Update on Active Directory Integration with SCOM

() uses in Management Packs as part of discovery process. For example, Discover Windows Computer Properties is a discovery process which triggers a PowerShell script that does the discovery.

Earlier to 2016, these were based on VB. In SCOM 2016 RTM, we migrated these to PowerShell and with this change, Windows Computer details that were retrieved (as part of Active Directory Integration rules) were displaying incorrect NETBIOS name of a domain.

What are AD Rules, you ask?

These rules use Domain Services () to assign computers to a management group and assign the computers' management servers. The AD rules that were configured in SCOM2012 were also not working in SCOM2016.

Can I explain with an Example?

Sure, Let us look at the format and understand it with an example.

Consider you run a computer that is a member of a domain contoso.com and a rule is configured for this domain as shown below.

FQDN of Management Server MS1.smx.net
NetBIOS of Management Server MS1
FQDN of SCOM domain smx.net
NetBIOS of SCOM domain SMX

Below are the formats configured in AD Rules of SCOM 2012, 2016 and their examples.

Version Format
2012 R2
Example
2016 RTM till UR6
Example

Due to the above mismatch (SMX vs smx.net) in rule, computer details were wrongly displayed and not working when upgraded to SCOM 2016.

Simply put, the format should have always been “NetBIOS Domain Name of MS” i.e., SMX.

AakashMSFT_0-1584100110499.png

When was this fixed?

This issue was fixed in SCOM2016 Update Rollup 7 (Windows Computer Property “NetbiosDomainName” is not discovered properly), however UR7 was released after SCOM1807.

That meant, this issue was not fixed in SCOM 1807 and older versions i.e., SCOM 2016 RTM, UR1… UR6, 1801.

Below is the updated RULE in SCOM 2016 UR7 and SCOM 2019 (same as that of SCOM 2012).

Version Format
2016 UR7, later updates and 2019
Example

What was the impact of this fix?

Anyone upgrading from SCOM 2016, 1801 or 1807 to 2019 RTM will run into the issue of previous AD rules not working in SCOM2019. Additionally, AD rules are not visible in the SCOM console which prevents administrators from editing them.

A fix for this issue will be available in 2019 Update Rollup 2. In the meantime, you can edit the rule manually in default management pack and get it working. The steps to do that are as below.

  1. After upgrade to 2019, export Default Management Pack into a folder
  2. Open “Microsoft.SystemCenter.OperationsManager.DefaultUser.xml” from the exported folder
  3. Rename all the AD rules to use instead of as shown below.

Note: Please note that the domain name is case sensitive.

Example:

Before
After
  1. Import the updated Management Pack.
  2. Now, the rules will work correctly.
    

 

This article was originally published by Microsoft's Azure SQL Database Blog. You can find the original article here.