Best practices for AppInsight for Active Directory
AppInsight for Active Directory is a database-intensive SAM feature can impact performance. In large environments, consider limiting usage to a few key domain controllers. Recommended limits include:
- Monitor up to 150,000 users and computers per domain controller.
- Monitor up to 200 domain controllers if you adjust AppInsight settings to reduce polling redundancy.
To protect sensitive data, create custom views with different AppInsight widgets for user groups in your organization.
SolarWinds recommends using a dedicated Active Directory account with limited permissions for monitoring. Local admin permissions are required to configure AppInsight on nodes, but are not needed for monitoring later. See Set up monitoring under the context of an account with the "least privileges."
To add a node for a domain controller, select Windows Servers: WMI and ICMP as the polling method so AppInsight widgets can display node status and names properly. ICMP-only nodes do not supply DNS or SysName values required to compute replications for destination domain controller FQDN names. See this article in the SolarWinds Success Center for details.
Configure AppInsight to collect domain-related data from a specific domain controller, while continuing to poll for replication-related data from other domain controllers in the same domain. See Customize AppInsight for Active Directory on individual domain controllers to boost performance,
Several "Total" performance counters (for example, Total Inactive Users) are initially disabled to avoid performance issues in environments with large quantities of users and computers, especially clients. To enable those component monitors for individual nodes, see Configure AppInsight for Active Directory on nodes.
During initial setup, assign alerts to one or two email addresses only. Watch and monitor the alerts for two weeks to generate stable baselines that you can use to refine monitoring and alert actions for the usage and performance in your specific environment. Your environment's baseline and performance expectations may vary, as compared to the default thresholds.
To learn more about this feature, review the Domain Controller Health Check and Monitoring use case. You can also watch Deep Dive on using AppInsight templates and The Who, What, and When of Active Directory Monitoring.