Active Directory: Average Latency
This statistic shows average latency per second for MSRPC bind operations and the following AD operations:
-
LSA lookup
-
NTLM authentication
-
Kerberos authentication
-
DC failover
-
DC monitor
-
DC discovery
-
Domain join
-
Negotiate authentication mechanism
-
Locate system's AD computer account
The AD average latency statistic should be used only to diagnose issues that might be related to smbd, and to help analyze AD performance issues and AD server latency. AD analytics should not be run continuously because they will unnecessarily consume system resources. You could generate an alert if the average latency substantially increases for a period of time, and the alert will appear on the dashboard. To set a threshold alert, see Configuring a Threshold Alert - BUI, CLI.
When to Check Active Directory Average Latency
The AD average latency statistic helps analyze AD performance issues. This statistic also helps measure latency of the various AD servers in the domain. For example, you can use the latency of the DC monitor operation to determine which AD server in a multiple-DC domain environment has a faster response. Then you can set the low-latency DC to be the preferred DC. The following figure shows that the DC monitor operation for a particular host has an average latency of 5.37ms per second.
Active Directory Average Latency Breakdowns
This statistic can be broken down by operation and result.
Table 5-8 Breakdowns of Active Directory Average Latency
| Breakdown | Description |
|---|---|
|
operation |
See the list at the beginning of this section. |
|
result |
The result of the operation. Examples:
|
The following figure shows all three variants of AD statistics: average latency, MSRPC bindings, and operations.
Further Analysis