Forum Discussion

2 years ago

AD Server Monitoring Best Practices

Is there a baseline or best practices whitepaper on what SHOULD be monitored when setting up LM to monitor Domain Controllers available? Services, thresholds etc.

Mike_Aracic
2 years ago
I don’t believe there’s a white paper, but there is a page in the help documents dedicated to making sure you have full coverage of your AD servers:
https://www.logicmonitor.com/support/monitoring/applications-databases/windows-active-directory-monitoring
There’s also this which explains some of your choices about authentication:
https://www.logicmonitor.com/support/monitoring/os-virtualization/monitoring-a-domain-controller-dc
They are Windows servers, so the normal windows monitoring practices apply as well:
https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/windows-server-monitoring-and-principle-of-least-privilege
https://www.logicmonitor.com/support/collectors/collector-configurations/group-policy-rights-necessary-for-the-windows-collector-service-account
The services that need to be monitored will be monitored if you follow those instructions, and all the LogicModules have their own thresholds and settings that have best practices built into them. In general, most of the service monitoring done by our default suite of LogicModules is done by monitoring the function of the services themselves, not the reported state of windows services themselves. If further tuning is necessary, this article describes the mechanics and this describes some best practices.
This should be a good start; maybe some other users can chime in if they have seen anything missing or have additional tips or information.

Mike_Aracic

Employee

2 years ago

I don’t believe there’s a white paper, but there is a page in the help documents dedicated to making sure you have full coverage of your AD servers:

https://www.logicmonitor.com/support/monitoring/applications-databases/windows-active-directory-monitoring

There’s also this which explains some of your choices about authentication:

https://www.logicmonitor.com/support/monitoring/os-virtualization/monitoring-a-domain-controller-dc

They are Windows servers, so the normal windows monitoring practices apply as well:

https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/windows-server-monitoring-and-principle-of-least-privilege
https://www.logicmonitor.com/support/collectors/collector-configurations/group-policy-rights-necessary-for-the-windows-collector-service-account

The services that need to be monitored will be monitored if you follow those instructions, and all the LogicModules have their own thresholds and settings that have best practices built into them. In general, most of the service monitoring done by our default suite of LogicModules is done by monitoring the function of the services themselves, not the reported state of windows services themselves. If further tuning is necessary, this article describes the mechanics and this describes some best practices.

This should be a good start; maybe some other users can chime in if they have seen anything missing or have additional tips or information.

Forum Discussion

AD Server Monitoring Best Practices

Related Content

PropertySource best practices auto vs custom

Best Practices for removing clients from LogicMonitor

vmWare vCenter Server - permissions

SQL Server Services Status

SQL Server Services monitoring for non-admin account

Recent Discussions

What is the correct way to exclude VMWare folders from the new script netscan?

LogicMonitor Datamart (Free / Open Source)

CentOS IP Tables?

Meraki Access point Monitoring

Issues with non-admin collector account