Trust Monitoring

Applies To: Operations Manager 2007, Windows Server 2012

Trusts between forests and domains are fundamental to the operation of the Active Directory deployment. This management pack monitors these trusts to ensure that services and resources in your environment will be available where appropriate.

TrustMon, which is included on Windows Server 2003 domain controllers, is the Windows Management Instrumentation (WMI) trust monitoring provider. The Active Directory Monitor Trusts script uses TrustMon to enumerate the trusts on the local domain controller, and it generates alerts if any problems are found.

The Active Directory Monitor Trusts script configures the TrustMon WMI provider to return all trusts, and then it queries for all instances of the Microsoft_DomainTrustStatus object in the \root\MicrosoftActiveDirectory WMI namespace.

For each object that is returned; if the TrustType property of the object is not Downlevel or Uplevel (the other options are Kerberos Realm and DCE, which cannot be monitored effectively by TrustMon), the trust is ignored.

If the TrustType of the object indicates that it can be monitored, the TrustStatus property of the object is checked. If TrustStatus is not 0, the trust is in an error state and the trust and its TrustStatusString (a textual description of the current state of the trust) are formatted and relayed as the trust status.

After all the Microsoft_DomainTrustStatus objects have been processed, the local domain is obtained from the \root\MicrosoftActiveDirectory:Microsoft_LocalDomainInfo object.

Configuration

There are no recommended configuration settings for this scenario.