Configure AppInsight for Active Directory
After reviewing requirements and permissions, make sure you have key information and an Active Directory user account so you can add AppInsight for Active Directory to domain controller nodes being monitored in the Orion Platform. Information you'll need includes:
- Either the IP address or fully-qualified domain name (FQDN) of the domain controllers.
To access FQDN details, open a Windows command prompt on a computer on the correct network and type
- The port number, encryption method, and authentication method for each server.
- The domain credentials for an account that SAM can use to log in to Active Directory. The account does not need elevated privileges.
SolarWinds recommends using Active Directory accounts with limited permissions (for example, read-only administrators) to monitor AppInsight for Active Directory.
Note the following details about AppInsight for Active Directory:
- AppInsight for Active Directory uses domain controller IP addresses instead of domain names for polling. LDAP components do not include the $DomainName parameter in configuration fields. This use of IP address enables different applications to get data from all monitored domain controllers in a single domain.
- WMI is the preferred polling method for AppInsight polling. Some information, such as DISK I/O, is tied to volumes only available for nodes managed via WMI.
To ensure that node status and names appear in AppInsight for Active Directory widgets, SolarWinds recommends configuring nodes to support both WMI and ICMP polling. ICMP-only nodes cannot supply DNS or SysName values required to compute replications for destination domain controller FQDN names. See this article in the SolarWinds Success Center for details.
- Like the other AppInsight templates, the AppInsight for Active Directory template includes several component monitors with default settings that cannot be modified due to dependencies. Also, you cannot add component monitors to this template.
- To avoid performance issues in large environments, several "total" counters, such as Total User Accounts and Total Inactive Users, are initially disabled in the AppInsight for Active Directory template. After adding AppInsight for Active Directory to nodes, you can enable these component monitors.
- By default, AppInsight for Active Directory ignores certificate errors during polling, but you can configure settings to be prompted to verify connections. See Configure certificate handling for AppInsight for Active Directory.
Add AppInsight for Active Directory to domain controller nodes
To configure and monitor domain controllers in SAM, add the AppInsight for Active Directory template to nodes that are already running Active Directory Domain Services. You can add AppInsight to nodes through Discovery, or manually via the Manage Templates or Node Details pages.
Before you begin, enable WMI on domain controllers so they can be detected by the Discovery Wizard.
Use the Discovery Wizard (also called Network Sonar Discovery) to add a new node and select AppInsight for Active Directory for monitoring. Credentials are inherited from the node automatically.
- Click Settings > All Settings > Add Node.
- When the Add Node wizard appears, enter information on the Define Node tab and click Next.
- On the Choose Resources tab, select AppInsight Applications > Active Directory.
- Click Next and follow onscreen instructions to complete the wizard.
- To confirm the node was added:
- Click My Dashboards > Applications > Active Directory.
- Navigate to the All Application widget, expand the tree, and click the Active Directory application.
You can add AppInsight for Active Directory monitoring to a domain controller already being monitored as a node via the Manage Templates page.
- Click Settings > All Settings > SAM Settings > Manage Templates.
- On the Manage Templates page, switch to the Application Monitor Templates tab.
- In the Template Name column, select the AppInsight for Active Directory check box.
- Click Assign to Node.
- Complete fields on the Set up AppInsight for Active Directory page and click Assign Application Monitor.
The default port to connect to domain controller LDAP services is 389.
Follow these steps to add AppInsight for Active Directory to a domain controller already monitored as a WMI node in SAM.
- Click My Dashboards > Home > Summary.
- Expand and select the monitored domain controller node in the All Nodes - Tree View widget.
When the Node Details page appears, click List Resources in the Management widget.
The list may take a few minutes to generate.
Select Microsoft Active Directory to enable AppInsight for Active Directory data collection. When done, click Submit.
- Click My Dashboards > Applications > SAM Summary.
Locate the All Applications widget, and click the Microsoft Active Directory application on the specific node you modified.
When prompted, enter your Active Directory credentials and select the port used to communicate with the domain.
Click Test to verify the credentials and configured permissions.
- Click Assign Credential to save the configuration.
After adding AppInsight for Active Directory to nodes, you can edit the AppInsight for Active Directory template to enable total counters, if desired. You can also Configure certificate handling for AppInsight for Active Directory.