The other day when I was trying to setup performance monitoring for my Domain Controller (DC), I found out that the NTDS object’s counters were missing in windows Perfmon (also called as System Monitor). Like everyone else I googled for a solution but couldn’t find a thorough procedure of enabling it. I did find some possible solutions in bits and pieces here and there, in blogs, in wikis, forums but none talked about a definite procedure. With all the clues I got from these sites combined with my own research, I managed to enable the NTDS object’s counters. This post will help those who may end up in a situation like mine.

There are two ways of enabling NTDS object’s counters;

• Export NTDS performance counters from a working DC and import them to the DC they are missing.
• Loading NTDS performance counters for the first time i.e. you don’t have another DC from where you can export them.

Lets discuss about them one by one. The steps are very much detailed so If you think you know how to perform a particular step, just skip it.

Export NTDS performance counters from another DC and import them to the server they are missing.

• Logon to the DC where NTDS counters exists, launch Regedit (Run->Regedit)

• Export the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NTDS/Performance

• While exporting the key, save it with the same name (in this case, Performance.reg) to the location of your choice.
• Copy this reg file to the DC where NTDS counters are missing.
• Logon to that server, go to location where you copied the reg file. Double click it. Click Yes on the confirmation window.

• Now you need to manually rebuild the registry values related performance counters (this is  important!). You can do this by running  C:\Windows\system32>LODCTR /R
• To see whether NTDS performance counters are populated, run C:\Windows\system32>LODCTR /Q:NTDS. The output should look something like this.

C:\Windows\system32>lodctr /q:NTDS
Performance Counter ID Queries [PERFLIB]: 
 Base Index: 0x00000737 (1847) 
 Last Counter Text ID: 0x00001794 (6036) 
 Last Help Text ID: 0x00001795 (6037) 
[NTDS] Performance Counters (Enabled) 
 DLL Name: %systemroot%\system32\ntdsperf.dll 
 Open Procedure: OpenNtdsPerformanceData 
 Collect Procedure: CollectNtdsPerformanceData 
 Close Procedure: CloseNtdsPerformanceData 
 First Counter ID: 0x000009DE (2526) 
 Last Counter ID: 0x000009DE (2526) 
 First Help ID: 0x000009DF (2527) 
 Last Help ID: 0x000009DF (2527)

• If the counters are still not shown in Perfmon after rebuilding registry, reboot the DC (if you don’t have privileges, ask your Admin), and rebuild registry again (using LODCTR /R) and you shall see the counters in Perfmon.

Load NTDS Object’s performance counters for the first time.

If you are loading NTDS object’s counters for the first time i.e. you don’t have another server from where you can export it.You can try following. I haven’t faced this situation but I believe it should work.

To load the NTDS object manually

1. Change directory to C:/Windows/System32.
2. To load the counter information into the registry, at the command prompt, type lodctr.exe ntdsctrs.ini .
3. To enable collection of performance data for Active Directory, restart your computer.

After these steps are finished, you can use the perfmon to view and monitorthe counters for the NTDS object.

To unload the NTDS object manually

1. Change directory to C:/Windows/System32.
2. To unload the counter information from the registry at the command prompt, type unlodctr.exe ntds.

If the above solutions didn’t work for you and you tried your own that worked. Please do post that in the comments. Will help others. Thank you.