Back in the days when I started working with MOM 2005 (Microsoft Operations Manager 2005) I was hired to work with MOM 2005 daily as a MOM Administrator.
I was responsible for monitoring and therefore my privileges where most of the time slim to none on remote servers.
This was a hassle to get even the simplest information from the remote system and hated sending in a request to wait a couple of days just to get a service name or event.
Ever since I started working in the IT I always strive to make my life as easy as possible and avoid hassle and repetitive actions as much as possible.
This led me to scripting and finding ways of getting things done with the least amount of hassle.
One of the things we (my colleague Johan Moritz and I )discovered was in MOM 2005 the agent most of the time was running with high privileges, making it possible to run stuff as tasks on the agent !
This was for us the way to write tons of handy scripts which could be executed at the agent to gather information. Since we both live by the rule “Try harder!” we figured out ways to do pretty much anything
Some side note in MOM 2005 Security was less secure than today but the fundamentals still work.
The idea about this blog post is to gather information within SCOM 2012 R2 environment more easily and make SCOM work for you.(As should any IT related system in my opinion)
I have stumbled upon numerous MOM /SCOM environments talking with many different administrators from rookies to advanced and still I am amazed to find people doing stuff repetitive, manual and with a lot of hassle.
But for now just focus on retrieving information for a SCOM Administrator responsible for monitoring.
Aside from day to day maintenance you will get requests for monitoring extra applications.
Now the request most of the times is:
App Owner: “We want monitoring!”
SCOM Admin: ”Nice! But what do you want to monitor?”
App Owner: “Well our application! Isn’t that obvious?” Looking a little annoyed “ Yeah and some cool views a dashboard and reporting as well!”
SCOM Admin: “Ok but let’s start with the basics. I need to know the components like Services, Events, urls, databases, servers etc. which make up the application”
App Owner: Drops a list on your desk with server names and runs off again yelling “I want it done by tomorrow!”
If this sounds familiar let’s continue reading:
To gather this information yourself from SCOM (obviously an agent needs to be installed!)
There is a nice task list services which you can use to list all services! Nice! Let’s do this and write a service monitor!
After creating the monitor you quickly discover you need the Name of the service and not the display name of the service which makes this task useless.
Now to create a quick overview on services in PowerShell :
get-service |select DisplayName, Name, Status |Sort-Object DisplayName |ft –AutoSize
now how to get this in a task?
Create New Task:
Task Name: _List Services
Target: Windows Computer
You can off course change the target to a other scope,but since we wants this to run on every Computer we choose Windows Computer Class.
Note! After saving the tasks you cannot change the target from the console! You need to re-create or adjust the xml to change the Target!
get-service |select DisplayName, Name, Status |Sort-Object DisplayName |ft -AutoSize
|and the end result|
The command will always be the location of the PowerShell executable :
The parameters is the PowerShell one liner and that’s IT!
Not this is just a simple example but you can run nearly every command and output to the Task Output window>
This one is more tricky you could start the Computer task Computer Management. Now this is a console task which means the task runs on the server or computer where you are running your console.
Accessing the eventlog this way requires access to the remote computers eventlog which will not work.
Again PowerShell and the Agent Task to the rescue.
Again create a new task as above ant he only line you need to change is the parameters part:
Get-EventLog -LogName ‘Operations Manager’ -EntryType Warning,Error -Newest 50 | Select EventID, Source, Message |fl
This will pull newest 50 warning or error events from the Operations manager Eventlog
you can change the PowerShell one liner anything you want to “read” the eventlog on an a server!
Now you can test for yourself with any PowerShell one liner and fully take advantage of the Agent tasks without requiring access to the server itself!
You can query Websites, Web Application any Eventlog etc. which should make you life much easier.
And you can fully use the Power in PowerShell
Stefan Roth back in 2013 wrote a MP with some tasks using scripts which is a slightly different approach and requires setting the executionpolicy and is more focussed on administrating SCOM http://stefanroth.net/2013/01/02/scom-2012-scom-task-collection-mp-v-1-0/