Giter VIP home page Giter VIP logo

newrelic-active-directory-integration's Introduction

New Relic Open Source community project banner.

New Relic Active Directory Integration

The New Relic Active Directory integration includes the configuration files required to successfully monitor the health and availability of your Active Directory environment.

Installation

Prerequisites

  • These configuration files require use of the New Relic Infrastructure Agent (NRIA) and interact with the Flex, Logging, and Windows Services capabilities of NRIA.

Process

For detailed instructions, please see the documentation.

At a high-level, installation of this integration includes the following steps.

  1. Clone this repository.
  2. Copy the contents of both integrations.d and logging.d into the associated directories on your target server.
  3. Restart the New Relic Infrastructure Agent service.

PowerShell sample

Copy files to target server

# integrations.d
Copy-Item -Path "<pathToRepo>\integrations.d\*" -Destination "C:\Program Files\New Relic\newrelic-infra\integrations.d" -Recurse

# logging.d
Copy-Item -Path "<pathToRepo>\logging.d\*" -Destination "C:\Program Files\New Relic\newrelic-infra\logging.d" -Recurse

Restart the agent

Restart-Service -Name "newrelic-infra" -Force

Directory structure

C:\Program Files\New Relic\newrelic-infra\
    ├── integrations.d
    │   ├── windows-active-directory-performance-counters.ps1
    │   ├── windows-active-directory-performance-counters.yml
    │   ├── windows-active-directory-replication-checks.yml
    │   ├── windows-active-directory-replication-failures.ps1
    │   ├── windows-active-directory-replication-partners.ps1
    │   └── windows-active-directory-services.yml
    └── logging.d
        └── windows-active-directory.yml

Details of Configuration Files

integrations.d

Performance Counters

windows-active-directory-performance-counters.yml

Configuration file for Flex.

windows-active-directory-performance-counters.ps1

PowerShell script that collects telemetry from the following Performance Counters:

COUNTER DESCRIPTION
\NTDS\AB Client Sessions Number of connected address book client sessions
\NTDS\DRA Inbound Full Sync Objects Remaining The number of objects remaining until the full synchronization is completed
\NTDS\DRA Inbound Values (DNs only)/sec The number of object property values received from inbound replication partners that are DNs that reference other objects
\NTDS\DRA Outbound Values (DNs only)/sec The number of object property values containing DNs sent to outbound replication partners
\NTDS\DRA Pending Replication Synchronizations The number of directory synchronizations that are queued for this server but not yet processed
\NTDS\DS Directory Reads/sec The number of directory reads per second
\NTDS\DS Directory Writes/sec The number of directory writes per second
\NTDS\DS Notify Queue Size The number of pending update notifications that are queued but not yet transmitted to clients
\NTDS\DS Threads in Use The current number of threads that the directory service is using
\NTDS\LDAP Active Threads The current number of threads that the LDAP subsytem of the local directory service uses
\NTDS\LDAP Bind Time The time (in milliseconds) that is taken to complete the last LDAP bind
\NTDS\LDAP Client Sessions The number of currently connected LDAP client sessions
\NTDS\LDAP Searches/sec The rate at which LDAP clients perform search operations
\NTDS\LDAP Successful Binds/sec The number of LDAP binds per second
\System\Context Switches/sec The combined rate at which all processors on the computer are switched from one thread to another
\System\Processor Queue Length The number of threads waiting to be executed in queue
See your data

In New Relic, you can query your results with this NRQL pattern:

FROM activeDirectoryHealthChecks SELECT
    latest(addressBookClientSessions),
    latest(inboundFullSyncObjectsRemaining),
    latest(draInbound),
    latest(draOutbound),
    latest(draPendingReplicationSync),
    latest(directoryReadsPerSec),
    latest(directoryWritesPerSec),
    latest(directoryNotifyQueueSize),
    latest(directoryThreadsInUse),
    latest(ldapActiveThreads),
    latest(ldapBindTime),
    latest(ldapClientSessions),
    latest(ldapSearchesPerSec),
    latest(ldapSuccessfulBindsPerSec),
    latest(contextSwitchesPerSec),
    latest(processorQueueLength)
SINCE 1 DAY AGO
LIMIT MAX

Replication Checks

windows-active-directory-replication-checks.yml

Configuration file for Flex.

windows-active-directory-replication-failures.ps1

This PowerShell script uses the Get-ADReplicationFailure cmdlet to query the latest replication failures from the Active Directory environment on the local host.

windows-active-directory-replication-partners.ps1

This PowerShell script uses the Get-ADReplicationPartnerMetadata cmdlet to query the replication partner data from the Active Directory environment on the local host.

See your data

In New Relic, you can query your replication failures with this NRQL pattern:

FROM activeDirectoryReplicationFailures SELECT
    latest(failureType) AS 'Type',
    latest(failureError) AS 'Error',
    latest(firstFailureTime) AS 'First Failure',
    latest(failureCount) AS 'Attempts Made'
FACET
    server
SINCE 1 DAY AGO
LIMIT MAX

In New Relic, you can query your replication partner results with this NRQL pattern:

FROM activeDirectoryReplicationPartners SELECT
    latest(lastReplicationAttempt) AS 'Last Attempt',
    latest(lastReplicationSuccess) AS 'Last Success'
FACET
    server AS 'Source',
    partner AS 'Partner',
    if(lastReplicationSuccess != lastReplicationAttempt, 'Failed Replication', 'Successful Replication') AS 'Current Status'
SINCE 1 DAY AGO
LIMIT MAX

Services

windows-active-directory-services.yml

This configuration file for the Windows services integration collects the status of the following services:

SERVICE NAME DESCRIPTION
ADWS Active Directory Web Services
DFS Distributed File System
DFSR DFS Replication
DNS DNS Server
Dnscache DNS Client
IsmServ Intersite Messaging
kdc Kerberos Key Distribution Center
lanmanserver Server
lanmanworkstation Workstation
Netlogon Net logon
NTDS Active Directory Domain Services
RpcSs Remote Procedure Call (RPC)
SamSs Security Accounts Manager
W32Time Windows Time
See your data

In New Relic, you can query your results with this NRQL pattern:

FROM Metric SELECT
    latest(timestamp) AS 'Reporting Time',
    latest(state) AS 'Current State',
    latest(start_mode) AS 'Start Mode'
FACET
    hostname AS 'Host',
    display_name AS 'Display Name',
    service_name AS 'Service Name',
    process_id AS 'Parent PID',
    run_as AS 'Service Account'
WHERE label.primary_app = 'active_directory'
SINCE 1 DAY AGO
LIMIT MAX

logging.d

Event Logs

windows-active-directory.yml

This configuration file for the NRIA logging integration collects the following Event Logs:

CHANNEL EVENT ID DESCRIPTION
Security 4609 Windows is shutting down
Security 4616 The system time was changed
Security 4625 An account failed to log on
Security 4648 A logon was attempted using explicit credentials
Security 4649 A replay attach was detected
Security 4950 An IPsec Main Mode security association was established
Security 4697 A service was installed in the system
Security 4713 Kerberos policy was changed
Security 4714 Encrypted data recovery policy was changed
Security 4719 System audit policy was changed
Security 4720 A user account was created
Security 4723 An attempt was made to change an account's password
Security 4724 An attempt was made to reset an accounts password
Security 4725 A user account was disabled
Security 4726 A user account was deleted
Security 4738 A user account was changed
Security 4739 Domain Policy was changed
Security 4740 A user account was locked out
Security 4781 A computer account was created
System 1083 The security descriptor version number could not be determined
System 1202 Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done
System 1265 The attempt to establish a replication link for the following writable directory partition failed
System 1311 The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition
System 1388 During the past [number] days; replication errors in one or more directory partitions have caused replication to be disabled for the specified naming context on the current domain controller
System 1645 Active Directory Domain Services has detected that the domain is still using the default password for the 'Administrator' account
System 5805 The session setup from the computer [computer name] failed to authenticate
System 5807 During the past [number] days; there have been a few replication errors in the forest. There may be network or connectivity problems in the forest
See your data

In New Relic, you can query your results with this NRQL pattern:

FROM Log SELECT
  hostname AS 'Host',
  Channel,
  EventID,
  message AS 'Message'
WHERE logtype = 'active_directory'
SINCE 1 DAY AGO
LIMIT MAX

Support

New Relic hosts and moderates an online forum where you can interact with New Relic employees as well as other customers to get help and share best practices. Like all official New Relic open source projects, there's a related Community topic in the New Relic Explorers Hub. You can find this project's topic/threads HERE.

Contribute

We encourage your contributions to improve [project name]! Keep in mind that when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. You only have to sign the CLA one time per project.

If you have any questions, or to execute our corporate CLA (which is required if your contribution is on behalf of a company), drop us an email at [email protected].

A note about vulnerabilities

As noted in our security policy, New Relic is committed to the privacy and security of our customers and their data. We believe that providing coordinated disclosure by security researchers and engaging with the security community are important means to achieve our security goals.

If you believe you have found a security vulnerability in this project or any of New Relic's products or websites, we welcome and greatly appreciate you reporting it to New Relic through HackerOne.

If you would like to contribute to this project, review these guidelines.

To all contributors, we thank you! Without your contribution, this project would not be what it is today. We also host a community project page dedicated to Project Name.

License

New Relic Active Directory Integration is licensed under the Apache 2.0 License.

newrelic-active-directory-integration's People

Contributors

thezackm avatar jbeveland27 avatar mesverrum avatar

Stargazers

Pat B. avatar Juraj Polovic avatar ZmijanM avatar avatar

Watchers

James Cloos avatar Corey Arnold avatar Zack Stickles avatar Clinton avatar Gil Rice avatar Shahram Khazai avatar Amit Yathirajadasan avatar avatar avatar avatar ZmijanM avatar

Forkers

ghas-results newrelic-csec

newrelic-active-directory-integration's Issues

[Repolinter] Open Source Policy Issues

Repolinter Report

🤖This issue was automatically generated by repolinter-action, developed by the Open Source and Developer Advocacy team at New Relic. This issue will be automatically updated or closed when changes are pushed. If you have any problems with this tool, please feel free to open a GitHub issue or give us a ping in #help-opensource.

This Repolinter run generated the following results:

❗ Error ❌ Fail ⚠️ Warn ✅ Pass Ignored Total
0 0 1 6 0 7

Warning #

Click to see rules

⚠️ third-party-notices-file-exists #

A THIRD_PARTY_NOTICES.md file can be present in your repository to grant attribution to all dependencies being used by this project. This document is necessary if you are using third-party source code in your project, with the exception of code referenced outside the project's compiled/bundled binary (ex. some Java projects require modules to be pre-installed in the classpath, outside the project binary and therefore outside the scope of the THIRD_PARTY_NOTICES). Please review your project's dependencies and create a THIRD_PARTY_NOTICES.md file if necessary. For JavaScript projects, you can generate this file using the oss-cli. For more information please visit https://docs.google.com/document/d/1y644Pwi82kasNP5VPVjDV8rsmkBKclQVHFkz8pwRUtE/view. Did not find a file matching the specified patterns. Below is a list of files or patterns that failed:

  • THIRD_PARTY_NOTICES*
  • THIRD-PARTY-NOTICES*
  • THIRDPARTYNOTICES*

Passed #

Click to see rules

license-file-exists #

Found file (LICENSE). New Relic requires that all open source projects have an associated license contained within the project. This license must be permissive (e.g. non-viral or copyleft), and we recommend Apache 2.0 for most use cases. For more information please visit https://docs.google.com/document/d/1vML4aY_czsY0URu2yiP3xLAKYufNrKsc7o4kjuegpDw/edit.

readme-file-exists #

Found file (README.md). New Relic requires a README file in all projects. This README should give a general overview of the project, and should point to additional resources (security, contributing, etc.) where developers and users can learn further. For more information please visit https://github.com/newrelic/open-by-default.

readme-starts-with-community-header #

The first 5 lines contain all of the requested patterns. (README.md). The README of a community project should have a community project header at the start of the README. If you already have a community project header and this rule is failing, your header may be out of date, and you should update your header with the suggested one below. For more information please visit https://opensource.newrelic.com/oss-category/.

readme-contains-link-to-security-policy #

Contains a link to the security policy for this repository (README.md). New Relic recommends putting a link to the open source security policy for your project (https://github.com/newrelic/<repo-name>/security/policy or ../../security/policy) in the README. For an example of this, please see the "a note about vulnerabilities" section of the Open By Default repository. For more information please visit https://nerdlife.datanerd.us/new-relic/security-guidelines-for-publishing-source-code.

readme-contains-forum-topic #

Contains a link to the appropriate forum.newrelic.com topic (README.md). New Relic recommends directly linking the your appropriate forum.newrelic.com topic in the README, allowing developer an alternate method of getting support. For more information please visit https://nerdlife.datanerd.us/new-relic/security-guidelines-for-publishing-source-code.

code-of-conduct-should-not-exist-here #

New Relic has moved the CODE_OF_CONDUCT file to a centralized location where it is referenced automatically by every repository in the New Relic organization. Because of this change, any other CODE_OF_CONDUCT file in a repository is now redundant and should be removed. Note that you will need to adjust any links to the local CODE_OF_CONDUCT file in your documentation to point to the central file (README and CONTRIBUTING will probably have links that need updating). For more information please visit https://docs.google.com/document/d/1y644Pwi82kasNP5VPVjDV8rsmkBKclQVHFkz8pwRUtE/view. Did not find a file matching the specified patterns. All files passed this test.

Problem with printing multiple replication partners/failures

Description

When Get-ADReplicationPartnerMetadata command retrieves data with multiple partners, script fails to instantiate them and store them properly into results object. As NoteProperty is defined by a Name-Value pair, the script throws 'MemberAlreadyExists' errors in the output which are improperly ingested into New Relic. Only first partner is later printed in the standard output.

We observed the same behavior with script for Replication Failures as it uses the same logic.

image

Steps to Reproduce

Running script in and environment with multiple replication partners / failures.

Expected Behavior

Multiple partners should be added into results object so it can be defined as an array:

$results=@()

In the foreach loop, a partner can be declared as a new object:

$results += New-Object -TypeName psobject -Property @{
    partner=$p.Partner.Split( ',' )[ 1 ].Trim().Replace( 'CN=', '');
    lastReplicationAttempt=$p.LastReplicationAttempt.ToString("MM/dd/yyyy h:mm:ss tt");
    lastReplicationSuccess=$p.LastReplicationSuccess.ToString("MM/dd/yyyy h:mm:ss tt");
    server=$p.Server
}

Relevant Logs / Console output

Add-Member : Cannot add a member with the name "partner" because a member with that name already exists. To overwrite the member 
anyway, add the Force parameter to your command.
At C:\Program Files\New Relic\newrelic-infra\integrations.d\windows-active-directory-replication-partners.ps1:42 char:20
+ ...  $results | Add-Member -MemberType NoteProperty -Name 'partner' -Valu ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (@{partner=PARTNER2}:PSObject) [Add-Member], InvalidOperationExcepti 
   on
    + FullyQualifiedErrorId : MemberAlreadyExists,Microsoft.PowerShell.Commands.AddMemberCommand
 
Add-Member : Cannot add a member with the name "lastReplicationAttempt" because a member with that name already exists. To 
overwrite the member anyway, add the Force parameter to your command.
At C:\Program Files\New Relic\newrelic-infra\integrations.d\windows-active-directory-replication-partners.ps1:43 char:20
+ ...  $results | Add-Member -MemberType NoteProperty -Name 'lastReplicatio ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (@{partner=PARTNER2}:PSObject) [Add-Member], InvalidOperationExcepti 
   on
    + FullyQualifiedErrorId : MemberAlreadyExists,Microsoft.PowerShell.Commands.AddMemberCommand

Add-Member : Cannot add a member with the name "lastReplicationSuccess" because a member with that name already exists. To 
overwrite the member anyway, add the Force parameter to your command.
At C:\Program Files\New Relic\newrelic-infra\integrations.d\windows-active-directory-replication-partners.ps1:44 char:20
+ ...  $results | Add-Member -MemberType NoteProperty -Name 'lastReplicatio ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (@{partner=PARTNER2}:PSObject) [Add-Member], InvalidOperationExcepti 
   on
    + FullyQualifiedErrorId : MemberAlreadyExists,Microsoft.PowerShell.Commands.AddMemberCommand
 
Add-Member : Cannot add a member with the name "server" because a member with that name already exists. To overwrite the member 
anyway, add the Force parameter to your command.
At C:\Program Files\New Relic\newrelic-infra\integrations.d\windows-active-directory-replication-partners.ps1:45 char:20
+ ...  $results | Add-Member -MemberType NoteProperty -Name 'server' -Value ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (@{partner=PARTNER2}:PSObject) [Add-Member], InvalidOperationExcepti 
   on
    + FullyQualifiedErrorId : MemberAlreadyExists,Microsoft.PowerShell.Commands.AddMemberCommand

Your Environment

PowerShell version: 5.1.17763.4644

Additional context

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.