eG Monitoring
 

Measures reported by ADAccessDCTest

Exchange 2007 uses the Active Directory directory service site topology to determine how messages are transported in the organization.

Exchange 2007 is a site-aware application. Site-aware applications can determine their own Active Directory site membership and the Active Directory site membership of other servers by querying Active Directory. In Exchange 2007, the Microsoft Exchange Active Directory Topology service is responsible for updating the site attribute of the Exchange server object. When an Exchange server role has to determine the Active Directory site membership of another Exchange server role, it can query Active Directory to retrieve the site name.

The Mailbox server role uses Active Directory site membership information to determine which Hub Transport servers are located in the same Active Directory site as the Mailbox servers. The Mailbox server submits messages for routing and transport to a Hub Transport server that has the same Active Directory site membership as the Mailbox server. The Hub Transport server performs recipient resolution and queries Active Directory to match an e-mail address to a recipient account. The recipient account information includes the fully qualified domain name (FQDN) of the user's Mailbox server. The FQDN is used to determine the Active Directory site of the user's Mailbox server. The Hub Transport server delivers the message to Mailbox server within its same Active Directory site, or it relays the message to another Hub Transport server for delivery to a Mailbox server that is outside the Active Directory site. If there are no Hub Transport servers in the same Active Directory site as a Mailbox server, mail cannot flow to that Mailbox server.

For processing all the Active Directory queries that are required for the aforesaid transactions, the Mailbox server role once again uses site membership to determine which domain controllers and global catalog servers to use. The Mailbox server role then binds to the identified directory servers whenever it needs to read from or write to Active Directory.

Any slowdown therefore, in the communication between the Mailbox server role and the marked global catalog servers / domain controllers can significantly delay the identification of the Hub Transport server that the Mailbox server needs to interact with; this in turn can cause delays in message delivery/processing. This test periodically monitors the network connection between the mailbox server role and each identified domain controller, so that communication bottlenecks are swiftly identified and resolved.

 The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
LDAP_read_call_rate Indicates the number of Depth 0 read calls per second that were made by the mailbox server role to this domain controller. Calls/Sec  
LDAP_search_call_rate Indicates the number of LDAP Depth 1 or 2 search calls per second that were made by the mailbox server role to this domain controller. Calls/Sec  
LDAP_searches_timed_out Indicates the number of LDAP searches that timed out during the last minute on this domain controller. Timeouts/min A high value could indicate any of the following:
  • Loss of the network connection between the Mailbox server role and the Active Directory directory service domain controller
  • Non-availability of the domain controller
  • Critical issues with one/more Active Directory resources
To resolve this error, do one or more of the following:
  • Verify network connectivity between the Mailbox server and the domain controllers it uses.
  • Ensure that the domain controllers the Mailbox server uses are up and running.
  • Make sure that none of the Active Directory resource are experiencing performance issues
LDAP_fatal_errors Indicates the number of LDAP errors that caused the Exchange Active Directory Provider to close the LDAP connection without marking the domain controller down during the last minute. Errors/Min Ideally, this value should be 0.
LDAP_disconnects Indicates the number of LDAP errors that caused Exchange Active Directory Provider to mark the domain controller down during the last minute. Disconnects/Min  
User_searches_failed Indicates the number of Exchange Active Directory Provider client's searches that failed on this domain controller during the last minute. Failures/Min  
Bind_failure_rate Indicates the number of LDAP bind calls that failed during the last minute Failures/Min A large number of bind call failures is a cause for concern, as it can disrupt the execution of Active Directory queries.
Long_running_LDAP_operations Indicates the number of LDAP operations that the mailbox server performed on this domain controller that took longer than the specified threshold per minute. (Default threshold is 15 minutes.) Operations/Min A high value generally indicates performance problems on the said domain controller(s) or network congestion. To resolve this, do one or more of the following:
  • Ensure that the quality of the network link between the Mailbox server and the domain controllers is good.
  • Ensure that the domain controller is not experiencing issues in internal operations. You can investigate CPU usage, as well as disk and memory bottlenecks, on your Active Directory directory service servers.
  • Consider using a dedicated Exchange server and a global catalog server for the expansion of dynamic distribution groups and large distribution groups.
LDAP_pages_retrieve_rate Indicates the number of additional pages retrieved from this domain controller per second. Pages/sec  
Outstanding_requests Indicates the number of currently pending LDAP operations to this domain controller. Number A high value of this measure or a steady increase in this value is indicative of the poor query processing capability of the domain controller, and would warrant further investigation.
LDAP_read_time Indicates the average time (in ms) taken to send an LDAP read request to the specified domain controller and receive a response. Msecs A low value is desired for this measure. A high value or a value that increases consistently is indicative of a gradual slowdown in the domain controller.
LDAP_search_time Indicates the average time (in ms) to send an LDAP search request and receive a response. Msecs High LDAP search latencies can be caused by high remote procedure call (RPC) latencies and by increasing queues. High LDAP search latencies generally indicate one of the following problems:
  • Performance problem with the network connection to the domain controller.
  • Performance problems with the domain controller itself.
To reduce the time it takes for LDAP searches, do one or more of the following:
  • Ensure that the network performance between the Mailbox server and the domain controllers it uses is not the bottleneck.
  • Monitor the Searches/sec performance counter to see if there is an unexpected surge in the number of searches the Mailbox server is requesting from the Active Directory directory service.
  • Ensure that this domain controller is not experiencing performance problems. You can investigate CPU usage, as well as disk and memory bottlenecks, on your Active Directory servers.