MOMADAdmin.exe in Child Domains

While working in an environment that has an empty forest root with child domains we needed to prep all the domains with the ADAdmin tool. Normally if you need the proper syntax you can type the command with no params and get the usage statement. However the useage statement for the MOMADAdmin.exe isn't detailed enough to make the command run successfully, if you are not very familiar with it.

Normally one would use the FQDN of the Groups and computer however after running in to a few errors we decided to RT*** well I sure you understand where I am going from here... anyway we ran a Google search and found a few articles about the tool, however once we hit Technet and found the documentation for the tool and noticed that it states you have to use the Domain\Group and Domain\RSMServer syntax. Once we followed the instructions we were able to prep AD (all 4 child domains) for SCOM from the RMS.

From TechNet

MOMAdminSecurityGroup is a domain security group, domain\security_group format, which is a member of the Operations Managers Administrators security role for the Management Group.

• For Active Directory integration to work, the security group must be either a global security group (if Active Directory integration needs to function in multiple domains with 2 way trusts) or a local domain group (if Active Directory integration is only used in one domain)
• To make a security group to be Management Group Operations Manager Group Administrator, use the following procedure.
  1. In Operations Console, select Administration.
  2. In the Administration pane, select User Roles under Security.
  3. In User Roles, select Operations Manager Administrators and click the Properties action or right click Operations Manager Administrators and select Properties.
  4. Click Add to open the Select Group dialog box.
  5. Select the desired security group, and then click OK to close the dialog box.
  6. Click OK to close User Role Properties.

  Note

  We recommend one security group, which might contain several groups, be used for the Operations Manager 2007 Administrators role. That way, groups and members of groups can be added and removed from groups without a domain administrator needing to perform manual steps to assign them Read and Delete Child permissions to the Management Group container.

RootManagementServerComputerName or RunAsAccount.

• RootManagementServerComputerName: The value must be the computer name, domain\computer_name format, of the root Management Server for the Management Group. For information about identifying the Root Management Server, see How to Identify the Root Management Server for an Operations Manager 2007 Management Group.
• RunAsAccount: Reserved for future use.

Domain is the name of the domain in which the Management Group container will be created. MOMADAdmin.exe can be run across domains only if a two-way trust exists between them

Read the complete post at http://david-stclair.spaces.live.com/Blog/cns!112A71B19678F08D!177.entry