Hi, I want to know threshold values for NTDS Object counters like: DS Client Binds Per Sec DS Client Name Translation per Sec DS Directory Reads per Sec DS Directory Searches per sec DS Directory Writes per sec DS Monitor List Size DS Name Cache Hit Rate DS Notify Queue Size LSA Reads LSA Searches LSA Writes NSPI Reads NSPI Searches NSPI Writes ... ... ... Is there any threshold values are defined for these counters? Or how can anyone define threshold values for above counters? Raman

1. Have not seen any specific values yet. My guess is that it is individual for you system and you should start from baseline values. 2. Not directly the response to your question, but very close is a measure of risk and health. Unfortunaltely this is for some customers, see http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=19464 Regards Milos

How can anyone define threshold values for above counters?Raman

How can anyone define threshold values for above counters? Raman Hello, I hope this information will be helpful. NTDS: Counter Description DRA Inbound Bytes Compressed (Between Sites, After Compression)/sec The compressed size (in bytes) of compressed replication data inbound from directory system agents (DSAs) in other sites (per second). DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec The uncompressed size (in bytes) of compressed replication data inbound from DSAs in other sites (per second). DRA Inbound Bytes Not Compressed (Within Site)/sec The uncompressed size (in bytes) of replication data that was not compressed at the source - that is, inbound from other DSAs in the same site (per second). DRA Inbound Bytes Total/sec The total number of bytes (per second) received through replication. It is the sum of the number of bytes of uncompressed data (never compressed) and compressed data (after compression). DRA Inbound Full Sync Objects Remaining The number of objects remaining until the full synchronization process is completed. DRA Inbound Objects/sec The number of objects received (per second) through inbound replication from replication partners. DRA Inbound Objects Applied/sec The number of objects received (per second) from replication partners and applied by the local directory service. This counter excludes changes that are received but not applied (for example, when the update is already made). This counter indicates how many replication updates are occurring on the server as a result of changes generated on other servers. DRA Inbound Objects Filtered/sec The number of objects received (per second) from replication partners that contained no updates that needed to be applied. DRA Inbound Object Updates Remaining in Packet The number of object updates received in the current directory replication update packet that have not yet been applied to the local server. This counter tells you whether the monitored server is receiving changes, but is taking a long time applying them to the database. DRA Inbound Properties Applied/sec The number of changes (per second) to object properties that are applied through inbound replication as a result of reconciliation logic. DRA Inbound Properties Filtered/sec The number of changes (per second) to object properties received during the replication that are already made. DRA Inbound Properties Total/sec The total number of changes (per second) to object properties received from replication partners. DRA Inbound Values (DNs only)/sec The number of values of object properties received (per second) from replication partners in which the values are for object properties that belong to distinguished names. This number includes objects that reference other objects. Values for distinguished names, such as group or distribution list memberships, are more expensive to apply than other kinds of values because a group or distribution list object can include hundreds or thousands of members. In contrast, a simple object might have only one or two attributes. A high number from this counter might explain why inbound changes are slow to be applied to the database. DRA Inbound Values Total/sec The total number of values of object properties received (per second) from replication partners. Each inbound object has one or more properties, and each property has zero or more values. A value of zero indicates that the property is to be removed. DRA Outbound Bytes Compressed (Between Sites, After Compression)/sec The compressed size (in bytes) of compressed replication data that is outbound to DSAs in other sites (per second). DRA Outbound Bytes Compressed (Between Sites, Before Compression)/sec The uncompressed size (in bytes) of compressed replication data outbound to DSAs in other sites (per second). DRA Outbound Bytes Not Compressed (Within Site)/sec The uncompressed size (in bytes) of outbound replication data that was not compressed - that is, outbound to DSAs in the same site - per second. DRA Outbound Bytes Total/sec The total number of bytes sent per second. It is the sum of the number of bytes of uncompressed data (never compressed) and compressed data (after compression). DRA Outbound Objects Filtered/sec The number of objects (per second) acknowledged by outbound replication partners that required no updates. This counter includes objects that the outbound partner did not already have. DRA Outbound Objects/sec The number of objects sent (per second) though outbound replication to replication partners. DRA Outbound Properties/sec The number of properties sent per second. This counter tells you whether a source server is returning objects or not. Sometimes, the server might stop working correctly and not return objects quickly or at all. DRA Outbound Values (DNs only)/sec The number values of object properties sent (per second), to replication partners in which the values are for object properties that belong to distinguished names. Values for distinguished names, such as group or distribution list memberships, are more expensive to apply than other kinds of values because a group or distribution list object can include hundreds or thousands of members. In contrast, a simple object might have only one or two attributes. DRA Outbound Values Total/sec The total number of values of object properties sent (per second), to replication partners. DRA Remaining Replication Updates The number of changes to objects that have been received in the current directory replication update packet for the DRA that have not yet been applied to the local server. A sharp decline in the rate at which objects are applied to the database indicates normal operation, while a gradual decline indicates that complex objects are being applied. This counter is a helpful gauge of whether a server is slow to replicate. DRA Pending Replication Synchronizations The number of directory synchronizations that are queued for this server that are not yet processed. This counter helps in determining replication backlog - the larger the number, the larger the backlog. DRA Sync Requests Made The number of synchronization requests made to replication partners since computer was last restarted. DS Security Descriptor Suboperations/sec The number of suboperations (per second) of security descriptor propagation. One operation of security descriptor propagation comprises many suboperations. There is approximately one suboperation for each object that the propagation operation causes the propagator to examine. DS Security Descriptor Propagation Events The number of events of Security Descriptor Propagation that are queued but not yet processed. DS Threads in Use The current number of threads in use by the directory service (different from the number of threads in the directory service process). This counter represents the number of threads currently servicing API calls by clients, and you can use it to determine whether additional CPUs would be beneficial. LDAP Client Sessions The number of sessions of connected LDAP clients. LDAP Bind Time The time (in milliseconds) required for the completion of the last successful LDAP binding. Kerberos Authentications/sec The number of times per second that clients use a client ticket to this domain controller to authenticate to this domain controller. NTLM Authentications/sec The number of NTLM authentications (per second) serviced by this domain controller. LDAP Successful Binds/sec The number LDAP bindings (per second) that occurred successfully. LDAP Searches/sec The number of search operations per second performed by LDAP clients. FRS: Object Description FileReplicaConn Performance statistics for the Replicaconn object that defines replica connections to Dfs roots. FileReplicaSet Performance statistics for the Replicaset object that defines a replica set.Cristian Neira

Hi, The links as below should be helpful: Active Directory Management Pack Scripts http://technet.microsoft.com/en-us/library/cc180916.aspx NTDS Object http://technet.microsoft.com/en-us/library/cc961942.aspx Best Regards, Yan Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, The links as below should be helpful: Active Directory Management Pack Scripts http://technet.microsoft.com/en-us/library/cc180916.aspx NTDS Object http://technet.microsoft.com/en-us/library/cc961942.aspx Best Regards, Yan Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.