Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) stores information about objects on the network so that administrators and users can easily access this information.

For more information about AD DS, see the Active Directory Domain Services (AD DS) documentation .

Prerequisites

To collect AD DS telemetry, you must install the Ops Agent :

• For metrics, install version 2.15.0 or higher.
• For logs, install version 2.15.0 or higher.

This integration supports AD DS versions windows-server-2016 and windows-server-2019.

Configure your AD DS instance

By default, Active Directory Windows event logs and performance counters are enabled.

Configure the Ops Agent for AD DS

Following the guide to Configure the Ops Agent , add the required elements to collect telemetry from AD DS instances, and restart the agent .

Example configuration

The following commands create the configuration to collect and ingest telemetry for AD DS:

  $ 
 ErrorActionPreference 
  
 = 
  
 ' 
 Stop 
 ' 
 # 
  
 Create 
  
 an 
  
 empty 
  
 config 
 . 
 yaml 
  
 file 
  
 if 
  
 it 
  
 doesn 
 ' 
 t 
  
 exist 
 . 
 $ 
 configFilePath 
  
 = 
  
 ' 
 C 
 : 
 \ 
 Program 
  
 Files 
 \ 
 Google 
 \ 
 Cloud 
  
 Operations 
 \ 
 Ops 
  
 Agent 
 \ 
 config 
 \ 
 config 
 . 
 yaml 
 ' 
 if 
  
 ( 
 - 
 not 
  
 ( 
 Test 
 - 
 Path 
  
 - 
 Path 
  
 $ 
 configFilePath 
  
 - 
 PathType 
  
 Leaf 
 )) 
  
 { 
  
 New 
 - 
 Item 
  
 - 
 ItemType 
  
 File 
  
 - 
 Path 
  
 $ 
 configFilePath 
  
 - 
 Force 
  
 | 
  
 Out 
 - 
 Null 
 } 
 # 
  
 Create 
  
 a 
  
 back 
  
 up 
  
 of 
  
 the 
  
 existing 
  
 file 
  
 so 
  
 existing 
  
 configurations 
  
 are 
  
 not 
  
 lost 
 . 
 Copy 
 - 
 Item 
  
 - 
 Path 
  
 ' 
 C 
 : 
 \ 
 Program 
  
 Files 
 \ 
 Google 
 \ 
 Cloud 
  
 Operations 
 \ 
 Ops 
  
 Agent 
 \ 
 config 
 \ 
 config 
 . 
 yaml 
 ' 
  
 - 
 Destination 
  
 ' 
 C 
 : 
 \ 
 Program 
  
 Files 
 \ 
 Google 
 \ 
 Cloud 
  
 Operations 
 \ 
 Ops 
  
 Agent 
 \ 
 config 
 \ 
 config 
 . 
 yaml 
 . 
 bak 
 ' 
 # 
  
 Configure 
  
 the 
  
 Ops 
  
 Agent 
 . 
 Add 
 - 
 Content 
  
 ' 
 C 
 : 
 \ 
 Program 
  
 Files 
 \ 
 Google 
 \ 
 Cloud 
  
 Operations 
 \ 
 Ops 
  
 Agent 
 \ 
 config 
 \ 
 config 
 . 
 yaml 
 ' 
  
 " 
 logging: 
 receivers: 
 active_directory_ds: 
 type: active_directory_ds 
 service: 
 pipelines: 
 active_directory_ds: 
 receivers: 
 - active_directory_ds 
 metrics: 
 receivers: 
 active_directory_ds: 
 type: active_directory_ds 
 service: 
 pipelines: 
 active_directory_ds: 
 receivers: 
 - active_directory_ds 
 " 
 if 
  
 ( 
 Get 
 - 
 Service 
  
 google 
 - 
 cloud 
 - 
 ops 
 - 
 agent 
 * 
  
 - 
 ErrorAction 
  
 SilentlyContinue 
 ) 
  
 { 
  
 ( 
 Get 
 - 
 Service 
  
 google 
 - 
 cloud 
 - 
 ops 
 - 
 agent 
 * 
 ). 
 WaitForStatus 
 ( 
 ' 
 Running 
 ' 
 , 
  
 ' 
 00 
 : 
 03 
 : 
 00 
 ' 
 ) 
 } 
 

For these changes to take effect, you must restart the Ops Agent:

1. Connect to your instance using RDP or a similar tool and login to Windows.
2. Open a PowerShell terminal with administrator privileges by right-clicking the PowerShell icon and selecting Run as Administrator
3. To restart the agent, run the following PowerShell command:

   Restart-Service google-cloud-ops-agent -Force

4. To confirm that the agent restarted, run the following command and verify that the components "Metrics Agent" and "Logging Agent" started:

   Get-Service google-cloud-ops-agent*

Configure logs collection

To ingest logs from AD DS, you must create a receiver for the logs that AD DS produces and then create a pipeline for the new receiver.

To configure a receiver for your active_directory_ds logs, specify the following fields:

What is logged

The logName is derived from the receiver IDs specified in the configuration. Detailed fields inside the LogEntry are as follows.

The active_directory_ds logs contain the following fields in the LogEntry :

Configure metrics collection

To ingest metrics from AD DS, you must create a receiver for the metrics that AD DS produces and then create a pipeline for the new receiver.

This receiver does not support the use of multiple instances in the configuration, for example, to monitor multiple endpoints. All such instances write to the same time series, and Cloud Monitoring has no way to distinguish among them.

To configure a receiver for your active_directory_ds metrics, specify the following fields:

What is monitored

The following table provides the list of metrics that the Ops Agent collects from the AD DS instance.

Verify the configuration

This section describes how to verify that you correctly configured the AD DS receiver. It might take one or two minutes for the Ops Agent to begin collecting telemetry.

To verify that AD DS logs are being sent to Cloud Logging, do the following:

1. In the Google Cloud console, go to the Logs Explorer page:

   Go to Logs Explorer

   If you use the search bar to find this page, then select the result whose subheading is Logging .

2. Enter the following query in the editor, and then click Run query :
   

   resource.type="gce_instance"
   log_id("active_directory_ds")

To verify that AD DS metrics are being sent to Cloud Monitoring, do the following:

1. In the Google Cloud console, go to the leaderboard Metrics explorer page:

   Go to Metrics explorer

   If you use the search bar to find this page, then select the result whose subheading is Monitoring .

2. In the toolbar of the query-builder pane, select the button whose name is either code MQL or code PromQL .
3. Verify that PromQL is selected in the Language toggle. The language toggle is in the same toolbar that lets you format your query.
4. Enter the following query in the editor, and then click Run query :
   

   {"workload.googleapis.com/active_directory.ds.bind.rate", monitored_resource="gce_instance"}

View dashboard

To view your AD DS metrics, you must have a chart or dashboard configured. The AD DS integration includes one or more dashboards for you. Any dashboards are automatically installed after you configure the integration and the Ops Agent has begun collecting metric data.

You can also view static previews of dashboards without installing the integration.

To view an installed dashboard, do the following:

1. In the Google Cloud console, go to the Dashboards page:

   Go to Dashboards

   If you use the search bar to find this page, then select the result whose subheading is Monitoring .

2. Select the Dashboard List tab, and then choose the Integrations category.
3. Click the name of the dashboard you want to view.

If you have configured an integration but the dashboard has not been installed, then check that the Ops Agent is running. When there is no metric data for a chart in the dashboard, installation of the dashboard fails. After the Ops Agent begins collecting metrics, the dashboard is installed for you.

To view a static preview of the dashboard, do the following:

1. In the Google Cloud console, go to the Integrations page:

   Go to Integrations

   If you use the search bar to find this page, then select the result whose subheading is Monitoring .

2. Click the Compute Engine deployment-platform filter.
3. Locate the entry for AD DS and click View Details .
4. Select the Dashboards tab to see a static preview. If the dashboard is installed, then you can navigate to it by clicking View dashboard .

For more information about dashboards in Cloud Monitoring, see Dashboards and charts .

For more information about using the Integrations page, see Manage integrations .

Install alerting policies

Alerting policies instruct Cloud Monitoring to notify you when specified conditions occur. The AD DS integration includes one or more alerting policies for you to use. You can view and install these alerting policies from the Integrations page in Monitoring.

To view the descriptions of available alerting policies and install them, do the following:

1. In the Google Cloud console, go to the Integrations page:

   Go to Integrations

   If you use the search bar to find this page, then select the result whose subheading is Monitoring .

2. Locate the entry for AD DS and click View Details .
3. Select the Alerts tab. This tab provides descriptions of available alerting policies and provides an interface for installing them.
4. Install alerting policies. Alerting policies need to know where to send notifications that the alert has been triggered, so they require information from you for installation. To install alerting policies, do the following:
   1. From the list of available alerting policies, select those that you want to install.

   2. In the Configure notifications section, select one or more notification channels. You have the option to disable the use of notification channels, but if you do, then your alerting policies fire silently. You can check their status in Monitoring, but you receive no notifications.

      For more information about notification channels, see Manage notification channels .

   3. Click Create Policies .

For more information about alerting policies in Cloud Monitoring, see Introduction to alerting .

For more information about using the Integrations page, see Manage integrations .

What's next

For a walkthrough on how to use Ansible to install the Ops Agent, configure a third-party application, and install a sample dashboard, see the Install the Ops Agent to troubleshoot third-party applications video.