http://scom-2012.blogspot.com/2012/01/grayed-out-domain-controllers-in-scom.html
I still had an issue with SCOM 2012 that Domain Controllers keep on greying out on the console after I have ran the HSLockdown tool on the server. We will look below on how to avoid further greyed out Domain Controllers on the SCOM Console.
When you deploy the Agent from the SCOM console, wait for it to complete with the installation and show up in the Windows Computers state view on the Monitoring tab.
The Agent show up as greyed out.
Logon to the server. Open up command prompt with elevated privileges. Navigate to the following path: C:\Program Files\System Center Operations Manager\Agent.
Run HSLockdown /L to show the account status. Notice that local system and SCOM action accounts is not showing.
We are going to add both of the accounts now (local system and SCOM action account).
Run HSLockdown /A "NT AUTHORITY\SYSTEM" (with quotes).
Run HSLockdown /A "<domain>\<action account>" (with quotes).
The action account needs access on the domain controller as it is used to access some of the event logs and run scripts on the server to complete its Agents tasks. Without adding the accounts the Agent will still show up as greyed out.
Run HSLockdown /L to show the account status. Notice that local system and SCOM action accounts is showing.
After adding the accounts it states that we need to restart the health service.
From the same command prompt run the following commands:
net stop healthservice and press enter.
net start healthservice and press enter.
We can now log off from the server and return to the SCOM console.
Depending on the speed of your network, the server will then turn green.
Hope that this post was helpful.
