Best practices for AppInsight for Active Directory
- SolarWinds recommends the following limits for AppInsight for Active Directory monitoring:
- Monitor up to 150,000 users and computers per domain controller.
- Monitor up to 200 domain controllers if you adjust AppInsight settings to reduce polling redundancy.
- When adding nodes for domain controllers, select Windows Servers: WMI and ICMP as the polling method so AppInsight for Active Directory widgets can display node status and names properly via WMI. ICMP-only nodes cannot supply DNS or SysName values required to compute replications for destination domain controller FQDN names. See this article in the SolarWinds Success Center for details.
Starting in SAM 2020.2, WinRM is used as the transport method for AppInsight polling via WMI.
- Multiple instances of this database-intensive feature can impact performance. Consider limiting usage to a few key domain controllers.
- Starting in SAM 2020.2.1, you can configure AppInsight to collect domain-related data a specific domain controller in a domain, while continuing to poll for replication-related data from other domain controllers in the same domain. See Customize AppInsight for Active Directory on individual domain controllers to boost performance,
- Several "Total" performance counters (for example, Total Inactive Users) are initially disabled in AppInsight for Active Directory to avoid performance issues in environments with large quantities of users and computers, especially on clients. To enable those component monitors for individual nodes, see Configure AppInsight for Active Directory on nodes.
- During initial setup, assign alerts to one or two email addresses only. Watch and monitor the alerts for two weeks to generate stable baselines that you can use to refine monitoring and alert actions for the usage and performance in your specific environment. Your environment's baseline and performance expectations may vary, as compared to the default thresholds.
- Create custom views with different AppInsight widgets for user groups in your organization.
Use Active Directory accounts with limited permissions (for example, read-only administrators) for AppInsight monitoring.