This is pretty exciting.
Microsoft just shipped a totally new AD MP. This one has no dependencies on the previous ADMP, that has been mostly based on the same core design for the past 15 years!
https://www.microsoft.com/en-us/download/details.aspx?id=54525
The new ADMP supports monitoring Active Directory when yours DC’s are Windows Server 2012, 2012R2, 2016, 2019.
There is a huge list of changes, but the biggest impactful ones in my opinion are:
- No more OOMADS!
- Removed Reliance on OOMADS.dll for Domain Controller monitoring removed oomads dependency from all MPs. This was always a pain when managing DC’s in the past, now it is no longer required for the ADMP scripts to work.
- Replication Monitoring rewrite.
- This was previously a nightmare solution of 14 rules and monitors which all shared the same script datasource, for EACH OS version you had DC’s on. Tuning replication monitoring in the past was very challenging for customers. Now – it has been streamlined via scenario, as Replication Monitoring was replaced with the following monitors:
- AD Replication Queue Monitor
- AD Show Replication Check
- Replication Partner Count Monitor
- Replication Consistency Monitor
- Removed dependency on down-level DC discovery MPs.
- You no longer have to import the old Windows 2000, 2003, and 2008 AD Discovery MP’s if you aren’t using those versions, like the old MP’s required.
- A total re-write of the old “AD Client Monitoring” which is renamed to “Domain Member Monitoring”
- The Domain Member Monitoring Management Pack deploys a set of rules and monitors to a computer that represents an Active Directory member server or client. These rules and monitors provide monitoring data, such as connectivity, latency and availability, from the perspective of the member. This specific MP is OPTIONAL and should not be imported unless you plan on configuring it.
See the MP guide for the full list of fixes and updates.
At the time of this writing – the MP version is 10.0.1.0.
This MP does NOT UPGRADE the previous MP’s. This is designed as a replacement. However, you can run both MP’s side by side if you want to cut over monitoring slowly. You should delete all the previous older generation ADMP’s from your management group and use this MP, provided your DC’s are all WS2012 or later.
The MP’s import just fine:
The guide is pretty thorough on the monitoring scenarios – I recommend you review it before using the MP.
- Monitoring Scenarios
- Multi-Forest Monitoring
- Replication
- Essential Services
- SYSVOL Availability
- Trust Monitoring
- Directory Service Availability
- AD Database Monitoring
- Time Skew Monitoring
- AD Web Service Monitoring
- Domain Controller Performance
- Domain Member Perspective (the old AD Client Monitoring)
Just curious. This newer MP doesn’t seem to generate the same replication alerts as the old MP. Is this because I dont have something turned on? What I mean is I still have both MPs running side by side, but dont get the same alerts when a DC fails to replicate its naming context. Any thoughts?
I have the same problem. My production environment with the old MP is alerting for “Replication has been aborted”
The new Scom 2019 environment with just this new MP installed is not reporting any errors about that.
(My agents is reporting to two management groups, 2012 R2 and 2019)
A lot of rules have been gone like “A domain controller has been stopped / started”. Why is this, they where helpfull.
Mark, those were likely consider as “noise” by the majority of customers, since there isnt something really “actionable” about them. You can easily re-create those if you liked them with a simple event based alert rule. Takes only a few minutes.
Kevin, have you seen issues with upgrading from 10.0.0.0 to 10.0.2.2? When I try, I get the error “Version 10.0.2.2 of the management pack is not upgrade compatible with the older version 10.0.0.0″ and Microsoft.Windows.Server.AD.ReadOnlyDC.Computer, The property Hosted has a value that is not upgrade compatible OldValue=False, NewValue=True.”
10.0.0.0 must have been a beta or pre-release version? I keep every version of every MP, and I don’t have that one. Where did you get it?
The first published version I have is 10.0.1.0, then 10.0.2.0, then 10.0.2.1, then 10.0.2.2. All of those have been upgrade compatible to my knowledge.
Kevin, I’m surprised that the first published version you have is 10.0.1.0. The release notes that are included in the 10.0.2.2 download lists 10.0.0.0 as the initial release. It was the version available when this management pack was first announced here.
From my viewpoint there is no excuse for 10.0.0.0 not being upgradable to 10.0.2.2. I couldn’t find any of the interim releases, but considering that I still on it, I probably ran into this with previous versions. MP upgrades all too frequently fail with an error message indicating that the catalog version is wrong, which is what I saw with this one. Usually, you can download the MP and install the upgrade, but not in this case. Ripping out well tuned MP is not fun, nor is restoring the overrides you have to remove to delete it.
From the catalog, downloaded directly!
Ugh. I hate the catalog. This is just another reason.
Kevin, these are the steps I was told to follow in order to have the DCs monitored properly:
1. Push agent to Domain controller
2. Install OOMADs.msi
3. Run HSLockdown.exe /A “NT AUTHORITY\SYSTEM” in the SCOM agent install directory
4. Stop & start agent
I gather from your post that steps 2 and 3 are no longer needed?
OOMADS is no longer needed.
Running HSLOCKDOWN unfortunately still is.
Hello Kevin,
Thanks for the Blog; Does this MP Monitors AD 2019 servers as well ? MS Site says “The Management Pack for Windows Server Active Directory Domain Services. Monitors Windows Server 2012, 2012R2, 2016 and 2019 Domain Controllers and domain health.” however MP contents looks still same shown in screenshot in this blog.
Could you please suggest.
Hi Kevin,
Do you by any chance know when AD MP will start targeting non trusted domain GWs for AD topology discoveries instead of just RMS emulator? Or have a workaround?
Cheers
Gordon
I don’t. I don’t think our ADMP ever supported untrusted domains?
No it hasn’t. That’s what I was hoping we’d get in one of the updates. 🙂 I’ve worked for several organisations where we had completely separate domains but using one SCOM instances to monitor all of them by means of GWs. One of the reasons we have SCOM GW. Having monitoring only discover the domain where MSs are installed means we can’t monitor AD health of others, just DCs.
Hi Kevin,
Does this support AD 2019 on Windows Server 2019 as well?
Yes
Hi Kevin,
In a scenario where a DC is deliberately down and in Maintenance Mode, can the ADMP be configured so that the other DCs do not complain about replication failing?
Now this is a feature I would love to see. The number of alerts from other DCs when one is rebooted are unwelcome and useless. Most of my DCs are physicals, and if a FSMO role holder restarts, the noise is ridiculous. Putting all the DCs in maintenance for the duration reduces the complaints, but that only helps for manual reboots. If the core OS management packs reported restarts, it could trigger the squelch when the server gets the command to restart and end when the server heartbeat returns.