Hi list,
You can not have a local
group( Tivoli_admin_privleges) on any DC’s, what you have mentioned below about having a local grp on a
DC is a bit misty, I think you mean a DOMAIN
LOCAL grp not a local grp?
win2k3 has a confusing concept.
I have experienced loads
of problems within my environment because they wanted domain accounts and
groups across the whole solution, servers and workstations, had to delete all Tiv
local and group accounts, also the WIDMAP had to be domain\tivoliaccount. Which
was given domain Admins rights and added to the global Tivoli_admin_priv grp
The domain group (Tivoli_admin_priv)
that is needed on all DC’s, really wants to be a global group not a domain group both are ok but global is preferred), the reason is for future planning and expansion
of the win2k3 environment, a domain grp cannot be nested into a global grp, a global grp can be nested into another global grp as well as a domain group, in my environment they have
made-up global grps which has been
assigned to certain privileges (I.E bypass traverse checking grp), the global Tivoli_admin_privleges
grp is nested into these certain global privileges
grps, they then can be added to any Domain grp, they have done this because other 3rd party tools need some of the
same privilege rights as the Tivoli_admin_privleges
global grp, and certain w2k3 users need these Privileges rights for
certain jobs.
Hope this helps
Nigel Mackness
Tivoli Design
& Support
( Phone: xxx-xxx-xxxx(8351)
+ mailto:nigel.mackness@xxxxxxx
-----------------------------------------------------------------------------------------------------------------------------------------------------------
don't think there are
local users but local groups can be defined in the domain controller.
Just a few days ago someone mentioned that the group Tivoli_Admin_Privileges
should be a local group instead of a domain group when running Tivoli on a DC. I'm not sure whether
there is a distinction between local and domain users though. But,
does it mean that if I wanted to monitor AD Domain Controllers, ITM/TMR Server
needs to be part of the domain?
Thanks,
Carlo Camus
Corporate Information
Office - Philippines
Siemens, Inc.
From:
owner-tme10@xxxxxxxxxxxxxxxx [mailto:owner-tme10@xxxxxxxxxxxxxxxx] On Behalf Of Bontrager, Greg
Sent: Thursday, February 24, 2005
12:32 PM
To: 'tme10@xxxxxxxxxxxxxxxx'
Subject: RE: [tme10] Monitoring
for Windows2003 Active Directory
You are correct unless
you are planning on monitoring/managing AD Domain Controllers. Since
there are no local IDs and/or groups, you will need the appropriate groups and
IDs set up in the Default Domain Controller User Rights assignments.
Greg Bontrager
EDS Global Client
Engineering - GM
248-265-9579
From:
owner-tme10@xxxxxxxxxxxxxxxx [mailto:owner-tme10@xxxxxxxxxxxxxxxx] On Behalf Of Camus Carlo
Sent: Wednesday, February 23, 2005
9:56 PM
To: tme10@xxxxxxxxxxxxxxxx
Subject: RE: [tme10] Monitoring
for Windows2003 Active Directory
Is it necessary that the
Tivoli Servers (and the user accounts) are part of the Active Directory
Domain? From what I know, it is only necessary that the localgroups and
local accounts are setup properly.
From:
owner-tme10@xxxxxxxxxxxxxxxx [mailto:owner-tme10@xxxxxxxxxxxxxxxx] On Behalf Of Per Eklund
Sent: Wednesday, February 23, 2005
8:35 PM
To: tme10@xxxxxxxxxxxxxxxx
Subject: Re: [tme10] Monitoring
for Windows2003 Active Directory
I have implement ITM for AD on windows 2003 srv.
Whe are on patch level, 5.1.1-ADO-FX01. The rm's is working
fine.
You must add all the prereq, perfmon etc...
Our AD guys think the Tivoli
monitors is OK.
We have do day monitors on 10 Domain controller in one big
AD,
Be careful when you set up the user rights for the tme
account in the domain.
Per Eklund
CDTS-S
Tivoli
Systemspecialist.
Handelsbanken
Tegeluddsvägen 10
+4687015016
|
"Saleem, Mohamed Yunus"
<SALEEMM@xxxxxxxxxxxxxxx>
Sänt
av: owner-tme10@xxxxxxxxxxxxxxxx
2005-02-21
09:24
|
Sänd svar till
tme10@xxxxxxxxxxxxxxxx
|
|
|
Till
|
<tme10@xxxxxxxxxxxxxxxx>,
<tme10-digest@xxxxxxxxxxxxxxxx>
|
|
Kopia
|
|
|
Ärende
|
[tme10] Monitoring for Windows2003 Active Directory
|
|
Hello everyone
Has anyone implemented
Tivoli Monitoring for Windows 2003 Active
Directory. Please provide
suggestion
I think IBM still does not
support ITM for W2k3.
Thanks in adv
saleem
