Monitoring Performance and Availability of Active Directory

You have an important document on your home directory you need to print to make the final review and then you must email it to a customer.

These things seems pretty easy and people do it every day. All these things rely on one critical component, Microsoft Active Directory (AD).

AD is a Directory Service which contains different resources such as users, groups, computers, printers, group policys (settings / restrictions), DNS and more.

Failure in AD might prevent users from logging in to their computers, accessing files and use critical applications.


If AD is so important, what can you do to protect your environment from critical unplanned outages?


  • Make it redundant
  • Add multiple Domain Controllers (DC) with Global Catalog and DNS enabled.
  • This will allow computers/servers to be able to login and access resources if a DC is down.
  • There are many other areas that needs to be addressed in order to have a redundant AD environment but that is out of this scope.


  • Monitor performance and availability
  • Without monitoring you have no idea how your environment is performing and if it´s available. You rely only on your users to respond when something isn´t working.
  • I am going to introduce a much better way that is proactive and will detect, diagnose and resolve AD performance and availability issues for you. Interested?



What do native tools offer?

Perfmon is a general Windows performance monitoring tool. It is very basic and is used as realtime monitoring only. It lacks in presentation, no historic data and no alarm capabilities.

Dcdiag is an command-line AD troubleshooting tool that you can run to diagnose your AD. Output is raw text and can be hard to understand if you don´t have deep AD skills.

Both tools are useful when troubleshooting but not very helpful in your daily monitoring process.


Is there an easier option for me?

Yes there is! Foglight for Virtualization, Enterprise has an add-on for AD that was built to help you detect, diagnose and resolve AD performance and availability problems without requiring any deep AD expertise.

It works across virtual and physical environments and has an agentless architecture for easier deployment and management.

Automatic discovery and configuration of all AD servers is done centrally and then it will start collecting key performance data from Hypervisor (VMware vSphere and Microsoft Hyper-V), Operating System and AD (response time, making sure key roles are accessible etc) and map topology (Forests, Domains, Sites, Domain Controllers).

Data being collected will be presented in easy understandable dashboards which are color coded Green (Normal), Yellow (Warning) and Red (Critical).

The top level tiles show number of Forests, Domains, Sites and Domain Controllers and their state. From here you can drill down into any specific area.

Below is a drill down to a Domain Controller with focus on Directory Services.

If a value is above a certain threshold or if it deviate from "normal", it will trigger an alarm. The Rules and thresholds are written by AD experts that knows what needs to be monitored and what thresholds to use.

So when an alarm is fired we have detected that something isn´t "normal" anymore, we provide a diagnose to what have happened and also a resolution to the problem. Everything to minimize the time needed to find and troubleshoot problems avoiding AD outage and in the end save your day!


To learn more about Active Directory monitoring, visit