Active Directory plug-in

The Active Directory plug-in of SSC Serv allows you to collect information about various aspects of a Directory Server, including queries, replication information and authentication.

SSC Serv is a native Windows service which collects system metrics periodically and sends them to a collectd server for processing and storage. No remote access to the Windows machine is required. The service is running on the Windows server and sends data, allowing the Windows server to be locked down tightly for maximum security. SSC Serv is very light-weight, integrates well with Windows and doesn't get in the way.

Collected metrics


Registry key AD\CollectAuth.

NTLM requests
Number of NT LAN Manager (NTLM) authentication requests handled.
Reported as AD-authentication/total_requests-NTLM
Kerberos requests
Number of Kerberos authentication requests handled.
Reported as AD-authentication/total_requests-Kerberos

Directory and Resource Administrator (DRA)

Registry key AD\CollectDra.

Number of synchronization requests made and number of pending sync requests.
Reported as:
  • AD-DRA/queue_length-Pending Replication Synchronizations
  • AD-DRA/requests-Sync Requests Made
Number of objects sent, received, filtered, applied and remaining.
Reported as:
  • AD-DRA Objects/total_objects-Outbound
  • AD-DRA Objects/total_objects-Outbound Filtered
  • AD-DRA Objects/total_objects-Inbound
  • AD-DRA Objects/total_objects-Inbound Filtered
  • AD-DRA Objects/total_objects-Inbound Applied
  • AD-DRA Objects/objects-Updates Remaining in Packet
  • AD-DRA Objects/objects-Full Sync Objects Remaining
Number of inbound properties total, applied and filtered.
Reported as:
  • AD-DRA Properties/total_objects-Inbound Total
  • AD-DRA Properties/total_objects-Inbound Applied
  • AD-DRA Properties/total_objects-Inbound Filtered
Number of inbound and outbound values total and DNS only (DN).
Reported as:
  • AD-DRA Values/total_objects-Inbound Total
  • AD-DRA Values/total_objects-Inbound DN
  • AD-DRA Values/total_objects-Outbound Total
  • AD-DRA Values/total_objects-Outbound DN

Directory Services (DS)

Registry key AD\CollectDs.

Reads and writes
Number of read and write requests handled.
Reported as:
  • AD-DS/total_operations-read
  • AD-DS/total_operations-write
Security Descriptor
Number of events handled by the Security Descriptor Propagation task.
Reported as:
  • AD-DS/queue_length-Security Descriptor Propagations Events
  • AD-DS/total_operations-Security Descriptor sub-operations
Number of threads used by the directory service.
Reported as AD-DS/threads.

DS Replication Neighbors (Experimental)

Registry key AD\CollectNeighbors.

Consecutive synchronization failures
Number of consecutive synchronization failures, per neighbor.
Reported as AD-Neighbor ${DN}/gauge-${NC} Sync Failures, where “DN” is the Distinguished Name of the neighbor and “NC” is the Naming Context which is being synchronized.


Registry key AD\CollectLdap.

Number of LDAP searches handled.
Reported as AD-LDAP/total_operations-search.
Number of LDAP bind requests.
Reported as:
  • AD-LDAP/total_operations-bind
  • AD-LDAP/response_time-bind
Number of LDAP client sessions.
Reported as AD-LDAP/current_sessions.


The Active Directory plug-in stores its configuration in the Windows Registry under the HKEY_LOCAL_MACHINE\SOFTWARE\octo\SSC Serv\AD key. The above blocks can be enabled individually, so that only relevant information is being collected. The registry keys controlling each block are noted above. Below is the “AD” subtree for reference.

    Enabled          "true"
    CollectAuth      "true"
    CollectDra       "true"
    CollectDs        "true"
    CollectLdap      "true"
    CollectNeighbors "false"