Proactive Directory Performance Management

Windows Server includes several tools that help identify potential issues with system resources. When systems are not configured properly and are not assigned appropriate resources such as CPU, RAM, or disk space, systems monitoring will help you identify where bottlenecks occur.

Use the buttons below to navigate through the lesson

When you identify these bottlenecks, you then assign additional resources to the system. If the system is physical, this most often means shutting down the system; installing new resources, for example, additional memory chips; and then restarting the system.

If the system is virtual, then depending on the virtualization engine you use, you might be able to allocate new resources while the virtual machine is still running. If not, shut it down; allocate new resources, for example, an additional CPU and additional RAM; and then restart it. After the system is restarted, monitor its performance again to identify whether the new resources solved the problem.

The tools you can rely on to identify performance bottlenecks in Windows Server 2008 include:

  • Task Manager, which displays current system resource usage.
  • Event Viewer, which logs specific events, including performance related events.
  • Reliability Monitor, which tracks changes brought to the system, enabling you to identify whether a change could be the cause of a new bottleneck.
  • Performance Monitor, which collects data in either real time or at specific intervals to identify potential issues.
  • Windows System Resource Manager (WSRM), which can be used to profile specific applications to indicate which resources they need at which time. You can also use it to manage application resource allocation based on the profiles you generate.

Task Manager

The simplest of all tools to use is Task Manager. This tool provides real-time system status information and covers several key aspects of a system’s performance, including:

  • Running applications
  • Running processes
  • Running services
  • Performance, including CPU and memory usage
  • Networking, including network interface card (NIC) utilization
  • Currently logged-on users

You can access Task Manager in a variety of ways, the most common of which is to right-click the taskbar and select Task Manager. Another common method is to use the Ctrl+Alt+Delete key combination and click Task Manager when the menu choices appear. For example, this is how you would access Task Manager on Server Core because it does not include a taskbar. You can also type Taskmgr.exe at a command prompt.

When you access information regarding system performance, the Performance tab is the most useful tab.  This displays complete information about your system’s key resource usage. It details physical and kernel memory usage. This tab also includes a button that gives you access to Resource Monitor. Clicking this button will launch Resource Monitor while keeping Task Manager open.

Resource Monitor

Resource Monitor is a super Task Manager because it brings together the CPU, disk, memory, and network usage graphs in a single view. In addition, it includes expandable components for each resource, displaying details of each component so that you can identify which processes might be the culprit if issues are evident.

These two tools are ideal for on the spot verifications of resource usage. You should only rely on them if you need to identify immediately whether something is wrong with a server. For example, if the system does not have enough memory, you will immediately see that memory usage is constantly high. In this case, Windows will be forced to use on-disk virtual memory. Constant paging is a typical issue that servers with insufficient physical memory face.

Event Viewer

Another excellent indicator of system health is Windows Event Log. Windows maintains several event logs to collect information about each of the services running on a server. By default, these include the Application, Security, Setup, System, and Forwarded Events logs, all located in the Windows Logs folder. However, on a DC, you will also have additional logs that are specifically related to AD DS operation. These will be located in the Applications and Services Logs folder and will include:

  • DFS Replication, which is available in domains and forests operating in Windows Server 2008 full functional mode. If you are running your domains or forests in one of the earlier modes, the log will be for the FRS replication service.
  • Directory Service, which focuses on the operations that are specifically related to AD DS.
  • DNS Server, which lists all events related to the naming service that supports AD DS operation.

However, one of the best features of Event Log is related to Server Manager. Because it acts as the central management location for each of the roles included in Windows Server 2008, Server Manager provides custom log views that percolate all the events related to a specific server role.

For example, if you click the Active Directory Domain Services role, Server Manager will provide you with a log view that includes, amongst other things, a summary view of key events related to this service.

Event Log lists three types of events: Information, Warning, and Errors. By default, the summary view displayed under the server role will list Errors with a high priority, Warnings with a medium priority, and Information messages with the lowest priority. Therefore, Errors will always appear at the top of the summary, alerting you immediately if there is an issue with your system.

To drill down and see the event details, double-click the event itself. Events provide much more information in Windows Server 2008, Today, you get a full explanation on an event in Event Viewer, and you can link to an online database.

Reliability Monitor

Reliability Monitor tracks a computer’s stability.

Computers that have no new software installations
or failures are considered stable and can achieve the maximum system stability index of 10.

The more installations and failures that occur on a computer, the lower the system stability index drops toward a minimum value of 0.

Reliability Monitor is useful for diagnosing intermittent and long-term problems.

For example, if you were to install an application that caused the operating system to fail once a week, it would be very difficult to correlate the failures with the application installation.

With Reliability Monitor, you can quickly browse both failures and the application installations over time. If recurring failures begin shortly after an application installation, the two might be related.

The chart at the top of Reliability Monitor shows one data point for each day.

The rows below the chart show icons for successful and unsuccessful software installations, application failures, hardware failures, Windows failures, and other miscellaneous failures.

Click a day to view the day’s details in the System Stability Report below the chart.

The Reliability Monitor displays data gathered by the Reliability Analysis Component (RAC), which is implemented using RACAgent.exe. RACAgent.exe runs once an hour using a hidden scheduled task. To view the scheduled task, browse to Configuration\Task Scheduler\Task
Scheduler Library\Microsoft\Windows\RAC. Then click the View menu and select Show Hidden Tasks.

Performance Monitor

Sometimes problems and issues are not immediately recognizable and require further research to identify them. In this case, you need to rely on Performance Monitor.
This tool, located under the Diagnostic\ Reliability and Performance\Monitoring Tools node in Server Manager, is designed to track performance data on a system.

You use Performance Monitor to track particular system components either in real time or on a scheduled basis.
If you are new to Windows Server with the 2008 release, you’ll quickly find that when it comes to performance management and analysis, Performance Monitor is the tool to use.

Click the Green plus sign to add counters. Select Processor. Select counters then click Add. Add any further counters. Click OK. The counters have been added. To make it easier to view a specific counter, select a counter and press Ctrl+H. The output can be viewed in three different ways, this is the Line view. Select Histogram Bar from the drop down list. This is the Histogram Bar view. Select Report from the drop down list. The Report view, Right click Performance Monitor and select Properties.

General allows changes to display elements, report and Histogram data and sample intervals. Select the Source tab. Source allows you to select data sources; Current activity, Log files or Databases. Select the Data tab. Data allows you to add or remove counters and change the appearance of counters. Select the Graph Tab. Graph allows you to change the elements of the graph views. Select Appearance. Appearance allows you to change Colours, Fonts and Border. Click OK to close the properties box.

Data Collector Sets

Data Collector Sets gather system information, including configuration settings and performance data, and store it in a data file.
You can later use the data file to examine detailed performance data in Performance Monitor or view a report that summarizes the information.

Windows Server 2008 includes several built-in Data Collector Sets located at Data Collector Sets\System:

Active Directory Diagnostics Present only on domain controllers, this Data Collector Set logs kernel trace data, Active Directory trace data, performance counters, and Active Directory registry configuration.

LAN Diagnostics Logs network performance counters, network configuration data, and important diagnostics tracing. Use this Data Collector Set when troubleshooting complex network problems, such as network time-outs, poor network performance, or
virtual private network (VPN) connectivity problems.

System Performance Logs processor, disk, memory, and network performance counters and kernel tracing. Use this Data Collector Set when troubleshooting a slow computer or intermittent performance problems.

System Diagnostics Logs all the information included in the System Performance Data Collector Set, plus detailed system information. Use this Data Collector Set when troubleshooting reliability problems such as problematic hardware, driver failures, or Stop errors (also known as blue screens).
The report generated by the Data Collector Set provides a summary of error conditions on the system without requiring you to manually browse Event Viewer and Device Manager.

Wireless Diagnostics Present only on computers with wireless capabilities, this Data Collector Set logs the same information as the LAN Diagnostics Data Collector Set, plus information relevant to troubleshooting wireless network connections.
Use this Data Collector Set only when troubleshooting network problems that occur when connected to a wireless network.

Expand System. To use a Data Collector Set, right-click it, and then choose Start. The System Performance and System Diagnostics Data Collector Sets stop automatically after a minute, the Active Directory Diagnostics Data Collector Set stops automatically after five minutes, and the LAN Diagnostics and Wireless Diagnostics Data Collector Sets run until you stop them.

When you use Performance Monitor, you can see performance counters in real time. Data Collector Sets can record this data so that you can analyze it later in Performance Monitor.
If you either have a performance problem or you want to analyze and possibly improve the performance of a server, you can create a Data Collector Set to gather performance data.
However, for the analysis to be useful, you should always create a baseline by logging performance data before you make any changes. Then you can compare the performance before and after your adjustments.

To create a Data Collector Set, right-click User Defined, and then New>Data Collector Set. Create This New Data Collector Set page, type a name for the set. Make sure Create From A Template is selected. Then click Next.

On the Which Template Would You Like To Use page, choose from one of the standard templates (which can vary depending on the computer’s configuration) and click Next.

On the Where Would You Like The Data To Be Saved page, click Next to accept the default location for the data (%SystemDrive%\perflogs\Admin\).

On the Create New Data Collector Set page, leave Run As set to <Default> to run it using
the current user’s credentials, or click the Change button to specify other administrative

Select one of three options before clicking the Finish button:

And select Start. To view the collected data, Select the report. The report is displayed. Note in this report the server is running low on available memory. Time for some more RAM.

Windows System Resource Manager

Windows Server 2008 includes an additional tool for system resource management, WSRM, a feature that can be added through Add Features in Server Manager.
WSRM can be used in two manners.

First, it can be used to profile applications. This means that it helps identify how many resources an application requires on a regular basis. When operating in this mode, WSRM logs events in the application event log only when the application exceeds its allowed limits. This helps you fine-tune application requirements.

The second mode offered by WSRM is the manage mode.
In this mode, WSRM uses its allocation policies to control how many resources applications can use on a server.
If applications exceed their resource allocations, WSRM can even stop the application from executing and make sure other applications on the same server can continue to operate.
However, WSRM will not affect any application if combined processor resources do not exceed 70 percent utilization.
This means that when processor resources are low, WSRM does not affect any application.

WSRM also supports Alerts and Event Monitoring.
This is a powerful tool that is designed to help you control processor and memory usage on large multiprocessing servers. By default, the WSRM includes four built-in management policies, but it also includes several custom resources you can use to define your own policies.
Basically, WSRM will ensure that. high-priority applications will always have enough resources available to them for continued operation, making it a good tool for DCs.

If you use single-purpose DCs, you will not need WSRM as much as if you use multipurpose DCs. Multipurpose DCs will usually run other workloads at the same time as they run the AD DS service.
Using WSRM in this case can ensure that the AD DS service is available during peak hours by assigning it more resources than other applications.

WSRM can be used for the following scenarios:

  • Use predefined or user-defined policies to manage system resources. Resources can be allocated on a per-process, per-user, or per-IIS application pool basis.
  • Rely on calendar rules to apply your policies at different times and dates without any manual intervention.
  • Automate the resource policy selection process based on server properties, events, or even changes to available physical memory or processor count.
  • Collect resource usage information in local text files or store them in an SQL database.
WSRM Policies
Built-in Policy Description
Equal per process Assigns each application an equal amount of resources.
Equal per user Groups processes assigned to each user who is running them and assigns equal resources to each group.
Equal per session Allocates resources equally to each session connected to the system.
Equal per IIS application pool Allocates resources equally to each running IIS application pool.
Custom Resources
Built-in Policy Description
Process Matching Criteria Assigns each application an equal amount of resources.
Resource Allocation Policies Used to allocate processor and memory resources to the processes that match criteria you specify.
Exclusion lists Used to exclude applications, services, users, or groups from management by WSRM. Can also use command-line paths to exclude applications from management.
Scheduling Use a calendar interface to set time-based events to resource allocation. Supports policy-based workloads because you can set policies to be active at specific times of day, specific days, or other schedules.
Conditional policy
Used to set conditions based on specific events to determine whether policy will run.