Monitoring Performance in Active Directory |
This section describes the command-line tools and Visual Basic scripts, provided on the Windows 2000 Resource Kit companion CD, that enable you to monitor performance of Active Directory, including monitoring differences between directory partitions, replication schedules and topology, networking, channels, and local and remote computer performance, and the allocation of RID pools. They are located in the directory <Root Directory of the CD-ROM>\Support\Reskit. The performance monitor (Pmon) tool and two Visual Basic (VBS) scripts, DisplayRID and DisplayOld, are furthered described in this chapter.
You can use the Process Monitor (Pmon.exe) command-line tool to monitor process resource usage by tracking CPU and memory usage for each running process. Pmon.exe also measures paged and nonpaged pool usage, and identifies kernel-mode memory leaks. For Active Directory purposes, you can use Pmon.exe to monitor the memory usage of the Local Security Authority by viewing the Lsass.exe process.
The Process Monitor tool provides a keyboard interface, so you can use the UP ARROW and DOWN ARROW to scroll up and down the list of currently running processes. To quit Pmon.exe, press ESC or type q. Use any other key to refresh the Pmon.exe display.
For more information about paged and nonpaged pool usage, see "Evaluating Memory and Cache Usage" in the Microsoft Windows 2000 Server Resource Kit Server Operations Guide.
You use the Visual Basic script DisplayRID to monitor the allocation and use of RID pools by domain controllers. For example, to monitor the ResKit domain's allocation and use of its RID pool, type:
cscript displayrid.vbs /D:ResKit /U:Sales\Administrator /W:mypass1
The general syntax of the command is as follows:
Cscript displayrid.vbs [/U:Username] [/W:Password] [/D:Domain] [/S:Server] [/Q]
You use the Visual Basic script DisplayOld to query Active Directory to find computer or user accounts that have not logged on for a specified period of time. The output can be optionally archived to a file in LDAP Data Interchange Format (LDIF) so that you can delete those objects from Active Directory. For example, to find all user accounts that have not logged on for the past 60 days in the Sales organizational unit (OU) within the Reskit.com domain, type the following command:
cscript displayold.vbs /N:60 /C:user /D:ResKit /U:Sales\Administrator /W:mypass1
The general syntax of the command is as follows:
Cscript displayold.vbs /N:Number_of_days [/U:User_name] [/W:Password] [/D:Domain] [/S:Server] [/C:Computer|User] [/F:File_name] [/Q]
Note that only one parameter, /N:Number_of_days, is required.
Trace logging enables you to measure the performance cost of an operation. Active Directory provides instrumentation to trace the operations of directory services, such as LDAP Primitives, Kerberos, SAM, LSA, and Net Logon. When enabled, tracing captures key events such as logons, authentications, LDAP operations, and SAM operations. It also records parameters such as CPU time, timestamps, and thread identifiers. By using the event logging services of the Performance Logs and Alerts service, you can enable or disable trace logging. To produce transaction-level costing information trace data, you must use the trace APIs. For more information about trace APIs, see the Microsoft Platform SDK link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources. The Microsoft Platform SDK and Resource Kit also includes sample programs and tools to post-process trace data.