we have a complex IT environment. I plan and deploy SCOM for this infrastructure based on SCOM 2016.
One of the essentail question is how to build the best notifications to the existing AD groups and/or to person accounts (to server responsibilites). I know, it is not easy in this complex IT infrastructure.
Now, back to our IT / organizational infrastructure. We have following up-to-date status:
– many business divisions exist.
– within these divisions, there are also some sub-divisions.
– the divions are not presented in the related OUs for the divisions.
– each division/sub-division has many servers based on Windows, Linux/Unix including different server applications.
– each division servers will be managed by server responsibilites. Some of responsibilities for each division/sub-division are only for OS, the others for server applications, and some for both.
– server responsibilites are members in the related Active Directory division/sub-division group.
– There are also some external person/groups which are not a member of the servers responsilities groups in AD.
– We have the “FNT Software” https://www.fntsoftware.com which has own database and partially connected to AD using some AD attributes. In FNT, there are also the attribute fields of server responsibilities which are not connected with AD attributes of server responsibilites groups.
Now, here are some notices/questions:
– We prefer use dynamicaly SCOM groups for each division/sub-division which are searched by SCOM Management Servers and grouped to individual SCOM object groups for each division/sub-division. We’d like to use the attribute for server responsilities in FNT (in related to AD) to build dynamical SCOM groups. I am not sure, if there is a possibility to build SCOM dynamical groups by directly connecting to FNT software using FNT server responsibilities fields/attributes.
– Alternatively, we can build SCOM dynamical groups using registry keys.
– Each division/sub-division server responsilities should get notifications (also alerts) about the division/sub-division objects.
– If necessary (it will be also) the external server responsibilities should also get notifications/alerts for only one oder more objects of the SCOM dynamical division group, but not from all objects in this group.
Uhh… You see..Not easy…very complex…
What are your suggestions / what are the best practices in our case?
First off decide on a naming convention, example, EXCH-PROD. this will drive the other names, such as your computer group name, EXCH-PROD Computer Group, and your subscription name EXCH-PROD subscription, and EXCH-PROD Subscribers, add the user Role Name: EXCH-PROD User Roles. Once you have more than 5 groups this will save your sanity. Try and have the Group in AD named EXCH-PROD-SCOM-Users unless there is some kind of naming standard for AD which most companies have. Have the groups drive the Subscriptions.
the easiest thing to do would be to utilize registry keys that will dynamically populate groups. Link to white paper that discusses all about groups: