How to Move Agents to an Operations Manager 2007 R2 Secondary Management Server (Operations Manager Upgrade)

 

Updated: May 13, 2016

Applies To: System Center 2012 R2 Operations Manager, System Center 2012 - Operations Manager, System Center 2012 SP1 - Operations Manager

After you have added a secondary management server to your System Center Operations Manager 2007 R2 management group, you must move the agents that are reporting to the root management server (RMS) or management server that you are replacing to the new secondary management server.

You also move the agents to a secondary management server to avoid downtime when you upgrade a distributed management group that meets the minimum supported configurations for System Center 2012 – Operations Manager. For more information, see Supported Configurations for System Center 2012 - Operations Manager.

Important

If you have a distributed management group that meets the minimum supported configurations, you can alternatively upgrade the agents after you upgrade the management group instead of moving the agents to a secondary management server. However, you will experience monitoring downtime until the agents are upgraded.

You can move the agents by using the Operations console, by using Active Directory Integration, or by running a Windows PowerShell script. However, if the agents were deployed manually, you cannot move them by using the Operations console.

Moving Agents to a Secondary Management Server

To move Windows, UNIX, and Linux push-installed agents to a secondary management server by using the Operations console

  1. Log on to a computer that hosts an Operations console with an Operations Manager Administrators role account for the Operations Manager 2007 R2 management group.

  2. In the Operations console, click the Administration button.

    Note

    When you run the Operations console on a computer that is not a management server, the Connect To Server dialog box appears. In the Server name box, type the name of the Operations Manager 2007 R2 management server that you want the Operations console to connect to.

  3. In the Administration pane, under Device Management, click Agent-Managed.

  4. For Windows agents, right-click the computers in the Agent-Managed pane that have agents that you want to move to the secondary management server, and then click Change Primary Management Server.

    For UNIX and Linux agents, right-click the computers in the UNIX/Linux Servers pane that have agents that you want to move to the secondary management server, and then click Change Primary Management Server.

  5. In the Change Management Server dialog box, select the secondary management server from the list, and then click OK. The change takes effect on the agent after its next update interval.

To move Windows agents to a secondary management server by using a Windows PowerShell script

  1. Log on to a computer that hosts an Operations console with an Operations Manager Administrators role account for the Operations Manager 2007 R2 management group.

  2. Run the following script.

      $newMS = Get-ManagementServer | where {$_.Name –eq '<SecondaryMgmtServer.DomainName.COM>'} 
      $agent = Get-Agent | where {$_.PrincipalName –eq '<AgentComputer.Domain.COM>'} 
      Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $newMS 
    

The Operations console should now list the secondary management server as the primary management server for the agent that was moved.

Moving Agents to a Secondary Management Server by using Active Directory Integration

Using Active Directory Integration to move Windows agents to a secondary management server is a multistep process. First, you delete the configuration rule for the management server that you will replace. Then, you create a new rule that sets the replacement management server as the failover management server. This step is an intermediary step that is required for the agent to recognize the replacement management server. After the agent assignment propagates in Active Directory Domain Services, which can take up to one hour, you delete the configuration rule that you just created. Finally, you create a new configuration rule on the replacement management server.

In the following procedures, it is assumed that you have an existing primary management server and a failover management server that do not meet the minimum configuration requirements for System Center 2012 – Operations Manager, and you have already created two new secondary management servers that do meet these requirements to replace the old ones. By creating the configuration rules for Active Directory Integration, you move the agents from the old servers to the new servers in a multistep process.

To create a configuration rule for the management server that you are replacing (step 1)

  1. Log on to a computer that hosts an Operations console with an Operations Manager Administrators role account for the Operations Manager 2007 R2 management group.

  2. In the Operations console, click the Administration button.

    Note

    When you run the Operations console on a computer that is not a management server, the Connect To Server dialog box appears. In the Server name box, type the name of the Operations Manager 2007 R2 management server that you want the Operations console to connect to.

  3. In the Administration pane, under Device Management, click Management Servers.

  4. In the Management Servers pane, right-click the management server that you are replacing, and then click Properties. This sets the management server that you are replacing as the Primary Management Server for the computers that are returned by the rules you will create in the following procedure.

  5. In the Management Server Properties dialog box, click the Auto Agent Assignment tab.

  6. Select the agent assignment, and then click Delete.

    Click Add to start the Agent Assignment and Failover Wizard, and then click Next.

    Note

    The Introduction page does not appear if the wizard has been run and Do not show this page again was selected.

  7. On the Domain page, do the following:

    - Select the domain of the computers from the **Domain name** list. The management server must be able to resolve the domain name.
    

    Important

    The management server and the computers that you want to manage must be in 2-way trusted domains.

    - Select the **Use a different account to perform agent assigned in the specified domain** check box.
    
    - Set **Select Run As Profile** to the Run As profile associated with the Run As account that was provided when MOMADAdmin.exe was run for the domain. The default account that is used to perform agent assignment is the computer account for the root management server, also referred to as the **Active Directory-Based Agent Assignment Account**. If this was not the account that was used to run MOMADAdmin.exe, select **Use a different account to perform agent assignment in the specified domain**, and then select or create the account from the **Select Run As Profile** list.
    
  8. On the Inclusion Criteria page, either type the LDAP query for assigning computers to this management server, and then click Next, or click Configure. If you click Configure, do the following:

    1. In the Find Computers dialog box, type the criteria that you want to use for assigning computers to this management server.

    2. Click OK, and then click Next.

    Note

    The following LDAP query returns computers with a name starting with MsgOps, (&(sAMAccountType=805306369)(objectCategory=computer)(cn=MsgOps*)) For more information about LDAP queries, see Creating a Query Filter.

  9. On the Exclusion Rule page, type the fully qualified domain name (FQDN) of computers that you explicitly want to prevent from being managed by this management server, and then click Next.

    Important

    You must separate the computer FQDNs that you type with a semicolon, colon, or a new line (CTRL+ENTER).

  10. On the Agent Failover page, select Manually configure failover, and then do the following:

    1. Select the check box of the replacement secondary management server. This sets the replacement server as the failover server.

    2. Click Create.

  11. In the Management Server Properties dialog box, click OK.

    Note

    It can take up to one hour for the agent assignment setting to propagate in Active Directory Domain Services.

  12. After you have confirmed that the agent assignment was successful, delete the agent assignment that you created earlier.

To create a configuration rule for the replacement management server (step 2)

  1. In the Operations console, click the Administration button.

  2. In the Administration pane, under Device Management, click Management Servers.

  3. In the Management Servers pane, right-click the replacement secondary management server, and then click Properties. This sets the replacement management server as the Primary Management Server for the computers that are returned by the rules that you will create in the following procedure.

  4. In the Management Server Properties dialog box, click the Auto Agent Assignment tab.

  5. Click Add to start the Agent Assignment and Failover Wizard, and then click Next.

    Note

    The Introduction page does not appear if the wizard has been run and Do not show this page again was selected.

  6. On the Domain page, do the following:

    - Select the domain of the computers from the **Domain name** list. The management server must be able to resolve the domain name.
    

    Important

    The management server and the computers that you want to manage must be in 2-way trusted domains.

    - Select the **Use a different account to perform agent assigned in the specified domain** check box.
    
    - Set **Select Run As Profile** to the Run As profile associated with the Run As account that was provided when MOMADAdmin.exe was run for the domain. The default account that is used to perform agent assignment is the computer account for the root management server, also referred to as the **Active Directory-Based Agent Assignment Account**. If this was not the account that was used to run MOMADAdmin.exe, select **Use a different account to perform agent assignment in the specified domain**, and then select or create the account from the **Select Run As Profile** list.
    
  7. On the Inclusion Criteria page, either type the LDAP query for assigning computers to this management server, and then click Next, or click Configure. If you click Configure, do the following:

    1. In the Find Computers dialog box, type the criteria that you want to use for assigning computers to this management server.

    2. Click OK, and then click Next.

    Note

    The following LDAP query returns computers with a name starting with MsgOps, (&(sAMAccountType=805306369)(objectCategory=computer)(cn=MsgOps*)) For more information about LDAP queries, see Creating a Query Filter.

  8. On the Exclusion Rule page, type the fully qualified domain name (FQDN) of computers that you explicitly want to prevent from being managed by this management server, and then click Next.

    Important

    You must separate the computer FQDNs that you type with a semicolon, colon, or a new line (CTRL+ENTER).

  9. On the Agent Failover page, select Manually configure failover, and then do the following:

    1. Select the check box of the second replacement management server that you added to the management group. This sets it as the failover server.

    2. Click Create.

  10. In the Management Server Properties dialog box, click OK.

    Note

    It can take up to one hour for the agent assignment setting to propagate in Active Directory Domain Services.