Active Directory Domain Services (AD DS) stores information about objects on the network so that administrators and users can easily access this information.
For more information about AD DS, see the Active Directory Domain Services (AD DS) documentation.
Prerequisites
To collect AD DS telemetry, you must install the Ops Agent:
- For metrics, install version 2.15.0 or higher.
- For logs, install version 2.15.0 or higher.
This integration supports AD DS versions Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
Configure your AD DS instance
By default, Active Directory Windows event logs and performance counters are enabled.
Configure the Ops Agent for AD DS
Following the guide to configure the Ops Agent, add the required elements to collect telemetry from AD DS instances, and restart the agent.
Example configuration
The following command creates the configuration to collect and ingest telemetry for AD DS and restarts the Ops Agent:
Configure logs collection
To ingest logs from AD DS, you must create receivers for the logs that AD DS produces and then create a pipeline for the new receivers.
To configure a receiver for your active_directory_ds logs, specify the following
fields:
| Field | Default | Description |
|---|---|---|
type |
The value must be active_directory_ds. |
What is logged
The logName is derived from
the receiver IDs specified in the configuration. Detailed fields inside the
LogEntry
are as follows.
active_directory_ds logs contain the following fields in the LogEntry:
| Field | Type | Description |
|---|---|---|
jsonPayload.Channel |
string | The event log channel where the log was logged. |
jsonPayload.ComputerName |
string | The name of the computer from which this log originates. |
jsonPayload.Data |
string | Extra event-specific data included with the log. |
jsonPayload.EventCategory |
number | The category of the event. |
jsonPayload.EventID |
number | An ID identifying the type of the event. |
jsonPayload.EventType |
string | The type of event. |
jsonPayload.Message |
string | The log message. |
jsonPayload.Qualifiers |
number | A qualifier number that is used for event identification. |
jsonPayload.RecordNumber |
number | The sequence number of the event log. |
jsonPayload.Sid |
string | The security identifier identifying a security principal or security group of the process that logged this message. |
jsonPayload.SourceName |
string | The source component that logged this message. |
jsonPayload.StringInserts |
[]string | Dynamic string data that was used to construct the log message. |
jsonPayload.TimeGenerated |
string | A timestamp representing when the record was generated. |
jsonPayload.TimeWritten |
string | A timestamp representing when the record was written to the event log. |
Configure metrics collection
To ingest metrics from AD DS, you must create receivers for the metrics that AD DS produces and then create a pipeline for the new receivers.
To configure a receiver for your active_directory_ds metrics, specify the following
fields:
| Field | Default | Description |
|---|---|---|
collection_interval |
60s |
A time.Duration value, such as 30s or 5m. |
type |
The value must be active_directory_ds. |
What is monitored
The following table provides the list of metrics that the Ops Agent collects from the AD DS instance.
| Metric type | |
|---|---|
| Kind, Type Monitored resources |
Labels |
workload.googleapis.com/active_directory.ds.bind.rate
|
|
GAUGE, DOUBLEgce_instance |
type
|
workload.googleapis.com/active_directory.ds.ldap.bind.last_successful.time
|
|
GAUGE, INT64gce_instance |
|
workload.googleapis.com/active_directory.ds.ldap.bind.rate
|
|
GAUGE, DOUBLEgce_instance |
|
workload.googleapis.com/active_directory.ds.ldap.client.session.count
|
|
GAUGE, INT64gce_instance |
|
workload.googleapis.com/active_directory.ds.ldap.search.rate
|
|
GAUGE, DOUBLEgce_instance |
|
workload.googleapis.com/active_directory.ds.name_cache.hit_rate
|
|
GAUGE, DOUBLEgce_instance |
|
workload.googleapis.com/active_directory.ds.notification.queued
|
|
GAUGE, INT64gce_instance |
|
workload.googleapis.com/active_directory.ds.operation.rate
|
|
GAUGE, DOUBLEgce_instance |
type
|
workload.googleapis.com/active_directory.ds.replication.network.io
|
|
CUMULATIVE, INT64gce_instance |
directiontype
|
workload.googleapis.com/active_directory.ds.replication.object.rate
|
|
GAUGE, DOUBLEgce_instance |
direction
|
workload.googleapis.com/active_directory.ds.replication.operation.pending
|
|
GAUGE, INT64gce_instance |
|
workload.googleapis.com/active_directory.ds.replication.property.rate
|
|
GAUGE, DOUBLEgce_instance |
direction
|
workload.googleapis.com/active_directory.ds.replication.sync.object.pending
|
|
GAUGE, INT64gce_instance |
|
workload.googleapis.com/active_directory.ds.replication.sync.request.count
|
|
CUMULATIVE, INT64gce_instance |
result
|
workload.googleapis.com/active_directory.ds.replication.value.rate
|
|
GAUGE, DOUBLEgce_instance |
directiontype
|
workload.googleapis.com/active_directory.ds.security_descriptor_propagations_event.queued
|
|
GAUGE, INT64gce_instance |
|
workload.googleapis.com/active_directory.ds.suboperation.rate
|
|
GAUGE, DOUBLEgce_instance |
type
|
workload.googleapis.com/active_directory.ds.thread.count
|
|
GAUGE, INT64gce_instance |
|
Sample dashboard
To view your AD DS metrics, you must have a chart or dashboard configured. Cloud Monitoring provides a library of sample dashboards for integrations, which contain preconfigured charts. For information about installing these dashboards, see Installing sample dashboards.
Verify the configuration
This section describes how to verify that you correctly configured the AD DS receiver. It might take one or two minutes for the Ops Agent to begin collecting telemetry.
To verify that the logs are ingested, go to the Logs Explorer and run the following query to view the AD DS logs:
resource.type="gce_instance"
logName=("projects/PROJECT_ID/logs/active_directory_ds")
To verify that the metrics are ingested, go to Metrics Explorer and run the following query in the MQL tab:
fetch gce_instance
| metric 'workload.googleapis.com/active_directory.ds.bind.rate'
| every 1m