Operations Manager 2007 allows you to take advantage of your investment in Active Directory Domain Services (AD DS) by enabling you to use it to assign agent-managed computers to management groups.
To assign computers to management groups by using AD DS:
- The functional level of AD DS domains must be
Windows 2000 native or Windows Server 2003.
- Agent-managed computers and the root
management server must be in the same or two-way trusted
Note Regardless of whether AD DS is used to assign computers to a management group, agent-managed computers and their root management server and secondary management server must be in the same or two-way trusted domains or a gateway server must be used. For more information about gateway servers, see Gateway Server.
Following are the phases for using AD DS to assign computers to Operations Manager 2007 management groups.
- A domain administrator uses MOMADAdmin.exe to create an AD DS
container for an Operations Manager 2007 management group in
the domains of the computers it will manage. The AD DS security
group that is specified when running MOMADAdmin.exe is granted read
and delete child permissions to the container. By creating a
container this way, Operations Manager administrators are given the
permission necessary to add management servers to the container and
assign computers to them, without needing to be domain
- An Operations Manager administrator uses the Operations Manager 2007
Agent Assignment and Failover Wizard to assign computers to
root management server and secondary management server.
Note Domain controllers cannot be assigned to a management group using Active Directory Domain Services. To assign domain controllers to a management group, see How to Deploy the Operations Manager 2007 Agent to Windows-Based Computers from the Operations Console or select the Specify management group information option, as specified in How to Deploy the Operations Manager 2007 Agent Using the Agent Setup Wizard.
- The Operations Manager 2007 agent is deployed using
MOMAgent.msi to the desired computers and configured to get its
management group information from Active Directory.
Note Active Directory Integration is disabled for agents that were installed from the Operations Console. By default, Active Directory Integration is enabled for Agents installed manually using MOMAgent.msi. To disable Active Directory Integration for manual installs, use the command line parameter USE_SETTINGS_FROM_AD=0 as explained in How to Deploy the Operations Manager 2007 Agent Using MOMAgent.msi from the Command Line.
Configuring agents to get their management group information from AD DS is also helpful if your organization uses images to deploy computers. For example, add the Operations Manager 2007 agent to the SQL Server 2005 image and configure the agent to get its management group information from Active Directory. When you bring up a new SQL Server 2005 server from an image, the server is automatically configured to be managed by the appropriate Operations Manager 2007 management group and download the applicable management packs.
Did you find this information useful? Please send your suggestions and comments about the documentation.