Monday, November 1, 2010

SCOM 2007 R2 Active Directory Integration

SCOM Active Direcotry Integration is used to publish the Service Connection Points (SCP) in Active Directory. This will allow manually installed agents to query AD to determine which management group they belong to for automatic management when they come ‘online’.
  • Ensure the domain functional level is at least 2003
  • On the RMS, login as a DOMAIN ADMIN and open a command prompt and navigate to c:\program files\system center operations manager 2007
    • MOMADAdmin.exe syntax is MomADAdmin ManagementGroupName MOMAdminSecurityGroup PrincipalManagementServerComputerName Domain
      • ManagementGroupName is the name of the OM Management Group. For each management group to be integrated, you need to run this tool so that a separate container is created.
      • MOMAdminSecurityGroup is the name of your OM Admin Security Group
      • PrincipalManagementServerComputerName is the name of the primary management server for this group.
      • Domain is the domain name of the domain being prepared.
  • When you run the tool, the following occurs:
    • Creates an Operations Manager container under the root of the domain specified.
    • Creates a container under the Operations Manager container the tool just created with the name of the management group specified.
    • Within the management group container, the tool creates two service connection points (SCP) and one security group
  • To verify:
    • Open Active Directory Users and Computers (DSA.msc)
    • Select View\Advanced Features from the toolbar and expand the domain
    • Expand OperationsManager and select the management group name to verify the HealthServiceSCP point was created successfully for the management group.
      • Note the addition of the RMS machine account (Root Management Server) to the management group name container. (Right-click, Properties, Security tab).
  • Open the “Administration” and click the top-level Administration container in the Operations Console.
  • Click the “Configure Active Directory (AD) Integration” link under “Optional Configuration”.
  • On the “Configure Active Directory (AD) Integration” screen select “Add” and then “Next” to continue.
  • Leave "domain name" selected as the domain name. Select “Next” to continue.
  • Create inclusion criteria by selecting “Configure”.
  • If we wanted to, for example create an inclusion rule for all machines that started with EXCH (for Exchange) we would create an inclusion rule similar to the following (Enter the following ):
  • Computer name: EXCH*
  • Role: Exchange Server
  • Select “OK” to continue. Run through the rest of the screens.

No comments:

Post a Comment