Here is a great article on Microsoft PFE blog on how to enable, set and use Group Managed Service Account.
This Jump Start Training was held live last month and now it is available as a recordings. This course is led by Microsoft Senior Technical Evangelist Rick Claus and Ed Liberman from TrainSignal. The course is divided in 12 topics which can be found as separate videos here.
The Windows Server 2012 Core Network Guide provides instructions for planning and deploying the core components required for a fully functioning network and a new Active Directory® domain in a new forest. Using this guide, you can deploy computers configured with the following server roles and technologies:
· The Active Directory Domain Services (AD DS) server role
· The Domain Name System (DNS) server role
· The Dynamic Host Configuration Protocol (DHCP) server role
· The Network Policy Server (NPS) role service of the Network Policy and Access Services server role
· The Web Server (IIS) server role
· TCP/IP connections on individual servers
This guide also serves as a foundation for companion guides that show you how to deploy additional technologies in Windows Server 2012.
Download the guide from here.
Update: As I wrote Microsoft is announcing two new Solution Accelerator beta programs for System Center products and now it is official at Microsoft SCVMM team blog.
Solution Accelerators Team in Microsoft is starting two new initiatives:
- System Center Virtual Machine Manager Service Templates – Solution Accelerators Team will probably create a site where SCVMM service templates will be published and supported by Microsoft. The first release will include templates for various Windows Server 2008 R2 and 2012 Roles – Domain Controller, DNS, DHCP, IIS and File Server. There will be also add-in for SCVMM that will be able to browse and download these service templates.
- Datacenter Automation for the cloud – From this initiative we will probably see scripts and runbooks for Orchestrator supported by Microsoft. The first solutions will be focused on SharePoint and Windows Server – Orchestrator Runbooks for quick SharePoint farm back-up and recovery scenario; Back up a Web application; Back up a service application; Trace logs; Checking Disk Space, CPU and RAM; Sharepoint WMI scan for perf/alerts; Scan for missing patches / WMI.
The two initiatives will start as beta programs on Microsoft Connect soon.
The idea behind this article is to show you how you can create dynamic groups that represent different Service Level Agreements (for example GOLD, SILVER or BRONZE). Depending what SLA level is certain CI (server) it will be put in the corresponding group.
Also I should mention that this solution is already available over Internet but is described in a couple of articles by different authors an I just want to gather all the information on one place and point out some tips that will be helpful if you decide to implement such solution on your own.
First you need to build your SLA model. The best way is to use Active Directory. Lets say you have 3 different SLAs – GOLD, SILVER and BRONZE then you can create 3 security groups for example SLA-GOLD, SLA-SILEVR and SLA-BRONZE. In these groups you will put the AD computer objects of your servers. For example if server SQL01.lab.com have SLA GOLD the computer object of that server have to be added as member of group SLA-GOLD. With this example you distribute all your servers in the groups depending on your SLA. If you have servers that do not have SLA you do not add them in any of the groups. When you populate the 3 groups you have to create one GPO. That GPO should apply different registry key on the servers depending in which security group is. It is good idea the reg key to be applied in path like this HKLM\Software\CompanyName with DWORD Values like SupportLevel and data like 1 for GOLD, 2 for SILVER, 3 for BRONZE and 0 for NO-SLA. So if server doesn’t belong to any of the 3 groups DWORD Value SupportLevel with data 0 will applied. This GPO should be linked to the OU where you store the computer objects for your servers.
Note: You can use your own DWORD or String values for distinguishing SLA.
This SLA model for Active Directory was developed by my colleague Yordan Dimov.
Now that we have the registry keys applied to the servers we need to bring that information in SCOM. Kevin Holman has a great article describing how to do that titled “Creating custom dynamic computer groups based on registry keys on agents”.
The disadvantage of the proposed solution by Kevin is that it populates only the the SCOM computer objects in the dynamic groups. Kevin also mentions that disadvantage. Bu there is solution for that proposed by Tim McFadden in “Dynamic Computer groups that send heartbeat alerts”. In the article you will find out how to populate the groups the SCOM heartbeat object of the servers. In the comments of the article you can also find out a way to add the cluster names if the servers that are added to particular group are nodes of a cluster. I suggest to populate the groups with the heartbeat objects and the cluster names in order not to miss alerts when you forward them to SCSM or any other Configuration Management System.
Note: You have to have some some basic knowledge about the structure of management packs and XML.
After this you might think you are ready but there are some other obstacles you may face. If you have Hyper-V servers with virtual machines on top of them and you’ve imported Hyper-V management pack you will probably stumble on one particular issue. If you add Hyper-V server to SLA group all the virtual machines that are located on that server will be added to the SLA group in SCOM also. And some of these virtual machines may even do not have SLA and you alerts for them will be forwarded to your ticketing system. I can confirm that this issue is present in SCOM 2007 but you may also face it in SCOM 2012. In the Hyper-V Management Pack there is discovery that creates relationship between the Hyper-V server and the guest virtual machines but that association doesn’t work properly as it creates these weird issues. Another issue that you might face because of that association is for example if you put Hyper-V hosts in maintenance mode all virtual machines on that host will also be put in maintenance mode. But there is a cure for these issues also. You have to disable that discovery and Kevin described how in his article “Why do my group memberships for Windows Computers have machines that don’t belong there?”.
If you follow the steps described by Kevin and you still see this association for hyper-v servers that are part of clusters I suggest to follow these steps to resolve it completely:
1. Manually uninstall all SCOM agents on all nodes part of a cluster.
2. Remove the cluster name from agentless monitoring. If you can do it trough the SCOM console follow this article “Operations Manager (SCOM) 2007 – How to remove cluster objects from scom when computer objects in cluster cannot be deleted”.
4. Delete the nodes from Agent Managed views in Administration pane.
3. Run Remove-DisabledMonitoringObject command in SCOM PowerShell. Wait 20-30 min.
4. Install SCOM agents on all nodes.
5. Add cluster name to Agentless monitoring.
Now that you fixed any obstacles you can configure SCOM to send alerts to SCSM only for servers that are in SCOM SLA group. This can happen trough the following steps:
1. Open SCOM console.
2. Open Administration pane.
3. Open Internal connectors view.
4. Find the connector that sends alerts to SCSM and configure it to send alerts alerts only from your dynamic SLA groups.
Additionally with these SLA groups in SCOM you can create different overrides depending on SLA level.
Once again a big thank you to all members of the SCOM community.