We’re excited to announce that we’ve recently contributed Active Directory Domain Services (abbreviated Active Directory DS) monitoring support to the OpenTelemetry collector. You can check it out here!
You can utilize this receiver in conjunction with any OTel collector: including the OpenTelemetry Collector and observIQ’s distribution of the collector.
Below are steps to get up and running quickly with observIQ’s distribution, and shipping Active Directory DS metrics from Windows to a popular backend: Google Cloud Monitoring. You can find out more on observIQ’s GitHub page: https://github.com/observIQ/observiq-otel-collector
What signals matter?
Monitoring an Active Directory DS instance can be daunting, but we’ve focused the performance metrics to just a few key components:
- The Directory Replication Agent (DRA)
The Directory Replication Agent controls replication of domains across multiple domain controllers. This component is important for keeping your directory data safe and available in the case of outages.
- LDAP
LDAP (Lightweight Directory Access Protocol) is the protocol used to access your directory. The performance of this component is critical to accessing data in your directory over the network.
- The Domain Controller
The domain controller itself is what manages directory data. The performance of this component is critical to accessing the data in your directory.
A table with the full list of the Active Directory metrics that are automatically tracked with OpenTelemetry can be found at the end of the of the article – but first, let’s install the collector!
Installing to the Source
If you don’t already have an OpenTelemetry collector built with the latest Active Directory receiver installed, you’ll need to do that first. We suggest using observIQ’s distribution of the OpenTelemetry Collector that includes the Active Directory receiver (and many others) and is simple to install with our one-line installer.
Configuring the Active Directory DS receiver
After the installation, the config file for the collector can be found at
- C:\Program Files\observIQ OpenTelemetry Collector\config.yaml
Edit the configuration file and use the following configuration.
receivers:
active_directory_ds:
collection_interval: 60s
exporters:
googlecloud:
namespace: "active_directory"
service:
pipelines:
metrics:
receivers:
- active_directory_ds
exporters:
- googlecloud
In the example above, the Active Directory DS receiver configuration is set to:
- Receive Active Directory metrics from the Windows performance counters.
- Set the time interval for fetching the metrics. The default value for this parameter is 10s. However, if exporting metrics to Google Cloud operations, this value should be set to 60s.
- Export metrics to google cloud.
- By default, the version of the googlecloud exporter provided with the observIQ collector exports as the “generic_node” resource.
- “node_id” is the hostname of the machine the collector is running on.
- “location” is “global” as default.
- “namespace” is the hostname of the machine by default. Here, we override the default namespace and set it to “active_directory”.
- You can view the full range of configuration options for observIQ’s version of the Google cloud exporter here.
Viewing the metrics
You should see the following metrics exported to Metrics Explorer:
| Metric | Description | Namespace |
|---|---|---|
| active_directory.ds.replication.network.io | The amount of network data transmitted by the Directory Replication Agent, in bytes. | workload.googleapis.com/active_directory.ds.replication.network.io |
| active_directory.ds.replication.sync.object.pending | The number of objects remaining until the full sync completes for the Directory Replication Agent. | workload.googleapis.com/active_directory.ds.replication.sync.object.pending |
| active_directory.ds.replication.sync.request.count | The number of sync requests made by the Directory Replication Agent. | workload.googleapis.com/active_directory.ds.replication.sync.request.count |
| active_directory.ds.replication.object.rate | The number of objects transmitted by the Directory Replication Agent per second. | workload.googleapis.com/active_directory.ds.replication.object.rate |
| active_directory.ds.replication.property.rate | The number of properties transmitted by the Directory Replication Agent per second. | workload.googleapis.com/active_directory.ds.replication.property.rate |
| active_directory.ds.replication.value.rate | The number of values transmitted by the Directory Replication Agent per second. | workload.googleapis.com/active_directory.ds.replication.value.rate |
| active_directory.ds.replication.operation.pending | The number of pending replication operations for the Directory Replication Agent. | workload.googleapis.com/active_directory.ds.replication.operation.pending |
| active_directory.ds.operation.rate | The number of operations (read, write, search) performed per second. | workload.googleapis.com/active_directory.ds.operation.rate |
| active_directory.ds.name_cache.hit_rate | The percentage of directory object name component lookups that are satisfied by the Directory System Agent's name cache. | workload.googleapis.com/active_directory.ds.name_cache.hit_rate |
| active_directory.ds.notification.queued | The number of pending update notifications that have been queued to push to clients. | workload.googleapis.com/active_directory.ds.notification.queued |
| active_directory.ds.security_descriptor_propagations_event.queued | The number of security descriptor propagation events that are queued for processing. | workload.googleapis.com/active_directory.ds.security_descriptor_propagations_event.queued |
| active_directory.ds.suboperation.rate | The rate of sub-operations performed. | workload.googleapis.com/active_directory.ds.suboperation.rate |
| active_directory.ds.bind.rate | The number of binds per second serviced by this domain controller. | workload.googleapis.com/active_directory.ds.bind.rate |
| active_directory.ds.thread.count | The number of threads in use by the directory service. | workload.googleapis.com/active_directory.ds.thread.count |
| active_directory.ds.ldap.client.session.count | The number of connected LDAP client sessions. | workload.googleapis.com/active_directory.ds.ldap.client.session.count |
| active_directory.ds.ldap.bind.last_successful.time | The amount of time taken for the last successful LDAP bind, in milliseconds. | workload.googleapis.com/active_directory.ds.ldap.bind.last_successful.time |
| active_directory.ds.ldap.bind.rate | The number of successful LDAP binds per second. | workload.googleapis.com/active_directory.ds.ldap.bind.rate |
| active_directory.ds.ldap.search.rate | The number of LDAP searches per second. | workload.googleapis.com/active_directory.ds.ldap.search.rate |
To view the metrics follow the steps outlined below:
- In the Google Cloud Console, head to metrics explorer
- Select the resource as a generic node.
- Follow the namespace equivalent in the table above and filter the metric to view the chart.
observIQ’s distribution is a game-changer for companies looking to implement the OpenTelemetry standards. The single line installer, seamlessly integrated receivers, exporter, and processor pool make working with this collector simple. Follow this space to keep up with all our future posts and simplified configurations for various sources. For questions, requests, and suggestions, reach out to our support team at support@observIQ.com.