Archive for November, 2011

Just a quick note to let you know that OpsMgr 2012 Release Candidate has released.

November 16, 2011 Leave a comment

Details at:

Download from:

Full set of product documentation is available:

Details and features of the OM2012 RC:

Feature Summary
•Setup Improvements
Operations Manager 2012 has a new Setup wizard.
•Highly Available Management Group Out of the Box
In Operations Manager 2012, all management servers are peers; there is no root management server. The workload is split among all management servers in a management group, which provides high availability without requiring a cluster.
•Resource pools
A resource pool provides the ability to distribute workloads across multiple management servers, such as availability, network device monitoring, distributed monitor health rollup, and group calculation.
•Agent Configuration
Operations Manager 2012 provides an easy method for configuring agents to report to multiple management servers by adding an Operations Manager Agent application to Control Panel on each agent-managed computer.
•Operations Console
You will notice some subtle changes to the Operations console. The Actions pane is now the Tasks pane, and includes a new section called Navigation Tasks that makes it easy for you to open views for a selected object. The Tasks pane offers two tabs: one for actions and one for resources and Help links. The Navigation and Tasks panes can be hidden or revealed instantly by clicking the arrow in the title bar of the pane.
•Web console
Operations Manager 2012 introduces a new Web console. In Operations Manager 2012, all Operations Manager views are available in the Web console.
•Network monitoring
Operations Manager 2012 provides the ability to discover and monitor network routers and switches, including the network interfaces and ports on those devices and the virtual LAN (VLAN) that they participate in. You can also delete discovered network devices and prevent the deleted network devices from being rediscovered the next time discovery runs. For more information, see Monitor Network Devices.
•Application monitoring
In Operations Manager 2012, you can monitor ASP.NET applications in server- and client-side environments to get details about application availability and performance. Configure monitoring settings, such as polling frequency and transaction threshold. Then use results, including how frequently a problem is occurring, how a server was performing when a problem occurred, and the distributed chain for a transaction in question to pinpoint problems and solutions. For more information, see Monitor a .NET Application.
•Dashboard views
As part of the network monitoring and application monitoring capabilities, Operations Manager 2012 includes new comprehensive dashboard views that combine multiple panels of information into a single view. In Operations Manager 2012, you can add the new dashboard views to My Workspace.
•Display dashboard views using SharePoint
The Operations Manager web part displays specified dashboard views and can be added to Microsoft SharePoint 2010 sites. For more information, see Add a Dashboard View to a SharePoint Site.
•Creating dashboard views
Dashboard views have been significantly upgraded in Operations Manager 2012 from their capabilities in Operations Manager 2007 R2, including custom layouts and nested dashboard views. For more information, see Create a Dashboard View.
•Operations Manager Module for Windows PowerShell
Operations Manager 2012 provides a Windows PowerShell 2.0 module containing a full set of new cmdlets. The cmdlets in this module are only compatible with Operations Manager 2012. You can recognize the Operations Manager 2012 cmdlets by the “SC” preceding the noun. For additional information about the Operations Manager 2012 cmdlets, open the Operations Manager command shell and type Get-Help about_OpsMgr_WhatsNew. For information about how the Operations Manager 2007 cmdlets map to the Operations Manager 2012 cmdlets, type Get-Help about_OpsMgr_Cmdlet_Names.To use the Operations Manager 2012 cmdlets, you must establish a connection to an Operations Manager management group. You can establish either a persistent connection in which you can run multiple cmdlets, or a temporary connection when running a single cmdlet. For more information about connections, open the Operations Manager Shell and type Get-Help about_OpsMgr_Connections.
•UNIX- and Linux-based computers
In Operations Manager 2012, the Discovery Wizard is easier to use for discovering UNIX- and Linux-based computers. You can now use Windows PowerShell to manage UNIX- and Linux-based computers, for more information, see the UNIX and Linux section in the release notes. High availability is also supported.
UNIX/Linux Shell Command Template Management Pack
This Management Pack implements authoring templates that allow the creation of rules, tasks, and monitors based on execution of shell commands on UNIX/Linux agents.
JEE Management Packs
These management packs monitor JEE (Java Enterprise Edition) application servers. Management packs are available for IBM WebSphere, Oracle WebLogic, Red Hat JBoss and Apache Tomcat.

Best Practices for Active Directory Forest Trusts

November 8, 2011 Leave a comment

When your Active Directory forest just contains a couple of domains, life is pretty good for you as the administrator—there’s not a lot to go wrong, clients receive fast responses, and in general, things work as they should.

But as more and more domains come online and, in particular, as you expand into different forests to further delineate security boundaries, the situation requires more management, especially as you come to expect trusts to hold everything together seamlessly. Here are some best practices on managing trusts to make authentication available and management of your AD infrastructure much easier.
Use shortcut trusts to eliminate delays. Delays creep up when your Active Directory forest has lots of trees in it containing multiple child domains. When you find that clients are taking a long time to authenticate, especially between those child domains, a best practice is to create shortcut trusts to mid-level domains within each tree hierarchy where possible. These shortcut trusts are essentially bidirectional transitive trusts that effectively lessen the length of the path traveled for authentications to take place between domains located in two separate trees.

To create these shortcut trusts:

Open Active Directory Domains and Trusts, and in the left pane, right-click the domain node for the domain you want to establish a shortcut trust with, and then click Properties.
On the Trusts tab, click New Trust, and then click Next.
On the Trust Name page, type the DNS name (or NetBIOS name) of the domain, and then click Next.
On the Direction of Trust page, choose to create either a two-way, shortcut trust (click Two-way) or choose one of the various one-way options if for some reason you need to limit reciprocity.
Continue on with the wizard to completion.
Keep a current list of all trust relationships in your forest. This way, during administrative tasks, you don’t have to puzzle out why some authentications are working and others aren’t, or what domain trusts another domain one way but not the other, and so on. This is a common problem in large forests, or organizations with multiple forests, with many administrators that may be creating trusts without adequately documenting their actions. There’s a tool from Microsoft called NLTest that, among other useful things, queries the trust status for all domains and shows the other domains that a given domain trusts.

For example, to view the established trust relationships for your domain, use nltest /domain_trusts. You’ll get a result that looks like this:

List of domain trusts:
0: (NT 5) (Forest Tree Root) (Primary Domain)
The command completed successfully
Perform a good backup and always test to ensure you have restore capability as well. Trusts are complicated to architect correctly and difficult to recreate exactly as they were in the event they’re lost. To protect yourself, ensure that all domain controllers in every domain in all of your forests have a current and tested system state backup. The system state backup contains the Active Directory trust data stored at any given point of time in the system. During a restore, the domain controller is put into a special mode that allows it to return to replication—including replicating the appropriate trust information—among all of the other online domain controllers without generating or encountering integrity errors. The built-in Windows Server Backup product contains the appropriate tooling to conduct these system state backups, but other third-party products that may already be protecting your data centers also have this capability as well.