I came to this realization last year, but I don’t think I wrote about it.
When monitoring domain controllers, specifically domain controllers running on Windows Server 2016, and specifically with System Center Operations Manager 2016 (and later, I assume) have a bit of an issue when you deploy the SCOM Agent to the server. It deploys, it installs… but when you look at the list, your domain controllers do not have that friendly GREEN check mark… you get the same icon, but it is grey.
Reason? The Health Service is denying the NT AUTHORITY\SYSTEM.
This is an easy fix. If you are running Server with Desktop Experience (what we until recently called the GUI), then make sure you open the Command Prompt with elevated privileges. Navigate to c:\Program Files\Microsoft Monitoring Agent\Agent, and then type the following:
- HSLockdown.exe /A “NT AUTHORITY\SYSTEM”
- net stop healthservice
- net start healthservice
Once you do that, it should only take a minute for SCOM to reflect the change. If you are too impatient to wait, you can click REFRESH.
I hope this helps!