Active Directory Monitor - FAQs

Active Directory Monitor - FAQs

1. What are the Scripts and Processes used in the Active Directory Monitor?

Below is a list of VB Scripts and PowerShell scripts used for data collection in the AD monitor:
  1. VB Scripts located in <AppManager-Home>\working\conf\application\scripts directory:
    1. wmicheckauthentication.vbs
    2. wmiQueryExecuter.vbs
    3. cookwmiget.vbs
    4. ADReplicationData.vbs

  2. PowerShell Scripts located in <AppManager-Home>\working\conf\application\scripts\powershell directory:
    1. ADTimeSyncTest.ps1
    2. PortConnectivity.ps1
    3. ActiveDirectoryPorts.ps1
    4. ADDiagnosticTests.ps1
  1. Processes used to execute the scripts mentioned above.
    1. cscript.exe
    2. powershell.exe
Refer this KB for more details on the scripts and commands used.

2. What might cause the "Authentication Failed - Kindly verify Username and Password" error in Active Directory Monitor?

This error occurs when a basic WMI connection attempt fails. To troubleshoot, refer to the following KB for instructions on checking the basic WMI connection: https://pitstop.manageengine.com/portal/en/kb/articles/basic-wmi-connection-check-when-unable-to-add-monitor

3. What to do if you can retrieve data when running the script separately, but data collection does not happen in the Applications Manager Active Directory monitor?

  1. Check whether the prerequisites are done using the hostname or IP address or FQDN. Verify which of these are used to run the script and ensure the same is configured in the Active Directory monitor. If there is a discrepancy, use the value that worked when running the script manually. 
  2. Refer to the following KB article for additional troubleshooting steps.

4. How to identify if the monitored AD server is a Primary DC or not?

  1. In the Active Directory monitor, the Monitor Information tab includes a metric "Is Primary DC", which indicates whether the monitored server is a Primary Domain Controller (PDC). 
  2. Refer to the following KB article to run the script or command used to fetch this information.
  3. From the script output, check the server name. If it is marked with *** PDC ***, then it refers to the Primary Domain Controller.
  4. If the monitored server is not a Primary DC, the Performance Overview tab displays the Name of the Primary DC and the Time Offset metric, which indicates the time difference between the monitored Domain Controller (DC) and the Primary DC.

5. What is ntds.dit file and what is its role in Active Directory monitor?

  1. The ntds.dit file is the Active Directory database file.
  2. It is usually located at:
C:\\WINDOWS\\NTDS\\ntds.dit
  1. However, in some cases, it may be stored in a different location. To determine the file path, the GetRegistryValues.ps1 script is executed when an AD monitor is added in Applications Manager. This script fetches the path from the registry.
InfoRegistry path: HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Property: DSA Database file
  1. The ntds.dit file path is used in the WMI query to fetch the "Database File Size" metric supported in the Active Directory monitor. Refer to the help section for more details on supported metrics.
InfoWMI Query: Select FileSize From CIM_DataFile Where Name=''C:\\WINDOWS\\NTDS\\ntds.dit''
Note: Applications Manager does not directly access the ntds.dit file. Instead, it retrieves the file size data from the WMI repository using the specified path in the WMI query.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Real User Monitor (RUM) - Troubleshooting

                      If the monitor has not polled data for a long time, follow the below steps for troubleshooting. Step 1: Check the RUM Agent configuration Real User Monitor requires the RUM Agent to be installed and mapped to the Applications Manager. Refer this help ...

                    • REST API Monitor - FAQS

                      1. What to do when Basic Authentication fails in REST API monitor? When Basic Authentication fails in the REST API monitor, follow the below steps to troubleshoot the error. Ensure the credentials provided in Applications Manager (Username and ...

                    • Data not available in Active Directory monitor

                      Steps to follow if there is no data in Active Directory monitor If you are using AppManager version 15470 and above, you can navigate to Admin > Self Help Tools and choose the monitor type to troubleshoot the problem. Click here for more details. If ...

                    • Active Directory monitor - Scripts and Commands used

                      Refer to this document to learn about the scripts and commands used to fetch data in the Active Directory monitor. VB Scripts: The .vbs scripts are used to collect Performance Metrics in WMI mode. Below are the scripts used: ...

                    • Unable to add Active Directory monitor

                      1. Open command prompt in administrator mode and navigate to <Applications Manager Home>\working\conf\application\scripts directory. 2. Execute the below command replacing hostname, username and password with that of the Active Directory server: ...

                      Related Products