Another critical item that we will monitor will be the status of our respectable Active Directory, although we know that we will have him in cotton wool and we will pamper him, because Nagios or Centreon will also monitor it. Thanks to a script we will test your health on a scheduled basis, monitoring its status at all times, as well as that of the Domain Controllers, Therefore, another thing that we will get out of our heads and an automated system will do it for us, And if it fails… He warns us!

We download the latest script available from 'check_ad.vbs’ on the web by Nagios Exchange. This 'check_ad.vbs script’ will use the large DCDIAG tool to make different diagnoses in an automated way, obtaining theses of type: Replications Advertising, FSMOCHECK, RidManager or Machine Account, among others, we could edit the VBS and add some more testing if we were interested, but this is more than enough. The script is tested on both Windows-based Active Directories 2003 R2, how 2008 R2 or 2012 R2, whether in Spanish or English. But for it to work in our language, we would have to make some small changes.

This script is a Visual Basic Script or VBS, so it must be executed and saved in the domain controller itself that will do the testing. We will therefore rely on NRPE for its remote execution from the Nagios machine, If you need to review this topic, Check out This document. After saving it to the scripts folder, if we have DCs that the OS is installed in Spanish, we must modify the lines 41 and 42 indicating the text string that you will search within those variables.

[SourceCode]dim strOK : strOK = "super"
dim strNotOK : strNotOk = "not super"[/SourceCode]

And we try to run it if we want to validate it from a CMD with:

[SourceCode]cscript.exe //NoLogo check_ad.vbs[/SourceCode]

After, We will register the script that will execute and its alias, as usual, in the 'nsclient.ini' configuration files, :

[SourceCode][/settings/external scripts/scripts]
check_ad = cscript.exe //T:30 //NoLogo scripts\check_ad.vbs

[/settings/external scripts/alias]
check_ad = check_ad[/SourceCode]

Remember to restart the NSClient service after ++ to reload these changes!

And if we want to, Well, as always, we could try from the Nagios or Centreon shell to carry out the query remotely, We'd go to the plugin path and run:

[SourceCode]./check_nrpe -H DIRECCION_IP_DOMAIN_CONTROLLER -C check_ad[/SourceCode]

And now we could go to the Centreon interface and create the service that will monitor and do the health tests against our AD, “Configuration” > “Services” > “Add…” or we clone an existing one and make the following modifications:

• Description: Indicating the name that we will see in the monitoring of this check, in my case something like 'Active Directory Status'’ It will be more than clear.
• Linked with Hosts: Here we will indicate the DCs that will run this test, basically where we have left the script and modified its nsclient.ini
• Template: What I always tell you, it depends on each one, We may link it to a parent template, a generic one or one that we have previously made with general options.
• Check Command: We selected our already famous 'check_nrpe'.
• Args: We indicate the argument that is passed to the command, as we defined in the alias before, it will be 'check_ad'.

We record with “Save”, And watch out, If we don't change anything, This check will be done every 5 minutes, It's possible, that in cases like this we are not interested in checking with this frequency, so perhaps, if you run once a day it will be more than enough, Or good, whenever we want, we would indicate it in 'Normal Check Interval'.

And that's it! After exporting the configuration and restarting the services, from our Centreon we will be able to see that our Active Directory is being monitored! Now we can rest a little more and be calmer, as our Centreon or Nagios will check the health of our AD for us, and when any test I perform fails, We will find out through alerts or notifications!