Update on Active Directory Integration with SCOM

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

System Center Operations Manager (SCOM) uses scripts in Management Packs as part of discovery process. For example, Discover Windows Computer Properties is a discovery process which triggers a PowerShell script that does the discovery.

 

Earlier to SCOM 2016, these scripts were based on VB. In SCOM 2016 RTM, we migrated these scripts to PowerShell and with this change, Windows Computer details that were retrieved (as part of Active Directory Integration rules) were displaying incorrect NETBIOS name of a domain.

 

What are AD Rules, you ask?

These rules use Active Directory Domain Services (AD DS) to assign computers to a management group and assign the computers’ management servers. The AD rules that were configured in SCOM2012 were also not working in SCOM2016.

 

Can I explain with an Example?

Sure, Let us look at the format and understand it with an example.

Consider you run a computer that is a member of a domain contoso.com and a rule is configured for this domain as shown below.

 

FQDN of Management Server

MS1.smx.net

NetBIOS of Management Server

MS1

FQDN of SCOM domain

smx.net

NetBIOS of SCOM domain

SMX

 

Below are the formats configured in AD Rules of SCOM 2012, 2016 and their examples.

Version

Format

2012 R2

_<NetBIOSDomainNameofMS>_<NETBIOSNameofMS>_<DNSNameof domain the rule refers to>

Example

      <Rule ID= '_SMX_MS1_contoso.com'" Enabled="true"

 

 

2016 RTM till UR6

_<FullQualifiedDomainNameofMS>_<NETBIOSNameofMS>_<DNSNameof domain the rule refers to>

Example

      <Rule ID= '_smx.net_MS1_contoso.com'" Enabled="true"

 

Due to the above mismatch (SMX vs smx.net) in rule, computer details were wrongly displayed and not working when upgraded to SCOM 2016.

Simply put, the format should have always been “NetBIOS Domain Name of MS” i.e., SMX.

 

AakashMSFT_0-1584100110499.png

 

 

When was this fixed?

This issue was fixed in SCOM2016 Update Rollup 7 (Windows Computer Property "NetbiosDomainName" is not discovered properly), however UR7 was released after SCOM1807.

 

That meant, this issue was not fixed in SCOM 1807 and older versions i.e., SCOM 2016 RTM, UR1… UR6, 1801.

 

Below is the updated RULE in SCOM 2016 UR7 and SCOM 2019 (same as that of SCOM 2012).

 

Version

Format

2016 UR7, later updates and 2019

_<NetBIOSDomainNameofMS>_<NETBIOSNameofMS>_<DNSNameof domain the rule refers to>

Example

      <Rule ID = '_SMX_MS1_contoso.com'" Enabled="true"

 

 

What was the impact of this fix?

Anyone upgrading from SCOM 2016, 1801 or 1807 to 2019 RTM will run into the issue of previous AD rules not working in SCOM2019. Additionally, AD rules are not visible in the SCOM console which prevents administrators from editing them.

A fix for this issue will be available in 2019 Update Rollup 2. In the meantime, you can edit the rule manually in default management pack and get it working. The steps to do that are as below.

 

  1. After upgrade to 2019, export Default Management Pack into a folder
  2. Open “Microsoft.SystemCenter.OperationsManager.DefaultUser.xml” from the exported folder
  3. Rename all the AD rules to use <NetBIOS Domain Name of MS> instead of <FQDN of MS> as shown below.

Note: Please note that the domain name is case sensitive.

 

_<NetBIOSDomainNameofMS>_<NETBIOSNameofMS>_<DNSNameof domain the rule refers to>

 

Example:

Before

      <Rule ID="_smx.net_MS1_contoso.com" Enabled="true"

After

      <Rule ID="_SMX_MS1_contoso.com'" Enabled="true"

 

  1. Import the updated Management Pack.
  2. Now, the rules will work correctly.

 

    

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.