Anda di halaman 1dari 3

NAME check_ad - Nagios NRPE plugin for Active Directory health check SYNOPSIS check_ad [--dc] [--member] [--dfsr]

[--noeventlog] [--nokerberos] [--verbose] [--config *config file*] [--help] DESCRIPTION check_ad a Nagios NRPE plugin for Active Directory health check. OPTIONS --dc Checks domain controller functionality by using *dcdiag* tool from Windows Support Tools. Following dcdiag tests are performed : services, replications, advertising, fsmocheck, ridmanager, machineaccou nt, kccevent, frssysvol (2003 or later), frsevent (2003 or later), sysvolcheck(2 008 or later), dfsrevent (2008 or later) --member Checks domain member functionality by using *netdiag* tool from Windows Support Tools (Not available on Windows 2008 or later). Following netdiag tests are performed : member, netbt, dns, dsgetdc, ldap, kerberos --dfsr Specifies that SysVol replication uses DFS instead of FRS (Windows 2008 or later) --noeventlog Don't run the dc tests kccevent and frsevent, since their 24-hour scope may not be too relevant for Nagios. --verbose Prints netdiag/dcdiag commands to run. --nokerberos Don't run the member test kerberos due to netdiag bug (See Microsoft KB870692) --config *config file* check_ad can be localized by using a configuration file (*check_ad.config* in the same directory as the plugin itself by default). This parameter can be used to specify an alternative location for the configuration file. --help Produces help message. CONFIGURATION FILE dcdiag/netdiag tools used by check_ad can produce localized output. check_ad can use a configuration file to map localized dcdiag/netdiag output to pre-defined scanning patterns. The default location is *check_ad.config* in the same directory as the plugin itself. You can use *--config* option to specify an alternative location. check_ad will use English language by default if there is no configuration file. Configuration file example: # check_ad configuration for language mappings

# replace strings right to equal signs with your localized dcdiag/netdiag ou tput [Language] dcdiag_connectivity dcdiag_services dcdiag_replications dcdiag_advertising dcdiag_fsmo dcdiag_rid dcdiag_machine dcdiag_frssysvol dcdiag_sysvolcheck dcdiag_frsevent dcdiag_kccevent dcdiag_dfrsevent dcdiag_warning dcdiag_failed netdiag_global_results netdiag_domain_membership netdiag_netbt_transports netdiag_dns : passed netdiag_dc_discovery netdiag_ldap : passed netdiag_kerberos . . : passed netdiag_warning netdiag_fatal EXIT VALUES 0 OK 1 WARNING 2 CRITICAL 3 UNKNOWN AUTHOR Tevfik Karagulle <http://www.itefix.no> SEE ALSO Nagios web site <http://www.nagios.org> Nagios NRPE documentation <http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf> DCDIAG documentation <http://technet2.microsoft.com/windowsserver/en/library/f7396ad6-0baa-4e6 6-8d18-17f83c5e4e6c1033.mspx> NETDIAG documentation <http://technet2.microsoft.com/windowsserver/en/library/cf4926db-87ea-4f7 a-9806-0b54e1c00a771033.mspx> COPYRIGHT This program is distributed under the Artistic License. <http://www.opensource.org/licenses/artistic-license.php> VERSION Version 1.6, February 2013 CHANGELOG changes from 1.5 = passed test connectivity = passed test services = passed test replications = passed test advertising = passed test fsmocheck = passed test ridmanager = passed test machineaccount = passed test frssysvol = passed test sysvolcheck = passed test frsevent = passed test kccevent = passed test dfsrevent = warning = failed = global results: = domain membership test . . . . . . : passed = netbt transports test. . . . . . . : passed = dns test . . . . . . . . . . . . . = dc discovery test. . . . . . . . . : passed = ldap test. . . . . . . . . . . . . = kerberos test. . . . . . . . . . . = warning = fatal

- Windows 2012 server support - Use Windows version information directly - make localized string checks in lowercase changes from 1.4 - Add command line option 'dfsr' - --verbose option to print dcdiag/netdiag commands generated - introducing configuration file for handling localized output - --config option to specify an alternative location for the configurati on file - member checks on W2008 systems are not performed due to non-availabili ty of netdiag changes from 1.3 - Windows 2008 support (checks are done in lowercase only) - Dropped member test 'trust' as it requires domain admin privileges thu s introducing a security weakness. - Introducing option 'nokerberos' due to netdiag bug (see Microsoft KB87 0692) changes from 1.2 - Add command line option 'noeventlog'. changes from 1.1 - Support for Windows 2000 domains - Use CRITICAL instead of ERROR changes from 1.0 - remove sysevent test as it can be many other event producers than acti ve directory.