I'm spearheading the SCOM 2007 rollout in a fairly large healthcare
corporation in the midwest region.
I have a lab but will eventually roll this out to the entire enterprise.
The company has multiple tier 2 admin groups reporting up to one tier 3 group
that I am a part of.
Each of these group basically administer a "branch" of the AD structure but
report up.
Question - I would like to seperate servers by location or Organizational
Unit rather than function. I would like to be able to add these admins to
groups and as they add discover agents, I'd like it to only find the ones
they are purview to.
Assumption - I'm assuming that I will merely have to setup multiple
Managment servers at each location (hospital) and have them report up to my
hardward (RMS).
Any information from the collective would be excellent.
Cheers!
With admin groups, do you mean management groups? I am not sure I understand
your scenario, but if you create profiles and base that on dynamic groups,
that include machines based on AD sites or AD OU that should give your engineers
only information abour some servers.
-----
Regards
Anders Bengtsson
Microsoft MVP - MOM
http://www.contoso.se
M> Hello all -
M>
M> I'm spearheading the SCOM 2007 rollout in a fairly large healthcare
M> corporation in the midwest region.
M>
M> I have a lab but will eventually roll this out to the entire
M> enterprise.
M> The company has multiple tier 2 admin groups reporting up to one tier
M> 3 group
M> that I am a part of.
M> Each of these group basically administer a "branch" of the AD
M> structure but
M> report up.
M> Question - I would like to seperate servers by location or
M> Organizational Unit rather than function. I would like to be able to
M> add these admins to groups and as they add discover agents, I'd like
M> it to only find the ones they are purview to.
M>
M> Assumption - I'm assuming that I will merely have to setup multiple
M> Managment servers at each location (hospital) and have them report up
M> to my hardward (RMS).
M>
M> Any information from the collective would be excellent.
M>
M> Cheers!
M>
Thank you for your reply. I appologize for the vagueness of my initial post.
When I say 'Admin groups' I merely mean seperate groups that manage parts of
the AD structure. For example, our organization has several hospitals and
each has it's own IT staff. Our AD structure is designed in kind. Hospital
A has an OU of HA just as an example. I'd like Administrators of HA to only
discover,install, and gather information for OU HA.
With that said I believe you understand the scenerio. When you say create
profiles, do you mean User Roles? Or do you mean Run As Profiles? And as
far as dynamic groups, I assume you mean groups with dynamic memberships. Is
this the case? (So many terms!)
In my lab I tried a scenerio like this. I created a group with specific
permissions. I then created a User Role and made an AD group account a
member of it. In the User role I added the created group in the group scope.
The problem I ran into is building the dynamic query to only include those
OU's wanted. Do you have experiance in this area?
Thank you again for your input.
Thanks again!