Best practice to use SCOM 2019 to monitor two different forest

Ahmed Essam 201 Reputation points
2021-03-03T08:52:01.567+00:00

Hello,

We've three different forests but all on the same hardware, I will install SCOM 2019 with the latest RU in the forest (ABC.LOCAL), how to monitor the devices in the other two forests (XYZ.LOCAL) (domain.local)

Thanks in advance

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,437 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. CyrAz 5,181 Reputation points
    2021-03-03T09:58:57.387+00:00

    If the other forests are trusted, you can deploy agents without doing anything particular.
    Otherwise the best option would be to deploy SCOM Gateways in these forests.


  2. Crystal-MSFT 45,251 Reputation points Microsoft Vendor
    2021-03-04T01:55:20.013+00:00

    @Ahmed Essam , If we can deploy Forest Trust with two-way direction, That means users in one forest can access resource in any domain in the other forst. We can see more details about forest trust in the following link:
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773178(v=ws.10)#forest-trusts

    For the authentication using kerberos between the agents in any domain of one forest and SCOM server in another forest can be routed. We can see more details in the following link:
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773178(v=ws.10)#kerberos-based-processing-of-authentication-requests-over-forest-trusts

    However, if trust can be not built, to monitor the agent in an untrusted domain, certificate is needed for the authentication. For this situation, Gateway server is recommended to be used for agent management of computers that are outside the Kerberos trust boundary of management group. We can see more details in the following link:
    https://learn.microsoft.com/en-us/system-center/scom/deploy-install-gateway-server?view=sc-om-2019

    Hope it can help.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.