Create and Configure Operation Manager Active Directory Accounts

The System Center Operations Manager architecture for Hosted Messaging and Collaboration version 4.5 requires five Active Directory service accounts: OMAction, OMSDK, OMDataRead, OMDataWrite, and OMAdmin.

Management Server Action Account (OMAction): This account is used for collecting data from providers, running responses .The various Operations Manager 2007 server roles contain a process called MonitoringHost.exe. MonitoringHost.exe is what each server role uses to perform monitoring activities, such as executing a monitor or running a task. The account that a MonitoringHost.exe process runs as is called the action account.
SDK and Configuration Service Account (OMSDK): This account will be used by the Operations Manager SDK Service and Operations Manager Configuration Service to update and read information in the Operations Manager database. The credentials used for this account will be assigned to the sdk_user role in the Operations Manager database. The SDK and Configuration Service account must have local administrative rights on the Root Management Server computer (OMMGR01).
Data Warehouse Write Action Account (OMDataWrite): This account is assigned write permissions on the Data Warehouse database and read permissions on the Operations Manager database.
Data Reader Account (OMDataRead): This account is used to define what user SQL Reporting Services uses to run queries against the Operations Manager Reporting Data Warehouse. This account is also used for the SQL Reporting Services IIS application pool account to connect to the RMS.
Administrator Account (OMAdmin): The OMAdmin account must be added to the Windows-based Hosting Service Accounts group.

You must create these service accounts before installing System Center Operations Manager.

Tasks

Create Operation Manager Active Directory Service Accounts (OMAction, OMSDK, OMDataRead, OMDataWrite, and OMAdmin)
Add the OMAction Account to the Performance Monitor Users Group
Add the OMAction Account to the Local Administrators group on OMSQL01 and OMMGR01
Add the OMSDK Account to the Windows Authorization Access Group
Add the OMSDK Account to the Local Administrators Group on OMMGR01
Create the OMAdminAccts Global Security Group with the OMAdmin account as a member
Add the OMAdminAccts Global Security Group to the Local Administrators Group on OMMGR01 and OMSQL01
Add the OMAdmin Account to the Windows-based Hosting Service Accounts Group

Create Operation Manager Active Directory Service Accounts

Create five Active Directory service accounts: OMAction, OMSDK, OMDataRead, OMDataWrite, and OMAdmin.

Procedure W08-DWM.7: To create Operations Manager Active Directory service accounts

On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
Create five new user accounts OMAction, OMSDK, OMDataRead, OMDataWrite, and OMAdmin. Set their passwords to never expire.

Note:

The account cannot have a blank password or a password that will expire.

Note:
The account cannot have a blank password or a password that will expire.

Add the OMAction Account to the Performance Monitor Users Group

Add the OMAction account as a member of the Performance Monitor Users group on AD01.

Procedure W08-DWM.8: To add OMAction to the Performance Monitor Users group

On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
Navigate to Builtin. Add OMAction to the Performance Monitor Users group.

Add the OMAction Account to the Local Administrators group on OMSQL01 and OMMGR01

Add the OMAction account as a member of the local Administrators on OMSQL01 and OMMGR01.

Procedure W08-DWM.9: To add OMAction to the local Administrators Group on OMSQL01 and OMMGR01

On OMSQL01, open the Computer Management console and expand Local Users and Groups.
Add OMAction to the Administrators group.
Repeat the steps on OMMGR01.

Add the OMSDK Account to the Windows Authorization Access Group

Add the OMSDK account to the Windows Authorization Access Group on AD01.

Procedure W08-DWM.10: To add OMSDK to the Windows Authorization Access Group

On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
Navigate to Builtin. Add OMSDK to the Windows Authorization Access Group.

Add the OMSDK Account to the Local Administrators Group on OMMGR01

Add the OMSDK account as a member of the Administrators group on OMMGR01.

Procedure W08-DWM.11: To add OMSDK to the Local Administrators group on OMMGR01

On OMMGR01, open the Computer Management console and expand Local Users and Groups.
Add OMSDK as a member of the Administrators group.

Create the OMAdminAccts Global Security Group

Create a Global Security group in Active Directory called OMAdminAccts with the OMAdmin user as a member.

Procedure W08-DWM.12: To create the OMAdminAccts group

On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
Create a Global Security group called OMAdminAccts
Add the OMAdmin user as a member of the OMAdminAccts group.

Add the OMAdminAccts Global Security Group to the Local Administrators Group on OMMGR01 and OMSQL01

Add the OMAdminAccts group as a member of the Administrators group on OMMGR01 and OMSQL01.

Procedure W08-DWM.13: To add OMAdminAccts to the Local Administrators group on OMMGR01 and OMSQL01

On OMMGR01, open the Computer Management console and expand Local Users and Groups.
Add OMAdminAccts to the Administrators group.
Repeat the steps on OMSQL01.

Add the OMAdmin Account to the Windows-based Hosting Service Accounts Group

Add the OMAdmin account must be added to the Windows-based Hosting Service Accounts group.

Procedure W08-DWM.14: To add the OMAdmin account to the Windows-based Hosting Service Accounts group

On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
Add the OMAdmin account as a member of the Windows-based Hosting Service Accounts group.