SCOM 2012 AD integration not populating in AD

So I’ve got a little SCOM 2012 lab. One DC, two database servers, four management servers, one Exchange 2010 and one soon to be SharePoint 2010 server.

The summary of what I was experiencing was that when I configured AD integration using the wizard in the SCOM console, nothing was populated into AD even an hour later, and no manually installed agents are automatically assigned as a result, even after properly using the Mom AD Admin EXE to prepare active directory.

The end result was the client can’t find a policy in AD as shown below.

Event 2011: The Health Service did not find any policy in Active Directory

image

In active directory users and computers, none of my management servers were populating underneath the Operations Management \ Mario, and each of them should have their own corresponding containers and AD groups if all is working properly.

image

I tried several things with no luck:

  1. Verifying I had properly run the MOMADAdmin.exe with the proper switches: MOMADAdmin.exe <ManagementGroupName> <MOMAdminSecurityGroup> < RunAsAccount> <Domain>
  2. Completely loosening permissions on the OperationsManager container and child objects (Sidebar: NEVER EVER DO THIS, read this article to see why)
  3. Selecting a different runas account and profile ensure full domain admin rights
  4. Restarting client agents, servers and DCs
  5. Verified my LDAP inclusion query was valid by using Active Directory Users and Computers advanced search
  6. Telling my laptop “You look fat compared to the new macbooks” to hurt its feelings.

None of the above worked. After letting it bake overnight, a call with Microsoft the following morning and a refresh of ADUC indeed verified that you should plan on waiting at least 24 hours for that to be updated in AD with 2012, a change from 1 hour since 2007. When I came in the next morning, everything was working as shown below. You can look for the operations manager event 11470 on the management servers to verify successful publishing to AD.

image

Here are some good articles on AD integration with SCOM as a bonus. Hooray for bonuses!

AD Integration Considerations– My quick summary of this article is: don’t use AD integration unless you’re really sure you need to. Why not just use the command line if you’re going to bake it into your base images? Really the only time you need this is if you have multiple separate management groups in the same large domain.

http://blogs.technet.com/b/jonathanalmquist/archive/2010/06/14/ad-integration-considerations.aspx

Integrating Active Directory and Operations Manager

http://technet.microsoft.com/en-us/library/hh212829

Understanding How AD Integration Works with OpsMgr 2007

http://blogs.technet.com/b/momteam/archive/2008/01/02/understanding-how-active-directory-integration-feature-works-in-opsmgr-2007.aspx

Advertisements
Posted in Active Directory, SCOM, SCOM 2012
4 comments on “SCOM 2012 AD integration not populating in AD
  1. SCOM guru says:

    You didnt really had to wait a whole day. You could have restarted the services, which causes the rule to run. By the way, this task is run as a rule on OpsMgr Rms.

    • elgwhoppo says:

      Except there is no RMS in SCOM 2012. I rebooted the servers several times, so I’m pretty sure that would have done it if it really was a service restart.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Papers
People
Map

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 32 other followers

%d bloggers like this: