Active Directory Performance Monitor - get more details?

In a domain environment, I'm showing periodic spikes in Performance Monitor counter "NTDS\DS Directory Reads/sec", and a couple others for that matter.
However I'm not sure how to get details on what is actually causing the spikes (source computer, user, what have you...)

Is there a way to view a bit deeper rather than just simply seeing a spiky graph?

I'm in 2012 R2 but the domain is 2008 R2 functional levle.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
You can enable diagnostic logging on various AD events.


Essentially you will be enabling AD Diagnostic logging, you might want to enable the following objects:

* I would start with basic logging to see which object is returning the information you are looking for, then turn up the logging noise to

1.  Security Events
2.  Directory Access
3.  Garbage Collection


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
For something like this what you will need to do is use something like WireShark and run this from your domain controller to capture packets from specific AD ports to see where the high volume is coming from.

Another good thing to do is ensure that AD Auditing is enabled as well. This is not enabled by default. I have created a HowTo for setting up and configuring AD Auditing. See my link below...

Active Directory Auditing

Once you have the above configured it should help you find the culprit.

One other thing i would like to mention is that it is possible that you don't have an adequet resources that is servicing your DC (or not enough DC's in your environment). That is also another possibility.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.