First published on TECHNET on Aug 28, 2017
UPDATE: October 2017 the 3 rd – Added an example of the trust list format.
The problem they had, was pretty simple (as well as its solution). They “just” wanted to monitor trust status, but only for some Trusts. This sounded like: “Hey, I want to monitor my Trusts, but I want to exclude those I know as not working and that I cannot fix. I really do not want to renounce to the entire Trust Monitoring just because I cannot exclude some of them”.
Well, that sentence made me thinking about how to delight my customers and do something interesting for other customers as well. So, I came up with the idea of an addendum MP which gives the possibility to specify a trust or a list of trusts to be excluded.
Let's start with a bit of explanation.
The Trust Monitor coming with the Active Directory Management Pack, is using basically 3 components:
- A DataSource module which contains the script used to query and return the status of all existing trusts.
- A UnitMonitorType which parses the output from the DataSource module
- A UnitMonitor which basically reports on the Trust health by creating an alert in case the status is not good.
I will not go deeper, just to not annoy you but if you are interested in the theory you can ping me at my email address or a leave a comment and I will follow up. The small issue inside this mechanism is that, as I wrote in the description of the DataSource task, it checks for all trusts and there's no way to create an override based on a single Trust or list of Trusts. You got it right: You can only disable the monitor that turns into completely shutting down the Trust Monitoring scenario .
What I did is:
- I created a new DataSource that takes another input parameter: the single trust or the comma separated list of trusts
And which is using a modified version of the script with the exclusion logic
- Then, because of the new parameter, I had to create a new UnitMonitorType and a new UnitMonitor in order to expose and to pass the new overridable parameter
- Include some pre-defined overrides to disable the original monitor
Of course, I am giving here the simple version of the story since I had to consider some different possibility for the override value (single trust, Trust list, no value) but luckily, I got it done and working. Using this addendum, you can continue using the Trust Monitoring scenario and bend it to your needs by configuring the necessary override.
Now that you have clear in mind what I have done, let's discuss how to use it.
First of all, it works every version of System Center Operations Manager that the original management pack is working on. Second, I created this solution for all Active Directory Management Pack version, including the completely brand new one.
And now: how do I use it? Simple answer: You just download the file for the management pack version you are using from this post, import it and that's all. As said, the addendum MP contains an override that disables the original monitor since the new one comes enabled. Now you can go ahead with the necessary overrides.
Like other Management Packs, overrides can be created for different targets. For every target you choose, you have the possibility to create one override per trust or a single override with a trust list. The trust list can be passed as a comma separated value list. For instance you can enter “DomainA.Com, DomainB.Local, DomainC.my” without double quotes, and so on.
I intentionally left the management pack files (yes more than one since this solution is available for all Active Directory Management Pack version know so far) unsealed so you can store your overrides in the same file. Should you need this solution any longer, all you have to do is to remove it from your System Center Operations Manager management group.
If you want to give it a try, download the Zip file and import the version you need.
I hope this solution will make your life easier and will make you appreciating Microsoft solution more and more.