if you’ve decided to start using the extended ad mp over on opsmanjam.com, you’ve probably noticed in the user guide (cough) that in order to pick up expensive/ineffecient ldap queries, you need to change some registry values.
first of all, what’s the fire engine have to do with this post? actually nothing. i just saw it and thought “red”. yeah.
anyway, if you’re going to set it manually, it shows you how right here in guide:
- Open the Registry Editor
- Locate the following Registry key – HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\15 Field Engineering and change its value to 4 or 5.
- Open the Operations Console, and click the Authoring button.
- Expand Management Pack Objects, and then click Rules.
- In the Rules pane, type LDAP into the Look for box, and then click Find Now.
- Locate the LDAP Summary Report of Expensive or Inefficient Queries and/or the An expensive or inefficient LDAP query was performed rule.
- Right-click the rule, click Overrides, click Override the Rule, and then click “For all objects of type: Active Directory Domain Controller Server 2003 Computer Role.
- Enable the Override-controlled parameter labeled Enabled and set its Override Setting to True.
- Target the override to a custom Management Pack and not the Default Management Pack. Click OK to save your changes.
if you’d rather create tasks, here’s the basic premise:
- flip over to the authoring console node.
- create a new task as type: agent tasks/command line.
- choose the destination management pack of choice as long as it is NOT the default management pack.
- be creative with your task name (yes, that’s sarcasm). for example, i named mine: enable ntds field engineering diagnostics.
- choose the task target. i set mine to: active directory domain controller server 2003 computer role. i did this namely so that someone wouldn’t try to point this to a regular computer.
- full path to file: %windir%\system32\reg.exe
- parameters: ADD HLKM\System\CurrentControlSet\Services\NTDS Diagnostics /v “15 Field Engineering” /t REG_DWORD /d 0x4 /f
for the love of all things holy, please do not forget the /f. if you do, the task will never actually complete since the value should already exist on your domain controller.
one more thing to add, i created a task to turn this off. all you need to do is change the parameter line to this: ADD HLKM\System\CurrentControlSet\Services\NTDS Diagnostics /v “15 Field Engineering” /t REG_DWORD /d 0x0 /f
if everything worked as planned, when you execute this task, it should look just like this: