How to Use Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Servers
The Operations Manager 2007 Agent Assignment and Failover Wizard creates an agent assignment rule that uses Active Directory Domain Services (AD DS) to assign computers to a Management Group and assign the computers' Primary Management Server and Secondary Management Servers. Use the following procedures to start and use the wizard. For more information, see Using Active Directory Domain Services to Assign Computers to Operations Manager 2007 Management Groups.
The Active Directory Domain Services container for the Management Group must be created prior to running the Agent Assignment and Failover Wizard. For details about creating the Management Group container, see How to Create an Active Directory Domain Services Container for an Operations Manager 2007 Management Group.
The Agent Assignment and Failover Wizard does not deploy the agent. You must deploy the agent to the computers using MOMAgent.msi. For more information, see How to Deploy the Operations Manager 2007 Agent Using the Agent Setup Wizard or How to Deploy the Operations Manager 2007 Agent Using MOMAgent.msi from the Command Line.
Changing the agent assignment rule can result in computers no longer being assigned to, and therefore monitored by, the Management Group. The state of these computers will change to critical, because the computers no longer send heartbeats to the Management Group. These computers can be deleted from the Management Group and, if the computer is not assigned to other Management Groups, the Operations Manager 2007 agent can be uninstalled.
Log on to the computer with an account that is a member of the Operations Manager Administrators role for the Operations Manager 2007 Management Group.
In the Operations Console, click the Administration button.
When you run the Operations Console on a computer that is not a Management Server, the Connect To Server dialog box displays. In the Server name text box, type the name of the Operations Manager Management Server that you want the Operations Console to connect to. In the Enter Credential dialog box, type a User name, Password, and Domain for the Management Group.
In the Administration pane, expand Administration, expand Device Management, and then click Management Servers.
In the Management Servers pane, right-click the Management Server or gateway server to be Primary Management Server for the computers returned by the rules you will create in the following procedure, and then click Properties.
Gateway servers work like Management Servers in this context. For more information about gateway servers, see Gateway Server.
In the Management Server Properties dialog box, click the Auto Agent Assignment tab, and then click Add to start the Agent Assignment and Failover Wizard.
To use the Operations Manager 2007 Agent Assignment and Failover Wizard to assign computers to a Management Group
In the Agent Assignment and Failover Wizard, on the Introduction page, click Next.
The Introduction page does not appear if the wizard has been run and Do not show this page again was selected.
On the Domain page, do the following:
To assign computers from multiple domains to a Management Group, run the Agent Assignment and Failover Wizard for each domain.
Select the domain of the computers from the Domain name drop-down list. The Management Server must be able to resolve the domain name.
The Management Server and the computers that you want to manage must be in two-way trusted domains.
Set Select Run As Profile to the Run As profile associated with the Run As account provided when MOMADAdmin.exe was run for the domain. The default account used to perform agent assignment is the computer account for the Root Management Server, also referred to as the Active Directory Based Agent Assignment Account. If this was not the account used to run MOMADAdmin.exe, select Use a different account to perform agent assignment in the specified domain, and then select or create the account from the Select Run As Profile drop-down list.
For more information about Run As profiles and Run As accounts, see Run As Profiles and Run As Accounts in Operations Manager 2007.
On the Inclusion Criteria page, either type the LDAP query for assigning computers to this Management Server in the text box and then click Next, or click Configure. If you click Configure, do the following:
In the Find Computers dialog box, type the desired criteria for assigning computers to this Management Server.
Click OK, and then click Next.
The following LDAP query will return computers with a name starting with MsgOps, (&(sAMAccountType=805306369)(objectCategory=computer)(cn=MsgOps*)) For more information about LDAP queries, see
On the Exclusion Criteria page, type the FQDN of computers that you explicitly want to prevent from being managed by this Management Server, and then click Next.
You must separate the computer FQDNs that you type with a semicolon, colon, or a new line (CTRL+ENTER).
On the Agent Failover page, either select Automatically manage failover and click Create or select Manually configure failover. If you select Manually configure failover, do the following:
Clear the check boxes of the Management Servers to which you do not want the agents to failover.
Click Create.
With the Manually configure failover option, you must run the wizard again if you subsequently add a Management Server to the Management Group and want the agents to failover to the new Management Server.
In the Management Server Properties dialog box, click OK.
It can take up to one hour for the agent assignment setting to propagate in AD DS.
How to Create an Active Directory Domain Services Container for an Operations Manager 2007 Management Group
How to Deploy the Operations Manager 2007 Agent Using MOMAgent.msi from the Command Line
How to Deploy the Operations Manager 2007 Agent Using the Agent Setup Wizard