Several years ago, a colleague of mine Steve Rachui blogged about a custom management pack template supporting the scenario of allow discovery of AD Security Group membership for agent-managed Windows systems. Recently I was working with this management pack for a customer and identified an opportunity to make minor optimizations to the logic of the discovery script. Instead of relying on Operations Manager to discover the distinguished name for the computer object in Active Directory and pass this as an argument to the script, I determined it was best to handle this in the script. Secondly in an enterprise deployment of Active Directory with thousands of objects defined, the discovery script may not complete successfully because it is missing the command object property – Page Size with a value of 1,000. This is because by default when you query Active Directory using ADO, it only returns the first 1,000 objects, regardless of how many are defined. So this object property is included and ensures the discovery is able to search all group objects and return the expected results – AD groups the agent-managed system is a member of.
The updated MP is included here for you to utilize. Please refer to Steve’s blog posting on how to configure and use this MP.