useful tasks for the extended ad mp

if you’ve decided to start using the extended ad mp over on opsmanjam.com, you’ve probably noticed in the user guide (cough) that in order to pick up expensive/ineffecient ldap queries, you need to change some registry values.

first of all, what’s the fire engine have to do with this post?  actually nothing.  i just saw it and thought “red”.  yeah.

anyway, if you’re going to set it manually, it shows you how right here in guide:

Open the Registry Editor Locate the following Registry key – HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\15 Field Engineering and change its value to 4 or 5. Open the Operations Console, and click the Authoring button. Expand Management Pack Objects, and then click Rules. In the Rules pane, type LDAP into the Look for box, and then click Find Now. Locate the LDAP Summary Report of Expensive or Inefficient Queries and/or the An expensive or inefficient LDAP query was performed rule. Right-click the rule, click Overrides, click Override the Rule, and then click “For all objects of type: Active Directory Domain Controller Server 2003 Computer Role. Enable the Override-controlled parameter labeled Enabled and set its Override Setting to True. Target the override to a custom Management Pack and not the Default Management Pack. Click OK to save your changes.

if you’d rather create tasks, here’s the basic premise:

1. flip over to the authoring console node.
2. create a new task as type: agent tasks/command line.
3. choose the destination management pack of choice as long as it is NOT the default management pack.
4. be creative with your task name (yes, that’s sarcasm).  for example, i named mine: enable ntds field engineering diagnostics.
5. choose the task target.  i set mine to: active directory domain controller server 2003 computer role.  i did this namely so that someone wouldn’t try to point this to a regular computer.
6. full path to file: %windir%\system32\reg.exe
7. parameters: ADD HLKM\System\CurrentControlSet\Services\NTDS Diagnostics /v “15 Field Engineering” /t REG_DWORD /d 0x4 /f

for the love of all things holy, please do not forget the /f.  if you do, the task will never actually complete since the value should already exist on your domain controller.

one more thing to add, i created a task to turn this off.  all you need to do is change the parameter line to this: ADD HLKM\System\CurrentControlSet\Services\NTDS Diagnostics /v “15 Field Engineering” /t REG_DWORD /d 0x0 /f

if everything worked as planned, when you execute this task, it should look just like this: