Microsoft Active Directory Insight Pack

Posted: June 24, 2015 Modified: October 9, 2015


Overview

The Microsoft Active Directory Insight Pack gives customers support to ingest data from Microsoft Active Directory logs into IBM Operations Analytics – Log Analysis. They can then use a rich set of analytical dashboards to visualize metadata and derived metrics from log content, along with performing additional queries on the content.

The following dynamic dashboards are provided to help visualize the log data and are added to the Search Dashboards pane.

Microsoft Active Directory Event Level Dashboard

This dashboard displays event log-level distribution charts for the configured time period.

Microsoft Active Directory Events Dashboard

This dashboard displays distribution charts for the top 10 events (for severe log levels, such as, critical, error, and warning) for the configured time period.

Note: The event logs are filtered to display events from the Windows event logs in the Microsoft Active Directory environment that are specific to the Microsoft Active Directory providers.

Additional information

The Insight Pack includes support for ingesting and performing metadata searches against the following log files.  A Windows server machine that is configured as a domain controller logs events in these event logs.

Directory Service event log

The Directory Service event log contains events that the Windows Active Directory service logs. For example, it contains events related to the connection problems between the server and the global catalog.

DFS Replication event log

The DFS Replication event log contains events that the Windows Distributed File System (DFS) Replication service logs. For example, it contains events related to the SYSVOL directory file replication failures and events that occur when domain controllers are updated with the information about system volume changes.

Active Directory Web Services event log:

For Windows Server 2008 R2 onwards, the Active Directory Web Services event log contains events that the Windows Active Directory Web Services (ADWS) logs. For example, it contains events related to invalid directory instance access through ADWS.

DNS Server event log:

Additionally, a Windows Server machine configured as a Domain Name System (DNS) server records events in this event log. The DNS Server event log contains events that the Windows DNS service logs.

Note: Event logs are processed using Windows OS Events Insight Pack. For more information, see Windows OS Events Insight Pack documentation.

Refer to the User Guide included in the Insight Pack for additional information on the Insight Packs and steps for installing and configuring.

Training Information

Review the following video for information on using and setting up the Insight Pack.


Overview presentation used in the training video.

View US Price & Buy

IBM Operations Analytics-Log Analysis Insight Packs for Infrastructure-Premium Install License.

Released: 11 June 2015
Version: 1.1.0.0
Cost: License Fee
Support: Supported

Resources

Product Information
Product Documentation
Documentation
Forum

Requirements

  • IBM Operations Analytics – Log Analysis version 1.3.0 or above
  • Microsoft Active Directory 2008, 2012
  • Windows OS Events Insight Pack v1.1.0.2 (for processing the event logs from Microsoft Active Directory environment).
  • Purchased “IBM Operations Analytics-Log Analysis Insight Packs for Infrastructure-Premium 1.1” License for each installed Insight Pack.

Support

This package is subject to the License terms included with the Insight Pack, along with those displayed upon download.

To report a problem with deploying this entry, entitled customers may contact the country specific IBM support channel, reference the IBM Worldwide Directory. Also use the “Support” link to access the support site for IBM Operations Analytics – Log Analysis information.