To get Agents working on DC’s you need to run some rules under the Priveliged Monitoring Account which is LocalSystem by default. When you deploy the agent if your default action account is localsystem this will/should work okay. But if your action account is a low privelige account then HSLockDown.exe will disable localsystem from running responses.
The HSLockDown.exe utility is in the MOM 2007 folder on all agents (System Center Operations Manager 2007 folder) and the syntax is
HSLockdown.exe /switch MGName Group
where switch is to add, remove, list the accounts etc and MGName is the Management Group Name, and Group is the NT group you are adding or removing.
You will see that the NT Authority\System is disallowed by default on these systems. You need to enable is by using HSLockDown.exe with the /A (for Add) switch to enable it. then your monitoirng should resume correctly.