Using Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Groups
Operations Manager 2007 allows you to take advantage of your investment in Active Directory Domain Services (AD DS) by enabling you to use it to assign agent-managed computers to Management Groups.
To assign computers to Management Groups by using AD DS:
The functional level of AD DS domains must be Windows 2000 native or Windows Server 2003.
Agent-managed computers and the Root Management Server must be in the same or two-way trusted domains.
Note
Regardless of whether AD DS is used to assign computers to a Management Group, Agent-managed computers and their Root Management Server and secondary Management Server must be in the same or two-way trusted domains or a gateway server must be used. For more information about gateway servers, see Gateway Server.
Following are the phases for using AD DS to assign computers to Operations Manager 2007 Management Groups.
A domain administrator uses MOMADAdmin.exe to create an AD DS container for an Operations Manager 2007 Management Group in the domains of the computers it will manage. The AD DS security group that is specified when running MOMADAdmin.exe is granted read and delete child permissions to the container. By creating a container this way, Operations Manager administrators are given the permission necessary to add Management Servers to the container and assign computers to them, without needing to be domain administrators.
An Operations Manager administrator uses the Operations Manager 2007 Agent Assignment and Failover Wizard to assign computers to Root Management Server and secondary Management Server.
Note
Domain controllers cannot be assigned to a Management Group using Active Directory Domain Services. To assign domain controllers to a Management Group, see How to Deploy the Operations Manager 2007 Agent to Windows-Based Computers from the Operations Console or select the Specify Management Group information option, as specified in How to Deploy the Operations Manager 2007 Agent Using the Agent Setup Wizard.
The Operations Manager 2007 agent is deployed using MOMAgent.msi to the desired computers and configured to get its Management Group information from Active Directory.
Note
Active Directory Integration is disabled for agents that were installed from the Operations Console. By default, Active Directory Integration is enabled for Agents installed manually using MOMAgent.msi. To disable Active Directory Integration for manual installs, use the command line parameter USE_SETTINGS_FROM_AD=0 as explained in How to Deploy the Operations Manager 2007 Agent Using MOMAgent.msi from the Command Line.
Configuring agents to get their Management Group information from AD DS is also helpful if your organization uses images to deploy computers. For example, add the Operations Management 2007 agent to the SQL Server 2005 image and configure the agent to get its Management Group information from Active Directory. When you bring up a new SQL Server 2005 server from an image, the server is automatically configured to be managed by the appropriate Operations Manager 2007 Management Group and download the applicable Management Packs.
See Also
Concepts
About Deploying Operations Manager 2007
How to Deploy the Operations Manager 2007 Agent for Agent-Management of Computers