When organizations embrace new versions of software in a structured way, they end up with checklists, much like the ones I wrote for Windows 7 and Windows 8. Migrating end-user device Operating Systems (OSs), however, is different to embracing a new version of the Windows Server Operating System (OS).
From an information security point of view organizations might have requirements for (volume) activation, anti-malware, monitoring, (remote) management and disaster recovery. Legacy hardware might need to be replaced to conform to the latest Hardware Compatibility List (HCL).
Then again, not all Windows Servers offer business value based on Microsoft’s built-in Server Roles and Features. Instead, many software packages need to become available and/or supported for the new Operating System before organizations are ready to upgrade their entire server farm, for consistency.
Earlier this month, I wrote how Azure AD Connect v1.1.343.0 supports Windows Server 2016 and SQL Server 2016.
Today, I’m sharing the news that the System Center Management Pack (MP) needed to monitor Active Directory Domain Services on-premises is now available for Windows Server 2016. It was released on December 21, 2016. Not only that… It has been completely rewritten.
About the AD DS MP
The Active Directory Domain Services Management Pack provides both proactive and reactive monitoring of your Active Directory Domain Services deployment. It monitors the overall health of the Active Directory system and alerts you to critical performance issues.
The monitoring provided by this management pack includes monitoring of Active Directory Domain Controllers and monitoring of health from the perspective of clients utilizing Active Directory resources.
To monitor the Domain Controllers, the Active Directory Domain Services Management Pack provides a predefined, ready-to-run set of processing rules, monitoring scripts, and reports that are designed specifically to monitor the performance and availability of the Active Directory Domain Controllers.
End-users and devices in your environment might experience connectivity and service issues even though the Active Directory Domain Controllers appear to be operating correctly. The Active Directory Domain Member Management Pack, included in the Active Directory Management Pack, helps to identify these issues. This management pack monitors the services provided by the Active Directory Domain Controller. It provides information in addition to that collected directly on the Domain Controller about whether they are available by running synthetic transactions against the directory service, such as Lightweight Directory Access Protocol (LDAP) binds and LDAP pings.
In addition to health monitoring capabilities, this management pack provides a complete Active Directory monitoring solution by monitoring the health of vital processes that your Active Directory deployment depends upon, including the following:
- Replication
- Lightweight Directory Access Protocol (LDAP)
- Domain Controller Locator
- Trusts
- Net Logon service
- File Replication Service (FRS)
- Inter-site Messaging service
- Windows Time service
- Active Directory Web Services (ADWS)
- Active Directory Management Gateway Service
- Key Distribution Center (KDC)
- Monitoring service availability
- Collecting key performance data
- Providing comprehensive reports, including reports about service availability and service health and reports that can be used for capacity planning
With this Management Pack, administrators can automate one-to-many management of user and computer objects, simplifying administrative tasks and reduce IT costs. Administrators can efficiently implement security settings, enforce IT policies, and minimize service outages.
What’s New
Windows Server 2016 support
The new Active Directory Domain Services Management Pack supports monitoring Active Directory when the Active Directory Domain Controllers run Windows Server 2012, Windows Server 2012 R2 and/or Windows Server 2016.
The downside to this news is that Windows Server 2008 and Windows Server 2008 R2 are no longer supported. Active Directory Domain Controllers running these Windows Server versions need the previous version of the Active Directory Management Pack.
The upside is that all old code has been removed. This includes deprecated rules, alerts, and tools.
Event monitoring
In this Management Pack, the Event Alert rules were removed. All Error and Warning events from Active Directory-related event logs are now only collected in the Events collections. Informational events can be collected as well by turning on the Information Events rules.
Replication Monitoring replaced
The Replication Monitoring solution has been completely rewritten. It has been replaced with the following monitors:
- Active Directory Replication Queue Monitor
- Actve Directory Show Replication Check
- Replication Partner Count Monitor
- Replication Consistency Monitor
Removed Reliance on OOMADS.dll
Foor deployment of Management Packs to Domain Controller for monitoring, the team has removed oomads as a dependency from all Management Packs.
Removed dependency on down-level DC discovery MPs
Deploying this Management Pack no longer requires you deploy the Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 version of the Active Directory Domain Services Management Pack.
Created well defined aggregate roll-ups
With this Management Pack, the health monitors are rolled into well-defined and structured aggregates.
New server health monitors
This Management Pack introduces several new Server Health Monitors:
- Strict replication
- DNS service
- Group Policy
- Network adapters
- Strict replication
New domain member monitors
The Active Directory Client Management Pack has been renamed to the Active Directory Domain Member Management Pack. The Active Directory Domain Member Management Pack features the following new monitors:
- Reliable time server
- Secure channel
- DC health
- Group policy
Additional Guidance
The team added additional information to alerts and monitors and updated the knowledge base information, so administrators learn the information to remediate situations faster.
Version
This is version 10.0.1.0 of the Active Directory Domain Services Management Pack.
It can be deployed to Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016-based systems,
This Management Pack requires System Center 2012 R2 or newer and does not replace your 6.0.x Active Directory Domain Services Management Pack deployment.
Download
You can download version 10.0.1.0 of the Active Directory Domain Services Management Pack here. It is available in 17 languages and weighs between 756KB and 948KB per language. (or you can download a version including all languages weighing 1.2 MB)
Recommendation
Don’t let monitoring your Windows Server 2016-based Active Directory Domain Controllers slow down your migration to Microsofts latest and greatest.
Once you’ve upgraded all Domain Controllers to at least Windows Server 2012, you can safely remove the 6.0.x version of the Active Directory Domain Services Management Pack from your System Center deployment.
Related blogposts
Active Directory Domain Services Management Pack updated
Windows 8 Migration Checklist
Windows 7 Migration Checklist
Azure AD Connect version 1.1.343.0 with support for Windows Server 2016 and SQL Server 2016
Login