This monitor verifies the availability of Active Directory using an LDAP (Lightweight Directory Access Protocol) request. It periodically binds to the Domain Controller to verify the availability using an LDAP query.
This monitor allows for monitoring of non-SSL, SSL, and both types of bindings.
Possible causes include the following:
An incorrect number of arguments are being passed to the script.
The domain controller is not setup to allow LDAP binds over SSL however the monitor is trying to perform them.
The domain controller needs resizing.
The domain controller is a bridgehead server, and it is compressing large amounts of data because a bulk load must be replicated inter-site.
The domain controller is a primary domain controller (PDC) emulator operations master, and there are either a large number of password lockouts or a large number of expired user accounts.
One or more other domain controllers failed, and their load transferred to this domain controller because it is now the closest available domain controller.
An application is placing a heavy load on the domain controller. This is usually caused by inefficient, CPU-intensive operations such as non-indexed queries.
The domain controller is critically low on memory.
The domain controller is under a denial-of-service attack.
View the error description in the alert for additional information.
View the overall system performance of the machine to determine if it needs additional resources.
Add additional domain controllers to help load-balance the load.
Ensure that there are a sufficient number of DCs in the active AD sites.
Capacity Planning for Active Directory Domain Services