If you are monitoring Active Directory in a multi-domain environment you might only want to monitor certain domain controller because you don’t have the administrative sovereignty nor any permission to access the other systems.
In that case you probably installed the SCOM agents to your domain controllers and imported the Active Directory management pack. If so SCOM will discover all other domain controller in the entire forest which don’t belong to you. They will appear under Windows Computers in the SCOM console as not monitored.
If you are aware of this BEFORE you deploy the agents to the domain controller you could enable DiscoverAgentOnly according to this article http://technet.microsoft.com/en-us/library/dd262020.aspx after the sealed Active Directory MP import and before deploying any SCOM agent to the domain controller. But what happen AFTER you installed agents, management pack and set your overrides? The only (fast) way to get rid of these not monitored domain controller objects was the following:
- uninstall the agents from the domain controllers
- export and delete the unsealed Active Directory override management pack
- delete all sealed Active Directory management pack
- get a coffee
- import the sealed Active Directory management packs from Microsoft
- import the unsealed Active Directory override management pack
- enable DiscoverAgentOnly discovery
- override the AD topology discovery for your RMS from 86400 seconds to 60 seconds
- deploy the agents to the domain controllers
- get another coffee
- Check back and you just will see only your monitored domain controllers under windows computer and also the Active Directory DA as well
- Make sure you set the AD topology discovery for your RMS back to 86400 seconds otherwise the discovery will run every minute
Update Note 19.12.2011: Here a very nice tutorial how to implement DiscoverAgentOnly. Please note that the SCOM Action Account needs Operations Manager Administration permission.