Check fleet metrics of Azure Active Directory Domain Services

Administrators can use Azure Monitor Metrics to configure a scope for Azure Active Directory Domain Services (Azure AD DS) and gain insights into how the service is performing. You can access Azure AD DS metrics from two places:

  • In Azure Monitor Metrics, click New chart > Select a scope and select the Azure AD DS instance:

    Screenshot of how to select Azure AD DS for fleet metrics.

  • In Azure AD DS, under Monitoring, click Metrics:

    Screenshot of how to select Azure AD DS as scope in Azure Monitor Metrics.

    The following screenshot shows how to select combined metrics for Total Processor Time and LDAP searches:

    Screenshot of combined metrics in Azure Monitor Metrics.

    You can also view metrics for a fleet of Azure AD DS instances:

    Screenshot of how to select an Azure AD DS instance as the scope for fleet metrics.

    The following screenshot shows combined metrics for Total Processor Time, DNS Queries, and LDAP searches by role instance:

    Screenshot of combined metrics for an Azure AD DS instance.

Metrics definitions and descriptions

You can select a metric for more details about the data collection.

Screenshot of fleet metric descriptions.

The following table describes the metrics that are available for Azure AD DS.

Metric Description
DNS - Total Query Received/sec The average number of queries received by DNS server in each second. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
Total Response Sent/sec The average number of responses sent by DNS server in each second. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
NTDS - LDAP Successful Binds/sec The number of LDAP successful binds per second for the NTDS object. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
% Committed Bytes In Use The ratio of Memory\\Committed Bytes to the Memory\\Commit Limit. Committed memory is the physical memory in use for which space has been reserved in the paging file should it need to be written to disk. The commit limit is determined by the size of the paging file. If the paging file is enlarged, the commit limit increases, and the ratio is reduced. This counter displays the current percentage value only; it isn't an average. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
Total Processor Time The percentage of elapsed time that the processor spends to execute a non-Idle thread. It's calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread that consumes cycles when no other threads are ready to run). This counter is the primary indicator of processor activity, and displays the average percentage of busy time observed during the sample interval. It should be noted that the accounting calculation of whether the processor is idle is performed at an internal sampling interval of the system clock (10ms). On today's fast processors, % Processor Time can therefore underestimate the processor utilization as the processor may be spending much time servicing threads between the system clock sampling interval. Workload-based timer applications are one type application that is more likely to be measured inaccurately because timers are signaled just after the sample is taken. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
Kerberos Authentications The number of times that clients use a ticket to authenticate to this computer per second. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
NTLM Authentications The number of NTLM authentications processed per second for the Active Directory on this domain controller or for local accounts on this member server. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
% Processor Time (dns) The percentage of elapsed time that all of dns process threads used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
% Processor Time (lsass) The percentage of elapsed time that all of lsass process threads used the processor to execute instructions. An instruction is the basic unit of execution in a computer, a thread is the object that executes instructions, and a process is the object created when a program is run. Code executed to handle some hardware interrupts and trap conditions are included in this count. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.
NTDS - LDAP Searches/sec The average number of searches per second for the NTDS object. It's backed by performance counter data from the domain controller, and can be filtered or split by role instance.

Azure Monitor alert

You can configure metric alerts for Azure AD DS to be notified of possible problems. Metric alerts are one type of alert for Azure Monitor. For more information about other types of alerts, see What are Azure Monitor Alerts?.

To view and manage Azure Monitor alert, a user needs to be assigned Azure Monitor roles.

In Azure Monitor or Azure AD DS Metrics, click New alert and configure an Azure AD DS instance as the scope. Then choose the metrics you want to measure from the list of available signals:

Screenshot of available alerts.

The following screenshot shows how to define a metric alert with a threshold for Total Processor Time:

Screenshot of defining a threshold.

You can also configure an alert notification, which can be email, SMS, or voice call:

Screenshot of how to configure an alert notification.

The following screenshot shows a metrics alert triggered for Total Processor Time:

Screenshot of alert trigger.

In this case, an email notification is sent after an alert activation:

Screenshot of alert trigger details.

Another email notification is sent after deactivation of the alert:

Screenshot of alert resolution.

Select multiple resources

You can upvote to enable multiple resource selection to correlate data between resource types.

Screenshot of feature upvote.

Next steps