Configure AppInsight for Active Directory
After reviewing best practices and then requirements and permissions, gather the key information you'll need to add AppInsight for Active Directory to domain controller nodes being monitored in the Orion Platform, including:
- The domain credentials for an account that SAM can use to log in to Active Directory. The account does not need elevated privileges.
Recommended: Use Active Directory accounts with limited permissions (for example, read-only administrators) to monitor domain controllers with AppInsight for Active Directory.
- Either the IP address or fully-qualified domain name (FQDN) of each domain controller.
To access FQDN details, open a Windows command prompt on a computer on the correct network and type
- The port number, encryption method, and authentication method for each domain controller.
Add AppInsight for Active Directory to domain controller nodes
To monitor domain controllers in SAM, add the AppInsight for Active Directory template to nodes that are already running Active Directory Domain Services. You can add AppInsight to nodes through Discovery, or manually via the Manage Templates or Node Details pages.
Before you begin, enable WMI on domain controllers so they can be detected by the Discovery Wizard.
Use the Discovery Wizard (also called Network Sonar Discovery) to add a new node and select AppInsight for Active Directory for monitoring. Credentials are inherited from the node automatically.
- Click Settings > All Settings > Add Node.
- When the Add Node wizard appears, enter information on the Define Node tab and click Next.
- On the Choose Resources tab, select AppInsight Applications > Active Directory.
- Click Next and follow onscreen instructions to complete the wizard.
- To confirm the node was added:
- Click My Dashboards > Applications > Active Directory.
- Navigate to the All Application widget, expand the tree, and click the Active Directory application.
You can add AppInsight for Active Directory monitoring to a domain controller already being monitored as a node via the Manage Templates page.
- Click Settings > All Settings > SAM Settings > Manage Templates.
- On the Manage Templates page, switch to the Application Monitor Templates tab.
- In the Template Name column, select the AppInsight for Active Directory check box.
- Click Assign to Node.
- Complete fields on the Set up AppInsight for Active Directory page and click Assign Application Monitor.
The default port to connect to domain controller LDAP services is 389. The default port for domain controllers configured as Global Catalog (GC) services is 3268.
Follow these steps to add AppInsight for Active Directory to a domain controller already monitored as a WMI node in SAM.
- Click My Dashboards > Home > Summary.
- Expand and select the monitored domain controller node in the All Nodes - Tree View widget.
When the Node Details page appears, click List Resources in the Management widget.
The list may take a few minutes to generate.
Select Microsoft Active Directory to enable AppInsight for Active Directory data collection. When done, click Submit.
- Click My Dashboards > Applications > SAM Summary.
Locate the All Applications widget, and click the Microsoft Active Directory application on the specific node you modified.
When prompted, enter your Active Directory credentials and select the port used to communicate with the domain.
Click Test to verify the credentials and configured permissions.
- Click Assign Credential to save the configuration.
During the initial configuration of AppInsight for Active Directory, several "Total" performance counters (for example, Total Inactive Users) are disabled to avoid performance issues for domain controllers in environments with large quantities of users and computers, especially on clients. After adding AppInsight for Active Directory to nodes, you can edit the AppInsight for Active Directory template to enable total counters, if desired.