How to make Active Directory MP discover untrusted domains
Posted by rburri on December, 8 2008
Update: May 19, 2010
The latest released Active Directory product Management Pack is 6.0.7065.0. I have verified the unstrusted domain discovery extension MP and updated it. Following the changes of the product MP, the discovery interval was increased to once every 24 hours. You can download the updated version at the end of this post.
The current Active Directory management pack by Microsoft does discover trusted domains out of the box. However; it still does not discover forests and domains to which no trust exists. But it can be done: The trick simply is to run the ‘AD Topology Discovery’ on OpsMgr gateways located in domains and not just on the RMS.
The management pack below consists of :
- AD Discovery Management Server Computer Group: Gateways installed in domains
- Discovery of the AD Discovery Management Server Computer Group
- AD Topology Discovery (Custom script): targeted at all management servers – disabled by default
- Override to enable the discovery on members of above group
In order to successfully discover domain objects, the OpsMgr security gateways need to have the right to ‘act as a proxy and discover managed objects on other computers‘.
Download the management pack
Download Custom AD Topology Discovery MP V 188.8.131.52 (unsealed & sealed) (rename after downloading – it is a zip archive)
It should be mentioned that there is some overhead since the discovery is run on all gateways in an untrusted domain. For that reason I set the execution interval of the discovery script to 24 hours.
Note on earlier versions
If you happen to have been using the workaround MP I posted earlier this year: The old version (V 184.108.40.206) does not work with Microsoft’s management pack 6.0.6452.0 and above. Please replace it with the current MP.
This entry was posted on December, 8 2008 at 16:27 and is filed under OpsMgr 2007. Tagged: Active Directory Management Pack, AD Topology Discovery, Operations Manager 2007, Security Gateway. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.