Use Amazon CloudWatch metrics to determine when to add domain controllers - Amazon Directory Service
Amazon Managed Microsoft AD performance counters
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use Amazon CloudWatch metrics to determine when to add domain controllers

Load balancing across all of your domain controllers is important for the resilience and performance of your directory. To help you optimize the performance of your domain controllers in Amazon Managed Microsoft AD, we recommend that you first monitor important metrics in CloudWatch to form a baseline. During this process, you analyze your directory over time to identify your average and peak directory utilization. After determining your baseline, you can monitor these metrics on a regular basis to help determine when to add a domain controller to your directory. For more information, see Monitor your domain controllers with performance metrics.

The following metrics are important to monitor on a regular basis. For a full list of available domain controller metrics in CloudWatch, see Amazon Managed Microsoft AD performance counters.

  • Domain controller-specific metrics, such as:

    • Processor

    • Memory

    • Logical Disk

    • Network Interface

  • Amazon Managed Microsoft AD directory-specific metrics, such as:

    • LDAP searches

    • Binds

    • DNS queries

    • Directory reads

    • Directory writes

For instructions on how to set up domain controller metrics using the CloudWatch console, see How to automate Amazon Managed Microsoft AD scaling based on utilization metrics in the Amazon Security Blog. For general information about metrics in CloudWatch, see Using Amazon CloudWatch metrics in the Amazon CloudWatch User Guide.

For general information about domain controller planning, see Capacity planning for Active Directory Domain Services on the Microsoft website.

Amazon Managed Microsoft AD performance counters

The following table lists all performance counters available in Amazon CloudWatch for tracking domain controller and directory performance in Amazon Managed Microsoft AD.

Metric category Metric name
Database ==> Instances (NTDSA) Database Cache % Hit
I/O Database Reads Average Latency
I/O Database Reads/sec
I/O Log Writes Average Latency
DirectoryServices (NTDS) LDAP Bind Time
DRA Pending Replication Operations
DRA Pending Replication Synchronizations
DNS Recursive Queries/sec
Recursive Query Failure/sec
TCP Query Received/sec
Total Query Received/sec
Total Response Sent/sec
UDP Query Received/sec
LogicalDisk Avg. Disk Queue Length
% Free Space
Memory % Committed Bytes in Use
Long-Term Average Standby Cache Lifetime (s)
Network Interface Bytes Sent/sec
Bytes Received/sec
Current Bandwidth
NTDS ATQ Estimated Queue Delay
ATQ Request Latency
DS Directory Reads/Sec
DS Directory Searches/Sec
DS Directory Writes/Sec
LDAP Client Sessions
LDAP Searches/sec
LDAP Successful Binds/sec
Processor % Processor Time
Security System-Wide Statistics Kerberos Authentications
NTLM Authentications