessing the data in your directory.

A table with the full list of the Active Directory metrics that are automatically tracked with OpenTelemetry can be found at the end of the of the article – but first, let’s install the collector!

Installing to the Source

If you don’t already have an OpenTelemetry collector built with the latest Active Directory receiver installed, you’ll need to do that first. We suggest using observIQ’s distribution of the OpenTelemetry Collector that includes the Active Directory receiver (and many others) and is simple to install with our one-line installer.

Configuring the Active Directory DS receiver

After the installation, the config file for the collector can be found at

  • C:\Program Files\observIQ OpenTelemetry Collector\config.yaml

Edit the configuration file and use the following configuration.

2  active_directory_ds:
3    collection_interval: 60s
6  googlecloud:
7    namespace: "active_directory"
10  pipelines:
11    metrics:
12      receivers:
13        - active_directory_ds
14      exporters:
15        - googlecloud

In the example above, the Active Directory DS receiver configuration is set to:

  1. Receive Active Directory metrics from the Windows performance counters.
  2. Set the time interval for fetching the metrics. The default value for this parameter is 10s. However, if exporting metrics to Google Cloud operations, this value should be set to 60s.
  3. Export metrics to google cloud.
  • By default, the version of the googlecloud exporter provided with the observIQ collector exports as the “generic_node” resource.
  • “node_id” is the hostname of the machine the collector is running on.
  • “location” is “global” as default.
  • “namespace” is the hostname of the machine by default. Here, we override the default namespace and set it to “active_directory”.
  • You can view the full range of configuration options for observIQ’s version of the Google cloud exporter here.

Viewing the metrics

You should see the following metrics exported to Metrics Explorer:

MetricDescriptionNamespace amount of network data transmitted by the Directory Replication Agent, in
active_directory.ds.replication.sync.object.pendingThe number of objects remaining until the full sync completes for the Directory Replication
active_directory.ds.replication.sync.request.countThe number of sync requests made by the Directory Replication
active_directory.ds.replication.object.rateThe number of objects transmitted by the Directory Replication Agent per number of properties transmitted by the Directory Replication Agent per
active_directory.ds.replication.value.rateThe number of values transmitted by the Directory Replication Agent per
active_directory.ds.replication.operation.pendingThe number of pending replication operations for the Directory Replication
active_directory.ds.operation.rateThe number of operations (read, write, search) performed per
active_directory.ds.name_cache.hit_rateThe percentage of directory object name component lookups that are satisfied by the Directory System Agent's name
active_directory.ds.notification.queuedThe number of pending update notifications that have been queued to push to
active_directory.ds.security_descriptor_propagations_event.queuedThe number of security descriptor propagation events that are queued for
active_directory.ds.suboperation.rateThe rate of sub-operations
active_directory.ds.bind.rateThe number of binds per second serviced by this domain
active_directory.ds.thread.countThe number of threads in use by the directory
active_directory.ds.ldap.client.session.countThe number of connected LDAP client
active_directory.ds.ldap.bind.last_successful.timeThe amount of time taken for the last successful LDAP bind, in
active_directory.ds.ldap.bind.rateThe number of successful LDAP binds per number of LDAP searches per

To view the metrics follow the steps outlined below:

  1. In the Google Cloud Console, head to metrics explorer
  2. Select the resource as a generic node.
  3. Follow the namespace equivalent in the table above and filter the metric to view the chart.

Broken image

observIQ’s distribution is a game-changer for companies looking to implement the OpenTelemetry standards. The single line installer, seamlessly integrated receivers, exporter, and processor pool make working with this collector simple. Follow this space to keep up with all our future posts and simplified configurations for various sources. For questions, requests, and suggestions, reach out to our support team at

Brandon Johnson
Brandon Johnson

Related posts

All posts

Get our latest content
in your inbox every week

By subscribing to our Newsletter, you agreed to our Privacy Notice

Community Engagement

Join the Community

Become a part of our thriving community, where you can connect with like-minded individuals, collaborate on projects, and grow together.

Ready to Get Started

Deploy in under 20 minutes with our one line installation script and start configuring your pipelines.

Try it now