Agent Action Account on a Domain Controller

Discussion:

(too old to reply)

martit01

2008-11-07 00:42:01 UTC

Is it possible to push the SCOM agent to a Domain Controller? I'm having
difficulty doing this because the Agent Action Account is suppose to be a
member of the local Administrators group, but this isn't possible to do on a
DC.

Thanks

Manish Godse [MSFT]

2008-11-07 01:08:34 UTC

Permalink

You can use different action and "push" accounts. Can you describe what
issue you are running into?
--
Thanks,

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Post by martit01
Is it possible to push the SCOM agent to a Domain Controller? I'm having
difficulty doing this because the Agent Action Account is suppose to be a
member of the local Administrators group, but this isn't possible to do on a
DC.
Thanks

martit01

2008-11-07 02:35:01 UTC

Permalink

Sorry, instead of Agent Action Accont, I meant Management Server Action
Account (MSAA)
I'm trying to deploy the SCOM agent to a domain controller using the
discovery wizard through the SCOM console. When I've done this in the past to
non-Domain Controller servers, I alway added the MSAA account to the local
administrators group on the server, which gives the needed permissions to
install the agent.

However, since DC's don't allow any local administrator groups to be added,
I don't understand how I'm suppose to grant the Domain controller permissions.

Thanks

Post by Manish Godse [MSFT]
You can use different action and "push" accounts. Can you describe what
issue you are running into?
--
Thanks,
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Pavel Řepa, MCTS SCOM

2008-11-07 12:57:19 UTC

Permalink

Hello martit01,

for deploy the SCOM agent to a domain controller by using the discovery
wizard through the use of SCOM console, you must use account with Domain
Admins permissions for discovery (Administrator Account) and Local System for
Agent Action Account.

For monitoring Active Directory you must create RunAs Account and set RunAs
Profile "Active Directory Based Agent Assignment Account" for work with him.

Pavel Repa, MCTS SCOM
--
System Center Specialist
http://pavelrepa.spaces.live.com/...

Post by martit01
Sorry, instead of Agent Action Accont, I meant Management Server Action
Account (MSAA)
I'm trying to deploy the SCOM agent to a domain controller using the
discovery wizard through the SCOM console. When I've done this in the past to
non-Domain Controller servers, I alway added the MSAA account to the local
administrators group on the server, which gives the needed permissions to
install the agent.
However, since DC's don't allow any local administrator groups to be added,
I don't understand how I'm suppose to grant the Domain controller permissions.
Thanks

Ron Hagerman

2008-11-16 03:50:56 UTC

Permalink

What we did was, we just dropped one of the domain admins in the Ops Mgr
admins role and allowed him to deploy his own agents with his credentials.

Another option is to have the domain admins do a manual agent install
and then approve the agent in the SCOM console.

Continue reading on narkive:

Search results for 'Agent Action Account on a Domain Controller' (Questions and Answers)

replies

9/11 what are your?

started 2006-06-22 23:54:47 UTC

current events

replies

Sony ripped off Bose for the case design of the ps3!?

started 2007-01-09 02:28:41 UTC

games & gear

replies

Do you have what it takes to run furniture making company?