Multiple Forest discovery

Hi

I’m troubleshooting Active Directory Forest discovery in SCOM 2016. The latest released MP for ADDS 2000,2003 and 2008 is installed. The Forest to which the RMS belongs is discovered fine, as are all the DC’s, also in the trusted forests. However, the other forests are not discovered.

I only see a RunAs profile for the replication, so bit stuck on further steps.

 

Regards

Nick

Hi Nick,

as you state “trusted forests” I assume the other forests are not trusted. From the ADDS MP Guide:

Topology views automatically discover all forests that have two-way transitive trusts with the local forest. However, cross-forest monitoring of a forest that is not fully trusted is not supported.

There is a custom MP from Raphael Burri https://rburri.wordpress.com/tag/ad-topology-discovery/ that does the AD MP discover untrusted domains. That hasn’t been maintained for years but I am pretty sure that it will still work for the AD MP.

In cases where the AD Topology does not gets discovered in general here are some things which we had to do to get it working:

1. AD Topology Discovery:
   • DefaultValue for Parameter “OpsMgrInstallPath” is “%ProgramFiles%\System Center Operations Manager 2007” –> change accordingly to your installation and version
2. .NET 3.5 is required on the Management Servers for the Topology Views…
3. The Microsoft.Windows.Server.AD.Class.Library.mp (AD MP 2000-2008R2) and the newer version as well *sigh* Microsoft.Windows.Server.AD.Library.mp (AD MP 2012-2016) uses the cmd Get-Agent. Therefore we created an alias on every Mgmt Server because the correct cmd from SCOM 2012 on is Get-SCOMAgent in the profile.ps1 (C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1). New-Alias Get-Agent Get-ScomAgent

Additionally we changed the Parameter DiscoverAgentOnly for the same Discovery from False to True to only get the DCs which have an Agent installed. Otherwise SCOM discovers all DCs/GCs via the AD for the whole forest where we do not have access to.

Regards,

Konstantin