©
2024ExtraHop Networks, Inc. All rights reserved.
Active Directory dashboard
Published: 2024-03-26
The Active Directory dashboard enables you to track Kerberos server activity for Active Directory user and
computer accounts as well as services such as global catalog and group policies.
Each chart in the Active Directory dashboard contains visualizations of of Active Directory account data
that have been generated over the selected time interval , organized by region.
The Active Directory dashboard is a built-in, system dashboard that you cannot edit, delete, or add to a
shared collection. However, you can copy a chart from the Active Directory dashboard and add it to a
custom dashboard , or you can make a copy of the dashboard and edit it to monitor metrics that are
relevant to you.
Note: From a console, you can display the Active Directory dashboard for each connected site. The
site name appears in the navigation bar; click the down arrow next to the name to pivot the
display to other sites.
The following information summarizes each region and its charts.
Account Summary
Observe the number of Active Directory accounts in your environment in the following charts:
• Total Accounts: Total number of user accounts and of computer accounts.
• Privileged Accounts: Total number of privileged accounts that successfully logged in, that received
a login error, and that sent a service access request.
Authentication Errors
Observe the number of Active Directory accounts with authentication errors in the following charts:
• User Account Errors: Total number of user account login errors due to invalid passwords, expired
passwords, and disabled accounts. Displayed as a line chart and a list chart.
• Computer Account Errors: Total number of computer account login errors due to invalid
passwords, expired passwords, and disabled accounts. Displayed as a line chart and a list chart.
• Account Errors: Total number of errors for any account type due to account lockouts and due to
time errors. Displayed as a line chart and a list chart.
Authentication Error Details
Observe details about Active Directory accounts that had authentication errors in the following
charts:
• User Accounts: Usernames associated with user accounts that failed to login. This chart also
displays the number of times each user account received an error due to an invalid password or an
expired account.
• Computer Accounts: Client IP addresses and hostnames associated with user accounts that failed
to login. This chart also displays the number of times each user account received an error due to an
invalid password or an expired account.
Ticket Granting Service
Observe transaction data associated with the Kerberos ticket granting service in the following charts:
• Transactions: Total number of service ticket requests and the number of unknown service principal
name (SPN) errors.
• Transactions: Total number of service ticket requests.
• Unknown SPN Errors by SPN: Number of unknown SPN errors listed by the SPN that sent the
error.