PRTG - How to Monitor Active Directory with PRTG (WMI Monitoring)
In this tutorial, you’ll learn how to monitor Active Directory health using PRTG Network Monitor with WMI monitoring.
This step-by-step guide explains how to collect detailed performance and service data from domain controllers.
WMI monitoring provides deeper visibility compared to basic SNMP monitoring.
Active Directory issues often occur silently before causing login or authentication failures.
PRTG helps IT administrators detect AD problems early with real-time monitoring and alerts.
In this video, we demonstrate how to configure WMI sensors for Active Directory correctly.
You’ll also learn how to set warning and critical alert thresholds.
Follow this guide to keep your Active Directory environment stable and reliable.
Step 1: Create a user on AD
User: it01
Step 2: Enable Windows Credentials
Enabling requirements:
The PRTG machine must join the domain.
The user used as credentials must belong to the Domain Admin group.
Step 3: Add sensors
#1. WMI Logical Disk I/O
Warning: Slow disk / I/O congestion, AD lag, slow login
The PRTG machine must join the domain.
When PRTG asks for disk:
Select the drive containing NTDS / SYSVOL
Usually: C: or D:
Do not select _Total
USED FOR ALERTS
Avg. Disk sec/Read (ms)
Avg. Disk sec/Write (ms)
Standard thresholds for Domain Controller
Channel Settings → each channel Read / Write
Status Value
Warning > 30 ms
Error > 50 ms
#2. WMI Service
NTDS (Active Directory Domain Services) Monitor Service
Core of the Domain Controller
Contains users, groups, and computers
Authentication of domain logins
Stores AD database (ntds.dit)
NTDS dead = Domain dead
User not logged in
GPO not applied
AD considered down
Do not start/restart the service (default): NTDS should not auto-restart
Thresholds:
Running = OK
Stopped = Down (Error)
No warning level required.