The simple answer to your question is any command line tool
that will send an ldap query from ldapsearch to portquery to dsquery to adfind.
I find the way the thread ran around quite funny. Obviously
just monitoring with a ping is really not doing yourself any favors. "Real"
monitoring software would be nice like MOM, etc but you honestly in the end
don't have to use it, I ran a very large AD without that stuff for years.
Anyway, I am a solid believer in service testing from the client standpoint and
most of the official monitoring tools don't do that, they do everything local on
the box but I am more concerned about others not reaching the services versus
the monitoring agent on the server reaching the local machine.
A simple monitoring script written in perl I had
for some time did a series of simple tests against all DCs. Off the top of my
head, the tests were
For DCs
ping
simple net use to IPC$ (I have a simple net use exe I
wrote for it called SNU) - http://www.joeware.net/win/free/tools/snu.htm
Out of Resources test which was actually a tool to exercise
the NET API interfaces and basically was my getuserinfo program to enumerate
guest account info
LDAP test which was simply adfind pulling the rootdse info,
actually used that to check times to because I would look at the currenttime
attribute
For WINS servers
ping
simple net use to IPC$ (I have a simple net use exe I
wrote for it called SNU) - http://www.joeware.net/win/free/tools/snu.htm
Out of Resources test which was actually a tool to exercise
the NET API interfaces and basically was my getuserinfo program to enumerate
guest account info Query critical WINS domain records to make sure they were
returned and if they changed
I had
a couple of other scripts I wrote that watched for replication errors and also
would drop objects in and object changes into AD and watch for their replication
latencies.
I also
used a tool from ks-soft called hostmon which would watch a couple of perf
counters remotely. The primary counter were the disk space counters for the
disks the DITs were on and the inbound replication queue counter. Monitoring
that last counter is a bit of fun, it doesn't follow the standard threshhold
mechanism. It really doesn't matter how high the number goes, it is whether or
not it comes back to 0 within your replication period. If it doesn't, it means
that replication is being overwhelmed and it can't keep up. Even that is ok for
short periods of time. So I would usually watch the counter once per minute and
make sure that once per hour it would come to zero, if it didn't, it would page.
Our replication was configured for every 15 minutes cross site so if it didn't
come back to zero within a specific 15 minute period, I would get an email on
that so I could keep tabs on it, plus I kept all of the values so I could graph
it if necessary.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bahta, Nathaniel V CTR USAF NASIC/SCNA Sent: Friday, August 04, 2006 8:54 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Ping Hey all,
Does anyone know of a command line utility that allows
you to test ldap connections? We have a dc that hangs, but remains
pingable and I would like to do ldap pings to it to as well as rpc pings.
I know about the rpc ping utility, but I wanted to test for ldap connectivity as
well. Does anyone know of a utility like this?
Thanks,
Nate
|
- RE: [ActiveDir] LDAP Ping Michael A. Barker
- RE: [ActiveDir] LDAP Ping joe
- Re: [ActiveDir] LDAP Ping Al Mulnick
- Re: [ActiveDir] LDAP Ping Matheesha Weerasinghe
- Re: [ActiveDir] LDAP Ping Mark Parris
- FW: [ActiveDir] LDAP Ping Mark Parris
- RE: [ActiveDir] LDAP Ping Bahta, Nathaniel V CTR USAF NASIC/SCNA
- Re: [ActiveDir] LDAP Ping Al Mulnick