SearchWindowsServer.com recently spoke with Pete Zerger, MVP, about Active Directory Integration, a new feature for Systems Center Operations Manager 2007 that is designed to reduce total cost of ownership (TCO) and minimize administrative effort.
Zerger is the founder of System Center Forum and the System Center User Group. He is a three-time Microsoft Operations Manager MVP, and is scheduled to present on Active Directory Integration this year at Microsoft Management Summit and Microsoft Tech-Ed 2009.
How exactly does Active Directory Integration work in System Center Operations Manager?
Zerger: What this feature does is allow us to fully automate agent deployment for Operations Manager-based environments. So part of what is baked into the Operations Manager agent is that as the agent is started up, it will actually query it's local Active Directory domain to see if configuration information has been published for an Operations Manager management group.
So with this feature we can use LDAP queries -- with a little magic in the operations console -- to very granularly define the failover behavior of our agents so that we can point it to redundant management servers. And then from a deployment perspective, we can essentially put that agent in our operating system image or use a job in [System Center] Configuration Manager to automate deployment.
When the Operations Manager agent starts, it automatically finds where it needs to report without the administrators having to enter it themselves.
How does this simplify what administrators had to do before?
Zerger: With Active Directory Integration, we can automate configuration of agent failover behavior in a way that allows us to not only minimize administrative effort, but more effectively load balance management server loads.
Can you explain how this reduces total cost of ownership (TCO)?
Zerger: Since AD integration provides automation of the agent configuration process, reduction in administrative effort can be significant. In large enterprises where server deployment (and thus Operations Manager agent provisioning) are a daily activity, this can really add up over time.
What are some of the challenges admins might run into during deployment?
Zerger: Some of the primary challenges are around writing the LDAP queries that we use to define our agents' failover behavior. [Administrators] have to create pretty specific query supplements based on [organizational units] or security settings based on the computers we'd like to monitor. Frequently, some people have trouble with writing queries that overlap and potentially tell an agent to report to multiple servers at the same time, which won't work. So I'd call those the primary issues.
Then as we get into larger environments, we have to deal with security boundaries with remote domains and multiple forests, and we have to make a small adjustment from a security perspective for Active Directory Integration to work.
Is it worth looking into for larger enterprises, despite these challenges?
Zerger: I think for large enterprises, this actually offers the greatest return. Again, it's about getting past the hurdles related to security or understanding LDAP, and how to texture your LDAP to make sure that what you configure works as you hope it does before you deploy it. But yes, those larger shops really have the most to gain, in terms of saving time and administrative effort.
For more information on Active Directory Integration for SCOM 2007, check out this in-depth whitepaper from System Center Forum.
Let us know what you think about this article; email: Brendan Cournoyer, Site Editor.