Add-on MP for Windows 2012/2016 AD RID issuance monitoring

  • Article

Disclaimer:
The scenario described in this post and covered by the attached Add-on MPs is most likely only relevant for large enterprise customers. The MPs described in this post are not a Microsoft product and thus not covered by any Microsoft support or warranty! They should be carefully analyzed and tested in your test environment before using them in any productive SCOM Management Group.

Last week a customer pointed me to a blog post called "Managing RID Issuance in Windows Server 2012" that describes new features in Windows 2012 and onwards regarding new RID pool events created by these OS.  That blog post later made it into our official Windows Server documentation.
He asked me, if these events were covered (monitored) in our current AD Management Packs. But a quick search in our former (v6) and new (v10) AD MP revealed, that we collect only the “AD RID Pool Free Performance Collection” Perfcounter (amount of free % in the AD RID pool) and some counters that monitor the RID Master latency. But the new events described in the post are not covered by our current AD MPs.

I tried to talk my way out by saying it is highly unlikely that a customer will ever come into a situation where a RID pool gets depleted (Who has ever created one billion objects?). But unfortunately the recommendation of the blog post is unambigous:
“Automated AD health tracking systems, such as System Center Operations Manager, should monitor for these events; all are notable, and some are indicators of critical domain issues.”

So I created a little Add-On MP that contains six simple alert rules based on event collection for the Events 16653-16658. The rules are targeted against the Domain Controller role.

The MP does not contain any classes, folders or views and will work with SCOM2012R2 and SCOM2016. The contained rules will simply generate an descriptive alert if one of the critical RID events will occur on one of your targeted DC.

Because Windows 2012 DC are currently covered by either our old v6 AD MP or our new v10 MP I created three different versions of the MP:

  • Community Add-On RID issuance Monitoring for AD 2008-2012 MP v6
    Needed if you still use our v6 AD MP
  • Community Add-On RID issuance Monitoring for AD 2012 MP v10
    Needed, if you use our new v10 AD MP with Windows 2012(R2)
  • Community Add-On RID issuance Monitoring for AD 2016 MP v10
    Needed, if you use our new v10 AD MP with Windows 2016

If you use Windows 2012 and Windows 2016 on your DCs, simply import both MPs.

You can download the MPs from Technet Gallery.