Monitoring Servers on Another Domain
I need to monitor about 300 - 400 servers from another company we merged with that are on a different domain, what would be the best way to add them to the SCOM environment? My first thought would be to treat them like a DMZ, and just sit a management/gateway server there, but perhaps there is a better way.Paul Arbogast
June 13th, 2011 11:41am

Couple of choices - two way transitive trust would get you a long way if you can do it. Otherwise, it is an untrusted domain, so you could use a gateway, certificates on the gateway server, and then agents with accounts in that domain (you will have to be given valid other-domain accounts to set up the action accounts etc. Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2011 12:02pm

Hi Paul If you have a Forest Level trust in place then you don't need to do anything. A forest level trust supports kerberos so no certificates are necessary. If there is no Forest Level trust in place then a gateway in the "different domain" is the way to go - agents in the "different domain" can use kerberos to communicate with the gateway and you can configure certificates between the gateway in the "different" domain and the management servers in the "home" domain. http://technet.microsoft.com/en-us/library/bb735408.aspx If you are comfortable with deploying agents to a DMZ and configuring certificates then the process with the gateway will be straight forward. Cheers Graham View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
June 13th, 2011 12:03pm

In addition, please refer to the following documents and articles: Multiple Server, Single Management Group Scenario http://technet.microsoft.com/en-us/library/bb432132.aspx Deploying Gateway Server on Windows Server 2008 http://technet.microsoft.com/en-us/library/dd789059.aspx OpsMgr 2007: Monitoring an Agent in a non-trusted domain http://blogs.technet.com/b/smsandmom/archive/2008/09/10/opsmgr-2007-monitoring-an-agent-in-a-non-trusted-domain.aspx Monitoring agents in an untrusted domain or workgroup using Operations Manager 2007 http://support.microsoft.com/kb/982910 Hope this helps. Thanks. Nicholas Li - MSFT Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2011 11:31pm

Hi Paul Please feel free to re-open the thread if you have any further questions. Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
June 17th, 2011 7:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics