Several years ago, a colleague of mine Steve Rachui blogged about a custom management pack template supporting the scenario of allow discovery of AD Security Group membership for agent-managed Windows systems. Recently I was working with this management pack for a customer and identified an opportunity to make minor optimizations to the logic of the discovery script. Instead of relying on Operations Manager to discover the distinguished name for the computer object in Active Directory and pass this as an argument to the script, I determined it was best to handle this in the script. Secondly in an enterprise deployment of Active Directory with thousands of objects defined, the discovery script may not complete successfully because it is missing the command object property – Page Size with a value of 1,000. This is because by default when you query Active Directory using ADO, it only returns the first 1,000 objects, regardless of how many are defined. So this object property is included and ensures the discovery is able to search all group objects and return the expected results – AD groups the agent-managed system is a member of.
The updated MP is included here for you to utilize. Please refer to Steve’s blog posting on how to configure and use this MP.
First you need to add the Groups in SCOM to the AD Security Group membership management pack. (NOT a Separate Management pack)
Also you changes the Class from the original Steve Rachui post and when you do the Cut and past You MUST change the class that Steve used or the MP will not update the new element should look like this
The new Expression section should look like this
<Pattern>This should have the AD group name here</Pattern>
Thanks so much, this will be useful in our environment!
BTW, you have a typo in your comment: There's a [ short in