check_ad - Nagios NRPE plugin for Active Directory health check
check_ad a Nagios NRPE plugin for Active Directory health check.
Checks domain controller functionality by using dcdiag tool from Windows Support Tools. Following dcdiag tests are performed :
services, replications, advertising, fsmocheck, ridmanager (not for RODCs), machineaccount, kccevent, frssysvol (2003 or later),
frsevent (2003 or later), sysvolcheck(2008 or later), dfsrevent (2008 or later)
Specifies that SysVol replication uses DFS instead of FRS (Windows 2008 or later)
Don't run the dc tests kccevent and frsevent, since their 24-hour scope may not be too relevant for Nagios.
Prints dcdiag command to run.
- --config config file
check_ad can be localized by using a configuration file (check_ad.config in the same directory as the plugin itself by default). This parameter can be used to specify an alternative location for the configuration file.
Produces help message.
dcdiag tool used by check_ad can produce localized output. check_ad can use a configuration file to map localized dcdiag output to pre-defined scanning patterns. The default location is check_ad.config in the same directory as the plugin itself. You can use --config option to specify an alternative location. check_ad will use English language by default if there is no configuration file. Configuration file example:
# check_ad configuration for language mappings
# replace strings right to equal signs with your localized dcdiag/netdiag output
dcdiag_connectivity = passed test connectivity
dcdiag_services = passed test services
dcdiag_replications = passed test replications
dcdiag_advertising = passed test advertising
dcdiag_fsmo = passed test fsmocheck
dcdiag_rid = passed test ridmanager
dcdiag_machine = passed test machineaccount
dcdiag_frssysvol = passed test frssysvol
dcdiag_sysvolcheck = passed test sysvolcheck
dcdiag_frsevent = passed test frsevent
dcdiag_kccevent = passed test kccevent
dcdiag_dfrsevent = passed test dfsrevent
dcdiag_warning = warning
dcdiag_failed = failed
Tevfik Karagulle http://www.itefix.net
- Nagios web site http://www.nagios.org
- Nagios NRPE documentation https://assets.nagios.com/downloads/nagioscore/docs/nrpe/NRPE.pdf
This program is distributed under the Artistic License. https://opensource.org/licenses/artistic-license.php
Version 1.8, October 2015
- changes from 1.7
- Better handling of multi line output (due to longer domain names for example)
- Remove --member check as the netdiag tool is not available as of Windows 2008
- changes from 1.6
- Do not perform RID Manager checks for RODCs (Read-Only Domain Controllers)
- changes from 1.5
- Windows 2012 server support
- Use Windows version information directly
- make localized string checks in lowercase
- changes from 1.4
- Add command line option 'dfsr'
- --verbose option to print dcdiag/netdiag commands generated
- introducing configuration file for handling localized output
- --config option to specify an alternative location for the configuration file
- member checks on W2008 systems are not performed due to non-availability of netdiag
- changes from 1.3
- Windows 2008 support (checks are done in lowercase only)
- Dropped member test 'trust' as it requires domain admin privileges thus introducing a security weakness.
- Introducing option 'nokerberos' due to netdiag bug (see Microsoft KB870692)
- changes from 1.2
- Add command line option 'noeventlog'.
- changes from 1.1
- Support for Windows 2000 domains
- Use CRITICAL instead of ERROR
- changes from 1.0
- remove sysevent test as it can be many other event producers than active directory.