How to Deploy and Configure OpsMgr 2012 – Part 3 – Users and Groups required for OpsMgr 2012 SP1

Hi there,

Here is a brief summary for all users and groups required to install Operations manager 2012.

User

1.

Create OU OpsMgr 2012

You will create all accounts and groups in this OU

2.

Create a domain account in the domain called OMAdmin

This account will be used to install OpsMgr 2012 MS and RS

This account will be the first Administrator of OpsMgr 2012

3.

Create a domain account in the domain called OMAA

Be sure to select

User cannot change Password

Password never Expires

The OpsMgr 2012 uses the Action Account to gather operational data from providers, to run responses, and to perform actions such as installing and uninstalling agents on managed computers

When you discover computers, you use this account by default to install Agent on computer

4.

Create a domain account in the domain called OMDAS

Be sure to select

User cannot change Password

Password never Expires

System Center Configuration service and System Center Data Access service account

This account is one set of credentials that is used to update and read information in the operational database. Operations Manager ensures that the credentials used for the System Center Data Access service and System Center Configuration service account are assigned to the sdk_user role in the operational database

5.

Create a domain account in the domain called OMDWW

The Data Warehouse Write Account

Be sure to select

User cannot change Password

Password never Expires

This Data Writer account provided will be assigned write permission on the Data Warehouse an read permissions on the Operation Database

6.

Create a domain account in the domain called OMDWR

Data Reader Account

Be sure to select

User cannot change Password

Password never Expires

This Data Reader Account will be used to define what user SQL Reporting Service uses to execute queries against the Operation Manager Reporting Data Warehouse. This account is also used for the SQL Reporting Services and IIS Application Pool

7.

Create a domain account in the domain called SRVCSQL

Be sure to select

User cannot change Password

Password never Expires

This account will be used for the SQL Service on both SQL Server

8.

Create a domain account in the domain called OMNOT

Be sure to select

User cannot change Password

Password never Expires

This Notification account will be used to by the notification service

9.

Create a Global Security group OMAdmins

This group Will be used the Full Administrator of OpsMgr 2012

10.

Add OMAdmin, OMAA and OMDAS in the OMAdmins Global group

The OMMA, OMDAS must be Local Administrator of all OpsMgr Servers

We will add these Groups in the Global group OMAdmins

11.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMS01 Administrator Local group

12.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMS02 Administrator Local group

13.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMSQL01 Administrator Local group

14.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMRS01 Administrator Local group

Important: The OMAdmin user must be able to create Database on both SQ Servers because during the installation the OpsMgr 2012 setup will created both Database in SQL, the operation manager Database and the Operation Manager Data Warehouse
After the SQL Installation the OMAdmin user doesn’t need this SQL Right

Additional Details and Information

We will also define some additional information during the deployment process, such as:

  • Management Group name for Operations Manager will be named ACGLGroupProduction
  • SQL instance for MTLSQL01 (Operations Manager Database) is going to be called OPSMGROM
  • SQL instance for MTLSQL01 (Operations Manager Database Warehouse) is going to be called OPSMGRRS

Notification Groups…

At ACGL Corporation (our scenario of this series) we have several teams, such as:

  • Windows Team
  • Share point Team
  • SQL Team
  • Exchange Team
  • IIS Team

The following table has the summary of those initial groups that will be used for Notification.

For that, we will create a Universal group and mail enable these groups, (to be able to Mail Enable group in Exchange 2010 the group must be Universal). The group will be also Security group because we will use the same groups to create the OpsMgr Role

1.

Create a Universal Security group WindowsTeam

Mail Enable this group in Exchange 2010

WindowsTeam@acgl.ca

2.

Create a Universal Security group SharepointTeam

Mail Enable this group in Exchange 2010

SharePointTeam@acgl.ca

3.

Create a Universal Security group SQLTeamTeam

Mail Enable this group in Exchange 2010

SQLTeam@acgl.ca

4.

Create a Universal Security group ExchangeTeam

Mail Enable this group in Exchange 2010

ExchangeTeam@acgl.ca

5.

Create a Universal Security group IISTeam

Mail Enable this group in Exchange 2010

IISTeam@acgl.ca

Cheers,
Alain Laventure
Senior Consultant
Exchange Expert, SCOM Expert and Lync specialist
Allain’s Bio: http://msmvps.com/blogs/andersonpatricio/pages/bio-alain-laventure.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *