How to make Active Directory MP discover untrusted domains

Update: May 19, 2010

The latest released Active Directory product Management Pack is 6.0.7065.0. I have verified the unstrusted domain discovery extension MP and updated it. Following the changes of the product MP, the discovery interval was increased to once every 24 hours. You can download the updated version at the end of this post.

The current Active Directory management pack by Microsoft does discover trusted domains out of the box. However; it still does not discover forests and domains to which no trust exists. But it can be done:  The trick simply is to run the ‘AD Topology Discovery’ on OpsMgr gateways located in domains and not just on the RMS.

The management pack below consists of :

  • AD Discovery Management Server Computer Group: Gateways installed in domains
  • Discovery of the AD Discovery Management Server Computer Group
  • AD Topology Discovery (Custom script): targeted at all management servers – disabled by default
  • Override to enable the discovery on members of above group

In order to successfully discover domain objects, the OpsMgr security gateways need to have the right to ‘act as a proxy and discover managed objects on other computers‘.

Download the management pack

Download Custom AD Topology Discovery MP V (unsealed & sealed) (rename after downloading – it is a zip archive)

It should be mentioned that there is some overhead since the discovery is run on all gateways in an untrusted domain. For that reason I set the execution interval of the discovery script to 24 hours.

Note on earlier versions

If you happen to have been using the workaround MP I posted earlier this year: The old version (V does not work with Microsoft’s management pack  6.0.6452.0 and above.  Please replace it with the current MP.


One thought on “How to make Active Directory MP discover untrusted domains

  1. Pingback: Walter Chomak's System Center Operations Manager 2007 Landing Zone : How to Make Active Directory MP Discover Untrusted Domains

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s