Tarek Ismail Tarek Online! http://tarek-online.blogspot.com System Center Operations manager 2007 in Egypt  

Installing and configuring Active Directory Management Pack Guide for Operations Manager 2007 •

Active Directory Management Pack contains two Management Packs: o One to monitor the domain controllers o One to monitor Active Directory clients

•

Active Directory Management Pack does not support monitoring across multiple forests.

•

Download the management pack from the following location http://go.microsoft.com/fwlink/?LinkId=82105 

•

The management pack contain 5 files : o Microsoft.Windows.Server.AD.2000.Discovery o Microsoft.Windows.Server.AD.2003.Discovery o Microsoft.Windows.Server.AD.2000.Monitoring o Microsoft.Windows.Server.AD.2003.Monitoring o Microsoft.Windows.Server.AD.Library o Microsoft.Windows.Server.AD.ClientMonitoring

•

Import the Active Directory Management Packs: o Use Administration pane o Right-click the Management Packs node o Choose Import Management Pack

•

Create new MP with Name Active Directory overrides Management Pack to hold all overrides.

•

Enable the Agency Proxy setting on all domain controllers: o Use Administration pane, click Agent Managed. o Double-click a domain controller in the list. o Click the Security tab. o Select allow this agent to act as a proxy and discover managed objects on other computers.

•

Create an account for Replication Monitoring: o Open active directory users and computers o Create account with name AD‐Repl‐Mon o

•

Add the account to domain admins Group

Create the MomLatencyMonitors container in active directory domain and application directory partition o Open adsiedit.msc o Double-click Domain [computername]. o Right-click DC=domainname,DC=com, click New, and then click Object. o In Select a class, click Container o In Value, type MomLatencyMonitors.

o o •

Click Finish. Do the same for Application partition.

Create a RunAs account and associate it with AD‐REPL‐MOM  Account Profile o

On the Administration pane, expand Security, and then click Run As Accounts.

o

on display name type AD-REPL-MOM, then click Next

o

type user name as AD-REPL-MOM , and type the password and click create

o o o o

In the Administration pane, click Run As Profiles. Double-click AD MP Account. Click the Run As Accounts tab, and then click New. Associate the AD MP Account to all domain controllers in your environment.

•

Enable client monitoring o on Authoring pane choose Groups o right-click choose Create New Group o name the group as AD Client Monitoring Group and use Active Directory overrides Management Pack o Add the entire required Server to be AD Client monitoring, and complete the wizard. o Expand Management Pack Objects > Object Discoveries > AD Client Monitoring Discovery rule o Right-click choose properties then overrides tab and click overrides “overrides for Group”. o Choose the created Group AD Client Monitoring Group. o Enable overrides and choose true and choose Active Directory overrides Management Pack then click Ok.

•

Set the Intersite Replication Latency Threshold Value o On Authoring button pane, Expand Management Pack Objects o Choose Monitors. o expand Active Directory Domain Controller Server Computer Role >Entity Health > Availability o choose AD Replication Monitoring o Right-click AD Replication Monitoring o click Overrides > click Override the Monitor > select the required group o locate the Intersite Expected Max Latency (min) property and add the new value at Override Setting column o Select a Management Pack for the override as Active Directory overrides Management Pack, click apply then Ok

•

Enable Data Collection for the Replication Latency Report o On Authoring pane Expand Management Pack > Rules > Active Directory Domain Controller Server > AD Replication Monitoring Performance Collection (Sources) o right- click and choose properties then choose overrides tab o Click overrides then click For a specific object of type. o Select the domain controllers where you want to override the rule and click OK o Override the value of enable from False to True o Change the MP to Active Directory overrides Management Pack, click Apply then Ok o Choose Rules > Active Directory Domain Controller Server > AD Replication  o

Monitoring Performance Collection (Targets). right- click and choose properties then choose overrides tab

o o o o

Click overrides then click For a specific object of type. Select the domain controllers where you want to override the rule and click OK Override the value of enable from False to True Change the MP to Active Directory overrides Management Pack, click Apply then Ok

•

Setting Parameters for Tasks o From the windows server CD install Support tools and note the installation path o Open Monitoring pane > Microsoft Windows Active Directory > Active Directory Server 2003 > DC Server 2003 State View. o In the Actions pane, right-click the task, and then click Run Task. o In the Run Task window, click Override. o In the Command Line row, click New Value, click Override.

•

If the account AD-Repl-Mon is not a domain admin account, grant the account the following permissions: o o o o o o o o o

Member of the Local Users Group Member of the Local Performance Monitor Users group Access to Windows Event logs Manage auditing and security log privilege (SeSecurityPrivilege) Generate security audits privilege (SeAuditPrivilege) Allow log on locally log on right (SeInteractiveLogonRight) Read access to the registry key HKLM\System\CurrentControlSet\Service\NTDS\Parameters. Get the location of DSA Database File and Database Log Files Path Grant the AD-Repl-Mon account a read permission to these paths.