Configuring Microsoft Active Directory monitoring

The Monitoring Agent for Microsoft Active Directory is automatically configured and started after installation.

Before you begin

Review the hardware and software prerequisites, see Software Product Compatibility Reports for Microsoft Active Directory agent

To view data for all attributes in the dashboard, complete the following tasks:

About this task

The directions here are for the most current release of this agent. For information about how to check the version of an agent in your environment, see Agent version command. For detailed information about the agent version list and what's new for each version, see Change history.

Running the Microsoft Active Directory agent as an administrator user

You must have administrative rights to run the Microsoft Active Directory agent.

About this task

All data sets are available to the users who are members of the Administrators group. In this task, you create a user, assign administrator rights to the user, and change the user account for the agent to this user.

Procedure

  1. Click Start > All Programs > Administrative Tools > Active Directory Users and Computers.
  2. To expand the domain where you want to create the user, click the plus sign (+) next to the name of a domain.
  3. Right-click Users, and then click New > User.
  4. To create a new user, open the New Object - User wizard.
    By default, a new user is a member of the Domain Users group.
  5. Right-click the new user that is created in the Domain Users group, and click Properties. The Username Properties window is displayed. The username is the name of the new user.
  6. In the Username Properties window, complete the following steps:
    1. Click the Member of tab. In the Member of area, add the Administrators group.
    2. Click Apply, and then click OK.
  7. Click Start > Run, and then type services.msc.
  8. In the Services window, complete the following steps:
    1. Right-click the Monitoring Agent for Active Directory service, and click Properties.
    2. In the Monitoring Agent for Active Directory Properties window, on the Log On tab, click This Account. Enter the user credentials.
    3. Click Apply, and then click OK.
  9. Restart the agent service.

Configuring local environment variables

You must specify values for the environment variables to view the Sysvol replication data in the dashboard. Optionally, you can also update the cache interval value to enable or disable caching.

Procedure

  1. In the IBM Performance Management window, from the Actions menu, click Advanced > Edit ENV File.
  2. In the K3ZENV file, change the values of the following environment variables.
    ADO_CACHE_INTERVAL
    Determines whether to start or stop the caching and is used to set a value for the cache interval. Cache interval is the duration in seconds between two consecutive data collections. You can specify any positive integer value for the cache interval to start the caching. You can specify the zero value for the cache interval to stop the caching. By default, the caching is started, and the cache interval value is set to 1200.
    ADO_SYSVOL_FORCE_REPLICATION_FLAG
    Determines whether the force replication that is initiated by the agent is enabled or disabled. The default value of this variable is TRUE. To disable force replication, change the value of this variable to FALSE.
    ADO_SYSVOL_REPLICATION_TEST_INTERVAL
    Determines the time interval in minutes between two Sysvol replication tests. The default value of this variable is 0 minutes. To complete the Sysvol replication test, ensure that the value of this variable is greater than zero.
    ADO_SYSVOL_REPLICATION_TEST_VERIFICATION_INTERVAL
    Determines the amount of time in minutes that the agent waits to verify the results of Sysvol replication after it completes the Sysvol replication test.

    The value of the ADO_SYSVOL_REPLICATION_TEST_INTERVAL variable must be greater than the value of the ADO_SYSVOL_REPLICATION_TEST_VERIFICATION_INTERVAL variable. You can use the following values for these variables:

    • ADO_SYSVOL_REPLICATION_TEST_INTERVAL: 1440
    • ADO_SYSVOL_REPLICATION_TEST_VERIFICATION_INTERVAL: 30

    After you assign valid values to the two environment variables, the Active Directory agent creates one file in the Sysvol shared folder of the managed system and initializes forced Sysvol replication. This forced replication is initialized from the managed system to the Sysvol shared folders of the Sysvol replication partners. After you verify the results of the replication test, the agent removes the files that are created and replicated from the managed system and Sysvol replication partners.

  3. Optional: In the K3ZENV file, add the APM_ATTRIBUTES_ENABLE_COLLECTION environmental variable and set its value to Yes to view data for the following data sets in the Attribute details tab.
    • Services
    • Replication
    • File Replication Service
    • Moved or Deleted Org Unit
    • LDAP
    • Security Accounts Manager
    • DFS
    • Address Book
    • Event Log
    • Password Setting Objects
    Remember: If you want to disable data collection for these data sets, set the value for the APM_ATTRIBUTES_ENABLE_COLLECTION environment variable to No.
  4. Restart the Microsoft Active Directory agent.

What to do next

Log in to the Cloud APM console to view the data that is collected by the agent in the dashboards. For information about using the Cloud APM console, see Starting the Cloud APM console.

Configuration of GPO policies

The configuration of GPO policies is to view the details of the Last Logon Information widget only.

Procedure

  1. Go to Configuration > Policies > Administrative Templates > Windows Components > Windows Logon Options.
  2. In Windows Logon Options select the checkbook of Display information about previous logons during user logon.
  3. Open command prompt with administrative rights and run the command gpupdate /force for the changes to get reflected.

Configuration values

About this task

The configuration parameters for the Last Logon Information widget is as follows:
  • Configuration parameters in k3zcma.ini
    • LLI_LOG_ENABLE: This configuration parameter allows the user to keep the logs of last logon information. By default it is set as FALSE. To enable this parameter set this value to True.
    • LLI_LOG_NAME: This configuration parameter allows the user to configure the filename. By default it is set as LastLogonInformation. User can change the filename by entering a value as lastlogon_info
    • LLI_LOG_PATH: This configuration parameter allows the user to configure the path where the logs are to be stored. By default they will be stored in TMAITM6_x64\logs for 64 bit agent. These 8 IBM Tivoli Composite Applications for Microsoft Active Directory: Microsoft Active Directory Installation and Configuration Guide folders are under the candle home path where the agent is installed. User can change the file path to C:\IBM\APM\TMAITM6_x64\logs\LLI_logs.
    • UWOP_NUMBER_OF_DAYS: This configuration parameter allows the user to configure number of days. By default it is set to 180 days.
Note:
  • If the LLI_LOG_ENABLE is set to TRUE it is mandatory to set the LLI_LOG_PATH.
  • If the LLI_LOG_ENABLE is set to TRUE the files will be stored at the configured LLI_LOG_PATH with the timestamp appended to it. For example, lastlogon_info_20_02_2020_14_24_58.
  • Each time user modifies the k3zcma.ini file for these configuration parameters, the agent must be restarted.
  • User has to manually delete of the logs that are stored at configured path whenever required.