Management Server Maintenance Mode in SCOM 2012

Another nice enhancement in SCOM 2012 !

In SCOM 2007 (R2) you had a problem when you put  your RMS into Maintenance Mode,

because this meant the workflow ‘Stop Maintenance Mode’ which ran on the RMS,

was actually unloaded :-)

So this meant your RMS actually would never come out of Maintenance Mode ;-(

You had to manually get it out of Maintenance Mode, normally using the “End Maintenance Mode” Console Task.

In SCOM 2012, because of its more distributed architecure, the “Stop Maintenance Mode” workflow will actually be moved to another Management Server, when the MS that currently runs this, is put into Maintenance Mode.

The only thing you need to do, is make sure you never put more then 50% of your Management Servers into Maintenance Mode, because this makes your Resource Pool unusable.

Here’s a slide from the CEP Presentation I attended:

 

 

 

 

 

So yet another nice new feature to expect!

Add Permissions on Files and Folders using PowerShell

Seems very simple, but I had to puzzle a little to get it working,

here’s a small function I came up with, maybe it will save you some time,

it will Add  permissions, not replace the ACL.

 

Function GrantFullControl ($File)

{

 $acl = $file.GetAccessControl()

$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule (“Administrators”,”FullControl”,”Allow”)

$acl.AddAccessRule($accessrule)

$file.SetAccessControl($acl)

}

So you can call it like this:

$MyFile = Get-ChildItem “Myfile.txt”

GrantFullControl $MyFile

 

Operations Manager 2012 Command Shell revamped

 I took a first peak at the SCOM 2012 Beta, and was interested in the announced new PowerShell CmdLets for Operations Manager 2012 of course !

Here’s some stuff I noticed after playing around a bit:

All CMDLets have the ‘SCOM’ identifier in it, according to the documentation it should be ‘SC’, possibly this will change in the future, I’m not sure which one it’s gonna be.

Also the CmdLets are implemented in a Powershell 2.0 compliant ‘Module‘, not in a PoSh 1.0 ‘Snap-In’.

The module is automatically loaded if you start the ‘Operations Manager Shell’ using the default shortcut in the Start Menu.

You can load it yourself in PowerShell using the command: ‘Import-Module OperationsManager’

There are various totally new CmdLets, like ‘Get-SCOMGroup’ for example

Get-SCOMGroup –DisplayName *Agent*, *Windows*

displays all SCOM Groups with the specified Displaynames:


You can create temporary and permanent connections to a Management Group.

Temporary connections mean you can specify a computername.

By the wayhis can be any Management Server now, because they all run the Data

Acess service,the RMS role is basically gone, 

And you can specify credentialswith the CmdLets:

example:

Get-Agent -ComputerName MyMgmtServer –Credential (Get-Credential)

Permanent connections is more like the connections we’re used to make in Ops Mgr 2007.

The ‘Get-SCOMAlert’ CmdLet seems to be revamped, it’s got a lot of default parameters, in OpsMgr 2007 we had to use the ‘-Criteria’ switch a lot, which could be a bit clumsy in my experience:


The Install-SCOMAgent CmdLet seems to have improved.

There is no need to first perform a discovery like in Ops Mgr 2007 (R2).

Also you can specify an ActionAccount (which performs the deployment so needs Administrative permissions on the to-be Agent)

And also an ‘AgentActionAccount ‘, this is the account the Agent will use by default, if not specified Local System is used:
(Just specifying this because it’s slightly confusing)

Anyway these are my very first findings of the new Ops Mgr 2012 PowerShell Module.

O yeah, it still seems possible to load the ‘Old’ OpsMgr 2007 R2 PowerShell Snap-In, so your old scripts won’t break I suppose, and you can migrate them to the New style at your own pace!

Handy Operations Manager 2012 Control Panel applet

I’ve started to evaluate the recently released SCOM 2012 Beta.

I took a look at a new Agent side feature, a Operations Manager Agent Control Panel applet, to be found under  the ‘System and Security ‘ node:

When the applet is opened you see a list of all configured Management Groups for the Agent:

Here you can Add/Edit/Remove Management Groups.

In the ‘Edit…’ Mode you can change the Action Account easily.

You can also enable/disable the ‘Automatically update management group assignments from AD DS.

When disabling this the applet will ask you for confirmation to remove the AD Assigned Management groups:

When manually adding a Management Group, you can easily configure settings in one windows as following:

In short: A handy new Agent feature, that enables you to quickly and clearly configure Management Group assignments on an Ops Mgr Agent.

Just Another Maintenance Mode Script for SCOM 2007

 

This is based on Timoty Mc Fadden’s Remote Maintenance Mode scheduler:

http://www.scom2k7.com/scom-remote-maintenance-mode-scheduler-20/

for which many thanks!

I fiddled a little with the script, so it can be used to set a SCOM Group in Maintenance Mode, containing different kinds (types) of Objects.

I needed to do this for a customer, who performed regular maintenance on related

servers, but it wasn’t always necessary to put the entire computer in Maintenance Mode. It should be easy to add other classes as needed.

Here’s the code:

Param($rootMS,$groupName,$minutes,$comment,$reason,$startMM)

# Load Ops Mgr Snap-In
Add-PsSnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”
# Go to Monitoring Drive
Set-Location “OperationsManagerMonitoring::”

# Connect to Management Group
$MGConn = New-ManagementGroupConnection -connectionString:$rootMS

If (!($MGConn))
{
Write-Host “Failed to connect to RMS”
Exit
}

# Go to RMS location on Monitoring Drive
Set-Location $rootMS;

# Instantiate objects for necessary classes
$GroupClass = Get-MonitoringClass -Name:System.Group
$windowsComputerClass = Get-MonitoringClass -Name:Microsoft.Windows.Computer
$IISServerRoleClass = Get-MonitoringClass -Name:Microsoft.Windows.InternetInformationServices.ServerRole
$WindowsClusterClass = Get-MonitoringClass -Name:Microsoft.Windows.Cluster

# Instantiate Group that was given as parameter
$GroupInstance = (Get-ManagementGroupConnection).ManagementGroup.GetPartialMonitoringObjects($GroupClass) | where {$_.DisplayName -eq $groupName}

if (!($GroupInstance))
{
 Write-Host “Specified Group not found”
 Exit
}
# Function that activates the Maintenance Mode
Function PutInMaintMode ($Objects) {

ForEach($Object in $Objects)
 {
Write-Host “Object Fullname: ” + $Object.FullName
$startTime = [DateTime]::Now
$endTime = $startTime.AddMinutes($minutes)

if($startMM -eq $true -and $Object.InMaintenanceMode -eq $false)
  {
   New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -comment:$comment -Reason:$reason -monitoringObject:$Object
 }   
}
 }

# Retrieve all objects contained in the group.
# You can add classes here if necessary
$Computers = $groupInstance.GetRelatedMonitoringObjects($windowsComputerClass,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::OneLevel)
$IISServers = $groupInstance.GetRelatedMonitoringObjects($IISServerRoleClass,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::OneLevel)
$WindowsClusters = $groupInstance.GetRelatedMonitoringObjects($WindowsClusterClass,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::OneLevel)

# Call the Maintenance Mode Function per Class
PutInMaintMode $Computers
PutInMaintMode $IISServers
PutInMaintMode $WindowsClusters

Using Powershell to Access SCOM 2007 Performance Data

 
I’ve been working in a SCOM 2007 R2 implementation project for a while,
and started playing around with the ‘Operations Manager Shell’,
which is basically PowerShell with the SCOM 2007 R2 PowerShell SnapIn and some extra functions loaded.
 
This post assumes you have an existing connection to a Management Server, created with
the New-ManagementGroupConnection CmdLet for example.
 
This time I wanted to see how I could get some Performance Data out of SCOM,
so I could always quickly access any collected performance data without logging on to the Graphical Ops Console.
 
I started fiddling around and doing some discovery on the commands, and came up with following command,
 
Get-PerformanceCounter | Select-Object MonitoringObjectPath, ObjectName, CounterName | Out-GridView
that displays all available PerformanceCounter instances  (assumes PowerShell v2.0 for Out-Gridview):
 
You can leave the ‘GridView’ open for ease of the next commands to display Performance values.
 
I created a basic function that you can use to display Performance Values for any available counter,
starting 7 days ago, and ending 1 day ago (feel free to customize as you like).
 
Function Get-PerfData ($FQDN,$ObjectName="Processor",$CounterName="% Processor Time")
{
$criteria= "MonitoringObjectPath=’$FQDN’ AND ObjectName=’$ObjectName’ AND CounterName=’$CounterName’"
$perfcounter =Get-PerformanceCounter  -criteria  $criteria
$time=Get-Date
$starttime=$time.AddDays(-7)
$endtime=$time.AddDays(-1)
$perfcounter | Get-PerformanceCountervalue -StartTime $starttime -EndTime $endtime | Select-Object SampleValue,TimeSampled | Out-GridView -Title $Criteria
}
 
 
When you call the Function like this:
Get-PerfData myserver.stresstest.com "Memory" "Available MBytes"
you quickly get a GridView of the requested data, with the requested counter in the title bar.
 
Enjoy!