OpsMgr 2012: Identifying Computers in Active Directory without an OpsMgr Agent Installed [sample script]

A pretty common request for OpsMgr is a method to identify the servers in Active Directory that do not have an OpsMgr agent installed. With the Active Directory PowerShell module available on Windows 2008 R2, it’s pretty easy to query computer accounts in bulk without a lot of complexity. In this sample we’ll do a comparison of agents in OpsMgr versus computer accounts in Active Directory to identify the gaps to create a simple list of computers that need agents. This is a very quick example (not a lot of error-checking), but that at least provides a roadmap for how identify gaps in your environment.

Pseudo code looks like this:

  1. Read a list of agent-managed computers into an array, which allows for quick in memory comparison and avoids repeated calls to OpsMgr
  2. Query the desired OU or other container in active directory to retrieve a list of computer accounts that can be compared to the agent list retrieved in step one
  3. For computers without an agent, read the computer name out to a file

1) Retrieving an Agent List

In the first part of the script (shown here), we load the necessary PowerShell modules, connect to the OpsMgr management group and read the list of agent-managed computers into an array.

2) Identify Computers Not Represented in OpsMgr
In the latter portion of the script  connect active directory using the native RTU PowerShell  cmdlets  and make the comparison of computer  accounts  to OpsMgr  agents.  Any  computer accounts not represented in the OpsMgr are written out to the gap  report file. There are two script parameters , both  of which are required

  • SearchDC – the domain controller that will be used execute the search ( important for multi-domain support)
  • SearchBase – distinguished name of the root container of the search

Note: You can adjust the -LDAPFilter value in the script to filter based on machine name or other parameters. Use Get-Help Get-ADComputer -examples at a PowerShell prompt for more info.

3) Running the Script

Implementing the call to AD as a function makes it easier to call multiple domains ( potentially in different forests) quickly.

Full Sample

Here is the full sample for cut-and-paste:In part two tomorrow we’ll take this step further and automate the agent deployment.


Additional Resources

Here are some articles related to the MS Private Cloud and System Center 2012 you may find useful.

Orchestrator Jumpstart Series

0 thoughts on “OpsMgr 2012: Identifying Computers in Active Directory without an OpsMgr Agent Installed [sample script]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.