Hi there,
Here is a brief summary for all users and groups required to install Operations manager 2012.
User
|
1. |
Create OU OpsMgr 2012 |
You will create all accounts and groups in this OU |
|
2. |
Create a domain account in the domain called OMAdmin |
This account will be used to install OpsMgr 2012 MS and RS This account will be the first Administrator of OpsMgr 2012 |
|
3. |
Create a domain account in the domain called OMAA Be sure to select User cannot change Password Password never Expires |
The OpsMgr 2012 uses the Action Account to gather operational data from providers, to run responses, and to perform actions such as installing and uninstalling agents on managed computers When you discover computers, you use this account by default to install Agent on computer |
|
4. |
Create a domain account in the domain called OMDAS Be sure to select User cannot change Password Password never Expires |
System Center Configuration service and System Center Data Access service account This account is one set of credentials that is used to update and read information in the operational database. Operations Manager ensures that the credentials used for the System Center Data Access service and System Center Configuration service account are assigned to the sdk_user role in the operational database |
|
5. |
Create a domain account in the domain called OMDWW The Data Warehouse Write Account Be sure to select User cannot change Password Password never Expires |
This Data Writer account provided will be assigned write permission on the Data Warehouse an read permissions on the Operation Database |
|
6. |
Create a domain account in the domain called OMDWR Data Reader Account Be sure to select User cannot change Password Password never Expires |
This Data Reader Account will be used to define what user SQL Reporting Service uses to execute queries against the Operation Manager Reporting Data Warehouse. This account is also used for the SQL Reporting Services and IIS Application Pool |
|
7. |
Create a domain account in the domain called SRVCSQL Be sure to select User cannot change Password Password never Expires |
This account will be used for the SQL Service on both SQL Server |
|
8. |
Create a domain account in the domain called OMNOT Be sure to select User cannot change Password Password never Expires |
This Notification account will be used to by the notification service |
|
9. |
Create a Global Security group OMAdmins |
This group Will be used the Full Administrator of OpsMgr 2012 |
|
10. |
Add OMAdmin, OMAA and OMDAS in the OMAdmins Global group |
The OMMA, OMDAS must be Local Administrator of all OpsMgr Servers We will add these Groups in the Global group OMAdmins |
|
11. |
The OMAdmins Global group must be member of all Local Administrators group of each Server |
Add the OMAdmins Global group to MTLMS01 Administrator Local group |
|
12. |
The OMAdmins Global group must be member of all Local Administrators group of each Server |
Add the OMAdmins Global group to MTLMS02 Administrator Local group |
|
13. |
The OMAdmins Global group must be member of all Local Administrators group of each Server |
Add the OMAdmins Global group to MTLMSQL01 Administrator Local group |
|
14. |
The OMAdmins Global group must be member of all Local Administrators group of each Server |
Add the OMAdmins Global group to MTLMRS01 Administrator Local group |
Important: The OMAdmin user must be able to create Database on both SQ Servers because during the installation the OpsMgr 2012 setup will created both Database in SQL, the operation manager Database and the Operation Manager Data Warehouse
After the SQL Installation the OMAdmin user doesn’t need this SQL Right
Additional Details and Information
We will also define some additional information during the deployment process, such as:
- Management Group name for Operations Manager will be named ACGLGroupProduction
- SQL instance for MTLSQL01 (Operations Manager Database) is going to be called OPSMGROM
- SQL instance for MTLSQL01 (Operations Manager Database Warehouse) is going to be called OPSMGRRS
Notification Groups…
At ACGL Corporation (our scenario of this series) we have several teams, such as:
- Windows Team
- Share point Team
- SQL Team
- Exchange Team
- IIS Team
The following table has the summary of those initial groups that will be used for Notification.
For that, we will create a Universal group and mail enable these groups, (to be able to Mail Enable group in Exchange 2010 the group must be Universal). The group will be also Security group because we will use the same groups to create the OpsMgr Role
|
1. |
Create a Universal Security group WindowsTeam |
Mail Enable this group in Exchange 2010 WindowsTeam@acgl.ca |
|
2. |
Create a Universal Security group SharepointTeam |
Mail Enable this group in Exchange 2010 SharePointTeam@acgl.ca |
|
3. |
Create a Universal Security group SQLTeamTeam |
Mail Enable this group in Exchange 2010 SQLTeam@acgl.ca |
|
4. |
Create a Universal Security group ExchangeTeam |
Mail Enable this group in Exchange 2010 ExchangeTeam@acgl.ca |
|
5. |
Create a Universal Security group IISTeam |
Mail Enable this group in Exchange 2010 IISTeam@acgl.ca |
Cheers,
Alain Laventure
Senior Consultant
Exchange Expert, SCOM Expert and Lync specialist
Allain’s Bio: http://msmvps.com/blogs/andersonpatricio/pages/bio-alain-laventure.aspx