Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 87
  • Last Modified:

SCOM Active Directory monitors

I am looking to whittle down the alerts for AD and was wondering if anyone knew of a best practices guide for the most essential monitors. I believe the SCOM admin just fired up the AD Management pack and suggested we narrow it down. We have a large enterprise with about 180 DCs spread over the country and in a few other countries, so I find some of the alerts are transient causes by network issues more than AD. If anyone has a list or guide of essential monitors for AD it would give me a good start I can add to as needed. Thanks.
0
Jerry Dunning
Asked:
Jerry Dunning
1 Solution
 
Schnell SolutionsSystems Infrastructure EngineerCommented:
Hello Jerry,

In a similar way I use SCOM to monitor environments with +200 DCs distributed across regions. You are absolutely right, it is not enough with just firing up the AD Management Pack, what is recommended is to follow the .docx document that comes with the MP and follow step by step their configurations.

From a best practice perspective, the MP includes what Microsoft considers that is the best to monitor. However, each environment is different and it means that SCOM will require special turnings. So, despite of these best practices it is necessary to work with the MP Guide (.docx file) and configure, enable or disabled each monitor, alert, performance counter or component as it suits our environment. These configurations will include a initial configuration that includes create service accounts for SCOM, configure special permissions, configure dedicate watcher agents, configure special components if you want to monitor the health of special services, such as the SYSVOL folders replication, etc.

In summary, the general best practices are natively configured in the MP as it comes, but in particularly, we need to tune it. If not we will have a terrible experience with the product with many alerts that we will not wish to have.
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now