Active Directory Management Pack Webcast Q/A - October 6th, 2006
Question1: Where is the Spotlight on AD - Quest situated in comparison with AD management pack for MOM?
Answer1: Not sure I really understand the question. If you posed this question during the webcast please email and explain what it is you’re looking for.
Question2: I need to allow peoplehave access to operator console but not the admin console,is it possible?
Answer2: Yes, you can chose which machines to install the consoles on. From the MOM Deployment Guide:
Installing the MOM Administrator and MOM Operator consoles
Published:
You can install the MOM Administrator console and the MOM Operator console on the same computer as a Management Server, or you can install the consoles on one or more separate computers and remotely connect to a Management Servers in the management group.
Note
If you installed the Administrator and Operator consoles with the Management Server, you can skip this section and move on to "Discovering Computers and Deploying Agents" later in this chapter.
For any computer on which you want to install the MOM Administrator console and the MOM Operator console, it is recommended that you set your display resolution to 1024 768, with 24-bit color.
The MOM Administrator console is a Microsoft Management Console (MMC) snap-in. The MOM Operator console is a .NET application.
The MOM Administrator console and the MOM Operator console use the DCOM port range to communicate with Management Servers. Therefore, using the MOM Administrator console or the MOM Operator console to communicate with a Management Server across a firewall is not supported.
To install the MOM Administrator console and the MOM Operator console
1. |
Log on using an account that has administrative credentials on the local computer. |
2. |
Close all open applications. |
3. |
On the MOM 2005 product CD, double-click setup.exe. |
4. |
In the Microsoft Operations Manager 2005 Setup Resources dialog box, click Install Microsoft Operations Manager 2005 to start the MOM 2005 Setup Wizard. |
5. |
On the Installation Options page, click Custom, and then click Next. |
6. |
On the Custom Setup page, expand all components except MOM 2005 User Interfaces, click This component will not be available, and then click Next. Note This step assumes that you are installing the consoles on a dedicated computer. If you are installing the consoles on the same computer as other MOM components, you should select those components as well. |
7. |
The Prerequisite Check page indicates whether you have met the requirements. |
8. |
On the Management Server page, type the name of the Management Server that you want the consoles to initially connect to. |
9. |
On the Ready to Install page, click Install. |
Question3: Is there a tool or guide available to write Management Packs?
Answer3: Yes, go here for the guide that provides detailed information about developing a MOM 2005 Management Pack for your application or service.
Question4: How/why do you decide to create an event rule or alert rule?
Answer4: Although the management packs are packed with rules there are occasions where you might want to create your own custom rule. Check this link for information on how to do that:
https://www.microsoft.com/technet/technetmag/issues/2006/09/SecurityEvents/default.aspx
Question5: I keep getting an error from MOM about my main DC stating that Group Policy processing has been aborted because the file gpt.ini cannot be accessed. How can I change the account that is trying to access the gpt.ini object to one that has the proper privileges?
Answer5: Check these to KB articles, they should have the answer for you: https://support.microsoft.com/?id=314494 and https://support.microsoft.com/?id=842804
Question6: If I monitor my Cisco switches, do I need an additional license for each switch?
Answer6: Monitoring your switches would require a 3rd party management pack, check here: https://www.jalasoft.com/jalasoftweb/jsp/products/index.jsp?productId=11
With regard to licensing, the model with MOM2005 a license required for your MOM 2005 server and all devices managed by MOM 2005 require an Operations Management License (OML). For more info on OMLs check https://www.microsoft.com/mom/howtobuy/momstdoml.mspx
Question7: Just creating the keys with the same name and values on managed client will override default value coming from the MOM Management server? Is it case sensitive? And where can we read more about overriding values using registry?
Answer7: Here’s some detailed information of registry configuration of client-side monitoring scripts. It comes from this location: https://www.microsoft.com/technet/prodtechnol/mom/mom2005/maintain/dirmgmtpackmom_6.mspx#E6G
Registry Configuration of Client-Side Monitoring Scripts
You can configure parameters for client-side monitoring scripts through the MOM 2005 Administrator console. Or, if you want to customize script parameters for a client-side monitoring computer, you can edit the registry of that computer. The configuration parameters are located in the registry at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Manager\AD Management Pack\Client Monitoring
There are two keys under this base:
• |
Configuration |
• |
Tests |
Under the Configuration key, there are also two entries:
• |
Domain Controllers — a string specifying comma-delimited domain controller names |
• |
Sites — a string specifying comma-delimited sites |
In the following example, the client monitors dc1 and dc2, as well as all the domain controllers in site1 and site2:
HKEY_LOCAL_MACHINE\
Software\
Microsoft\
Microsoft Operations Manager\
AD Management Pack\
Client Monitoring\
Configuration\
Domain Controllers=dc1,dc2
Sites=site1,site2
The test key may include a number of keys, each with the name of a different script in MOM 2005. Each of these keys may contain one or more values. The name of each value corresponds to a script parameter. Any value that is provided in any of these keys overrides the corresponding value that is set in the MOM 2005 Administrator console.
In the following example, the registry values for the BindThreshold, FailureThreshold, LogSuccessEvent, and SearchThreshold parameters that are given for the AD Client Connectivity script override the values for those same parameters that are set in the MOM 2005 Administrator console:
HKEY_LOCAL_MACHINE\
Software\
Microsoft\
Microsoft Operations Manager\
AD Management Pack\
Client Monitoring\
Tests\
AD Client Connectivity\
BindThreshold=1000
FailureThreshold=3
LogSuccessEvent=True
SearchThreshold=500
ADMP client-side monitoring includes the scripts in the following table.
Script |
Processing Rule |
Frequency |
|---|---|---|
AD Client Update DCs |
Script - AD Client Update DCs |
Once per day |
AD Client Connectivity |
Script - AD Client Connectivity |
Every 5 minutes |
AD Client Serverless Bind |
Script - AD Client Serverless Bind |
Every 15 minutes |
AD Client PDC response |
Script - AD Client PDC Response |
Every 10 minutes |
AD Client GC Availability |
Script - AD Client GC Availability |
Every 5 minutes |