Menu Close

Configuring the Active Directory Management pack AD Topology Discovery overrides

We released an updated Active Directory Management Pack back in 2016, and have made updates along the way.  The current release supports Domain Controllers running Windows 2012, 2012R2, 2016, and later.

One of the items that many people configure, is to only discover Domain Controllers that have an AGENT on them.  Many times there are a huge number of DC’s in an environment, but not all are agent managed, and you do not wish to discover all of these in SCOM without an agent.

The AD Topology Discovery runs against your Root Management Server Emulator:

image

 

You can set the override to only discover agent based DC’s here:

image

 

HOWEVER – you might find when this is set, that you stop discovering topology at all, such as your AD Sites show up “Not Monitored” and your AD Topology diagram views do not roll up any state:

image

 

image

 

 

To troubleshoot this – you might enable verbose logging:

image

 

This will log events to show what’s happening.  Unfortunately, these verbose event logs do not actually log the error.  But they do give us a clue:

 

Log Name:      Operations Manager
Source:        Health Service Script
Event ID:      500
Level:         Information
Description:  ADTopologyDiscovery : Executing Agent discovery command:
cmd.exe /C cd “C:\Program Files\System Center Operations Manager 2007” & “C:\Windows\system32\windowspowershell\v1.0\powershell.exe” -PSConsoleFile Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Console.psc1 -command “.\Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Functions.ps1; Start-OperationsManagerClientShell -ManagementServerName: \”\” -PersistConnection: $false -Interactive: $false; Get-Agent | where {$_.ManagementGroup -like \”OM\”} | Format-List Name” > “C:\Windows\Temp\ADTopologyDiscovery-Data-{91A293C8-1114-4F74-8CDA-024ED18ACD0F}.txt” 2> “C:\Windows\Temp\ADTopologyDiscovery-Error-{91A293C8-1114-4F74-8CDA-024ED18ACD0F}.txt” “

The parts highlighted above are the issue.  This actually runs a PowerShell.exe command to connect to the SDK to pull back all the agents.  The challenge here is, that we must provide the path to the console file:  Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Console.psc1

This means that you MUST have the SCOM console installed on your RMSe, AND you must provide this path to the file in an override (if you wish to use Agent-only in your discovery).  This was a poor design really, because there is no need for this to connect to the SCOM SDK via PowerShell.  This is a really, really old method of interacting with the SDK, probably a carryover from the old ADMP.  But the simplest solution is to just provide the correct path to where YOU installed the SCOM console:

In SCOM 2019, my path is:  “C:\Program Files\Microsoft System Center\Operations Manager\Console”

In SCOM 2016, my path is: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Console”

Your location may differ.  You just need to find the location of the Microsoft.EnterpriseManagement.OperationsManager.ClientShell.Console.psc1 file, which is installed when you install the console.

The path MUST BE IN DOUBLEQUOTES!!!

image

 

This will query the SDK, and bring back ALL the agents, to verify each DC from Topology discovery is agent managed.  Note – this can take a LONG time in some environments, as it is essentially performing a “Get-SCOMAgent” command, and looping through each one.

Now my topology is showing correctly:

 

image

 

NOTE:  You will want to disable the “Verbose logging” override – as this will now log an event for EACH agent in the management group.  If you have 1000 agents, that’s a burst of 1000 events.  Not a good idea.  Smile

 

Known issues:

1.  You might see errors when AD Topology script runs:

Event ID: 1000   Source: Health Service Script

ADTopologyDiscovery : Cannot create System.Collection.Stack

This is because the script is using functions provided by .NET 3.5.  Please install .NET 3.5 on your management servers, or at least the management server that holds the Root Management Server Emulator role.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *