How to Create an Active Directory Domain Services Container for an Operations Manager 2007 Management Group
You can use the following command-line syntax and procedure to create an Active Directory Domain Service (AD DS) container for an Operations Manager 2007 Management Group. MOMADAdmin.exe is provided for this purpose and is installed with the Operations Manager 2007 Management Server. MOMADAdmin.exe must be run by an administrator of the specified domain. It can be run on a computer running Microsoft Windows 2000 SP4, Windows XP SP2, and Windows Server 2003 with Microsoft .NET Framework 2.0 installed.
Command line syntax:
<path>\MOMDAdmin.exe <ManagementGroupName> <MOMAdminSecurityGroup> <RootManagementServerComputerName or RunAsAccount> <Domain>
Important
You must put a value inside quotation marks if the value contains a space.
ManagementGroupName is the name of the Management Group for which an AD container is being created.
MOMAdminSecurityGroup is a domain security group, domain\security_group format, which is a member of the Operations Managers Administrators security role for the Management Group.
For Active Directory integration to work, the security group must be either a global security group (if Active Directory integration needs to function in multiple domains with 2 way trusts) or a local domain group (if Active Directory integration is only used in one domain)
To make a security group to be Management Group Operations Manager Group Administrator, use the following procedure.
- In Operations Console, select Administration.
- In the Administration pane, select User Roles under Security.
- In User Roles, select Operations Manager Administrators and click the Properties action or right click Operations Manager Administrators and select Properties.
- Click Add to open the Select Group dialog box.
- Select the desired security group, and then click OK to close the dialog box.
- Click OK to close User Role Properties.
Note
We recommend one security group, which might contain several groups, be used for the Operations Manager 2007 Administrators role. That way, groups and members of groups can be added and removed from groups without a domain administrator needing to perform manual steps to assign them Read and Delete Child permissions to the Management Group container.
RootManagementServerComputerName or RunAsAccount.
- RootManagementServerComputerName: The value must be the computer name, domain\computer_name format, of the root Management Server for the Management Group. For information about identifying the Root Management Server, see How to Identify the Root Management Server for an Operations Manager 2007 Management Group.
- RunAsAccount: Reserved for future use.
Domain is the name of the domain in which the Management Group container will be created. MOMADAdmin.exe can be run across domains only if a two-way trust exists between them.
To create an Active Directory Domain Services container for an Operations Manager 2007 Management Group
Open the command window.
At the prompt, for example, type the following:
"C:\Program Files\System Center Operations Manager 2007\MOMADAdmin.exe" "Message Ops" MessageDom\MessageMOMAdmins MessageDom\MessageMS1 MessageDom
The preceding command-line example will:
- Run the MOMADAdmin.exe utility from the command line.
- Create the "Message Ops" Management Group AD DS container in the AD DS schema root of the MessageDom domain. To create the same Management Group AD DS container in additional domains, run MOMADAdmin.exe for each domain.
- Add the MessageDom\MessageMS1 computer account to the MessageDom\MessageMOMAdmin AD DS security group and assign the security AD DS group the rights necessary to manage the AD DS container.
See Also
Tasks
Concepts
About Deploying Operations Manager 2007
Using Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Groups