How to Deploy and Configure OpsMgr 2012 – Part 3 – Users and Groups required for OpsMgr 2012 SP1

Hi there,

Here is a brief summary for all users and groups required to install Operations manager 2012.

User

1.

Create OU OpsMgr 2012

You will create all accounts and groups in this OU

2.

Create a domain account in the domain called OMAdmin

This account will be used to install OpsMgr 2012 MS and RS

This account will be the first Administrator of OpsMgr 2012

3.

Create a domain account in the domain called OMAA

Be sure to select

User cannot change Password

Password never Expires

The OpsMgr 2012 uses the Action Account to gather operational data from providers, to run responses, and to perform actions such as installing and uninstalling agents on managed computers

When you discover computers, you use this account by default to install Agent on computer

4.

Create a domain account in the domain called OMDAS

Be sure to select

User cannot change Password

Password never Expires

System Center Configuration service and System Center Data Access service account

This account is one set of credentials that is used to update and read information in the operational database. Operations Manager ensures that the credentials used for the System Center Data Access service and System Center Configuration service account are assigned to the sdk_user role in the operational database

5.

Create a domain account in the domain called OMDWW

The Data Warehouse Write Account

Be sure to select

User cannot change Password

Password never Expires

This Data Writer account provided will be assigned write permission on the Data Warehouse an read permissions on the Operation Database

6.

Create a domain account in the domain called OMDWR

Data Reader Account

Be sure to select

User cannot change Password

Password never Expires

This Data Reader Account will be used to define what user SQL Reporting Service uses to execute queries against the Operation Manager Reporting Data Warehouse. This account is also used for the SQL Reporting Services and IIS Application Pool

7.

Create a domain account in the domain called SRVCSQL

Be sure to select

User cannot change Password

Password never Expires

This account will be used for the SQL Service on both SQL Server

8.

Create a domain account in the domain called OMNOT

Be sure to select

User cannot change Password

Password never Expires

This Notification account will be used to by the notification service

9.

Create a Global Security group OMAdmins

This group Will be used the Full Administrator of OpsMgr 2012

10.

Add OMAdmin, OMAA and OMDAS in the OMAdmins Global group

The OMMA, OMDAS must be Local Administrator of all OpsMgr Servers

We will add these Groups in the Global group OMAdmins

11.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMS01 Administrator Local group

12.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMS02 Administrator Local group

13.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMSQL01 Administrator Local group

14.

The OMAdmins Global group must be member of all Local Administrators group of each Server

Add the OMAdmins Global group to

MTLMRS01 Administrator Local group

Important: The OMAdmin user must be able to create Database on both SQ Servers because during the installation the OpsMgr 2012 setup will created both Database in SQL, the operation manager Database and the Operation Manager Data Warehouse
After the SQL Installation the OMAdmin user doesn’t need this SQL Right

Additional Details and Information

We will also define some additional information during the deployment process, such as:

  • Management Group name for Operations Manager will be named ACGLGroupProduction
  • SQL instance for MTLSQL01 (Operations Manager Database) is going to be called OPSMGROM
  • SQL instance for MTLSQL01 (Operations Manager Database Warehouse) is going to be called OPSMGRRS

Notification Groups…

At ACGL Corporation (our scenario of this series) we have several teams, such as:

  • Windows Team
  • Share point Team
  • SQL Team
  • Exchange Team
  • IIS Team

The following table has the summary of those initial groups that will be used for Notification.

For that, we will create a Universal group and mail enable these groups, (to be able to Mail Enable group in Exchange 2010 the group must be Universal). The group will be also Security group because we will use the same groups to create the OpsMgr Role

1.

Create a Universal Security group WindowsTeam

Mail Enable this group in Exchange 2010

WindowsTeam@acgl.ca

2.

Create a Universal Security group SharepointTeam

Mail Enable this group in Exchange 2010

SharePointTeam@acgl.ca

3.

Create a Universal Security group SQLTeamTeam

Mail Enable this group in Exchange 2010

SQLTeam@acgl.ca

4.

Create a Universal Security group ExchangeTeam

Mail Enable this group in Exchange 2010

ExchangeTeam@acgl.ca

5.

Create a Universal Security group IISTeam

Mail Enable this group in Exchange 2010

IISTeam@acgl.ca

Cheers,
Alain Laventure
Senior Consultant
Exchange Expert, SCOM Expert and Lync specialist
Allain’s Bio: http://msmvps.com/blogs/andersonpatricio/pages/bio-alain-laventure.aspx

Exchange Server 2013 at Technet Videos

Good morning folks,

Exchange Team released two new videos about Exchange Server 2013, as follows:

Cheers,
Anderson Patricio
http://www.andersonpatricio.ca
http://www.andersonpatricio.org (Portuguese)
Twitter: @apatricio

How to Deploy and Configure OpsMgr 2012 – Part 2 – Schema Environment

Hi There,

Here is Alain and welcome back to the second articles of this series. For this series, we will use an example network call ACGL.CA with a number of servers in it, which will use throughout this series

Server inventory

All OS Servers will be running Windows Server 2012 and SQL Servers will be running SQL 2012.

  • We will install 2 OpsMgr 2012 Management Servers
  • We will Install 1 SQL 2008 R2 Server for Operational Database
  • We will install 1 SQL 2008 R2 Reporting Services and OpsMgr 2012 Reporting Server
  • We will install 2 OpsMgr 2012 Gateway Servers for load Balancer

We will deploy agents into the internal network and into DMZ. We can install only one SQL server and install both Operation manager database and Operation Manager Data Warehouse on the same server.

Use the Sizing Helper Tool for evaluate how many servers and configuration you will need for your OpsMgr 2012 Infrastructure at this URL

clip_image002

OpsMgr 2012 Schema Environment

In this series we will build together this following OpsMgr 2012 Infrastructure.

image

Servers configuration

Based on the previous diagram we are going to build the environment and for the LAN portion here is the default values:

  • Active Directory domain is acgl.ca
  • CPU and Memory information based on the results of the Sizing Helper Tool
  • Gateway is 192.168.1.1
  • Primary DNS is 192.168.1.200
  • C partitions was configured with 20GB
  • D Partition based on the recommendation from Sizing Helper Tool, if there is no recommendation then we went to 20GB as well

Here are the servers

Server Name

Server Role

Network

IP

MTLDC01

Active Directory, DNS and PKI Server

LAN

192.168.1.200

MTLSQL01

SQL Database Operation Database

LAN

192.168.1.203

MTLRS01

SQL Database Data Warehouse and OM Reporting Server

LAN

192.168.1.204

MTLMS01

Operation Manager 2012

LAN

192.168.1.201

MTLMS02

Operation Manager 2012

LAN

192.168.1.202

We will also have servers located in the DMZ (Agents and OpsMgr Gateway Servers) and these servers share these following characteristics:

  • They are not part of the domain, they are in a workgroup mode
  • CPU and Memory information based on the results of the Sizing Helper Tool
  • Default gateway is 192.168.2.1
  • Primary DNS is 192.168.1.200
  • C partitions was configured with 20GB
  • D Partition based on the recommendation from Sizing Helper Tool, if there is no recommendation then we went to 20GB as well

Server name

Role

Network

IP

MTLGW01

Operation management Server

DMZ

192.168.2.201

MTLGW02

Operation management Server

DMZ

192.168.2.202

In our next article

In the following article of this series we will be going over these following key points:

  • All users and groups needed for OpsMgr 2012 installation
  • All Groups for notification
  • Management Group Name
  • SQL Service Account
  • All users Membership

Cheers,
Alain Laventure
Senior Consultant
Exchange Expert, SCOM Expert and Lync specialist
Allain’s Bio: http://msmvps.com/blogs/andersonpatricio/pages/bio-alain-laventure.aspx

Managing Calendar permissions using PowerShell in Exchange Server 2010

Good morning folks (A beautiful winter day without snow here in Toronto),

In Today’s post we are going over the Add-MailboxFolderPermission cmdlet. This command is very helpful if you have a busy Director that wants a new assistant to have access to his Calendar and he doesn’t have time to do it.

First of all, I would recommend to list the current Calendar permissions for our user and it can be done using Get-MailboxFolderPermission <mailbox>:\Calendar

image

Adding permissions…

Now that you know what is going on, you can add a new user and to do that just run the following cmdlet Add-MailboxFolderPermission <mailbox>:\Calendar –User <Mailbox-that-will-have-access> –AccessRights <Editor,Owner,PublishingEditor,PublishingAuthor,Author,NonEditingAuthor,Reviewer,Contributor>

image

Removing Permissions

Okay, we also need to be able to remove permissions and it can be easily done by running the following cmdlet: Remove-MailboxFolderPermission <mailbox>:\Calendar –User <Mailbox-that-will-be-removed-from-Calendar-Permissions> and then type Y to confirm.

image

Cheers,
Anderson Patricio
http://www.andersonpatricio.ca
http://www.andersonpatricio.org (Portuguese)
Twitter: @apatricio

Removing the first line (#TYPE) when using Export-csv cmdlet

Hello my friends,

If you export data from Exchange you may have already noticed that after exporting data you will have a first line which by default starts with #TYPE and then specifies the object (full qualified).

If you are not sure we can show you the issue in a couple of steps. First Let’s get a list of all our mailboxes and then export to the file OUTemp.csv

image

If we open the file, here we have the first line with the information.

image

It’s not a big deal but when you open on Excel instead of having your columns ready to rock and roll you have to go there and delete the line.

image

The solution..

The solution can be found in the export-csv cmdlet by using the switch –NoTypeInformation as show in the figure below.

image

Now, as result we can open the CSV file generated by the previous cmdlet and voilà we don’t have that line.

image

Cheers,
Anderson Patricio
http://www.andersonpatricio.ca
http://www.andersonpatricio.org (Portuguese)
Twitter: @apatricio

How to Deploy and Configure OpsMgr 2012

Hello my friends,

Please join me to welcome the fellow Canadian IT Pro Alain Laventure as he presents his first article here with us starting a journey to deploy and configure System Center Operations Manager 2012.

In this series, I will give you a best practice guide how to build a full OpsMgr 2012 environment from scratch and here is an overview of the upcoming posts:

Design OpsMgr 2012 Environment

  • Create Architecture document
    • OpsMgr 2012 Schema Environment
    • OpsMgr 2012 Server Configuration
    • Planning Capacity
    • Users needed for OpsMgr 2012 Installation
    • Other users and group Needed for Notification and Roles

Deploy OpsMgr 2012 Environment

Configure OpsMgr 2012 Environment

  • Install and configure the OpsMgr 2012 Web Console
  • Install the OpsMgr 2012 Console on Workstation
  • Deploy OpsMgr 2012 agent to all Windows servers
  • Configure the notification
  • Configure the Role for Administration delegation
  • Configure the Management Pack No Seal Backup

Import and Fine Tune Managements Pack

  • Import the Windows management Pack
  • Import Management Pack for DNS
  • Import management Pack for DHCP
  • Import management Pack for IIS7
  • Import Management Pack for AD 2003, 2008, 2008R2 and 2012
  • Import Management Pack for Exchange 2003, 2010 and 2013
  • Import Management Pack for Lync 2010 and 2013
  • Import Management Pack for SQL 20005, 2008 and 2012
  • Import management Pack for Share point 2007, 2010 and 2013

Install and Configure OpsMgr 2012 Gateway Server (DMZ)

  • Prepare certificate for Agent and Gateway
  • Install and configure the OpsMgr Gateway 2012 Server
  • Install the OpsMgr 2012 agents on the servers in the DMZ

Create Management pack with the authoring console

  • Install the Authoring console
  • Install the XML Editor
  • Create a new class with the Authoring Console
  • Create a new Management pack with the authoring console

Stay tuned as we move forward on this series.

Cheers,
Alain Laventure
Senior Consultant
Exchange Expert, SCOM Expert and Lync specialist
Allain’s Bio: http://msmvps.com/blogs/andersonpatricio/pages/bio-alain-laventure.aspx

Using OAB Global Web Distribution in Exchange Server 2010

Happy new year my dear friends (and a freezing –5 here in Toronto Today!)

In Today’s post we are going over a nice feature that is not used a lot in most of the customers that I worked with which is the Global web Distribution for OAB.

In the default OAB we will see something like this for the Default Offline Address Book. In a normal situation we would go there and enable the Web-based distribution and add the servers which is totally fine when you have a few servers and you don’t change a lot.

image

However let’s think for a moment in environment with tons of sites where all sites have Exchange Servers, or in multi-tenancy environment where several servers are added/removed in a monthly basis.

The automatic solution!

There is a neat solution called GlobalWebDistributionEnabled on each Offline Address Book. What this feature does is that configures automatic any new CAS server to receive the OAB which is great. If you want to do that

image

In order to get the information about any given OAB we can run the following cmdlet:

Get-OfflineAddressBook | Select Name,Version,AddressLists,Global* | fl

Cool, eh? If you want to enable that we just need to run the following cmdletL

Set-OfflineAddressBook –Identity ‘\Default Offline Address Book’ –GlobalWebDistributionEnabled $True

image

Now if an administrator goes there to try to add something that is going to be the message:

image

Note: The Public folder distribution method is not impacted by this procedure so it’s up to you whether you enable or not such feature.

Cheers,
Anderson Patricio
http://www.andersonpatricio.ca
http://www.andersonpatricio.org (Portuguese)
Twitter: @apatricio

Bio: Alain Laventure

 

Alain Laventure

Senior Consultant
Exchange Expert, SCOM Expert and Lync specialist

Alain Laventure is based in Montreal and he has been focusing on Microsoft technology for more than 20 years now.

His expertise is mainly focused on Microsoft Exchange architecture/deployment, and SCOM 2007 to SCOM 2012 and Lync 2010 Architecture and deployment and Microsoft Window Public Key Infrastructure (PKI) and Windows Active directory.

He has helped many organizations provide Architecture, deployment. He has worked with SCOM since version 2007, Exchange since the First Version 4.0

Alain Holds several Microsoft certification since 1995 such as Exchange, Lync and several other

Please check all articles written by him here: http://msmvps.com/blogs/andersonpatricio/archive/tags/Alain+Laventure/default.aspx