Chapter 5. Scenario-based Scripting for SCOM Administration
The last chapter provided a basic understanding of how to manage System Center Operations Manager (SCOM) operations through PowerShell. Now, it's time to look at some of the real-time scenarios that will give us a better understanding of how to use PowerShell to carry out some of the day-to-day SCOM activities. Here, we are trying to cover most of the common scenarios that we, as administrators, would need to perform on a daily basis. We can still do much more than what is covered in this chapter.
Note
The code blocks demonstrated in this chapter will not include error-handling mechanisms. When using code in real-time scenarios, it is very important to include error-handling mechanisms to avoid errors.
For a better understanding of the following code blocks, you can try them out in your lab environment and analyze the output. Try to modify the output according to your requirements. This will give you the confidence to write and implement...
Resolving all SCOM alerts
This example demonstrates how an SCOM administrator can resolve all the alerts that are older than five days. We can use the same example code to resolve all the alerts that are older than our custom required date by changing the value from 5
to our custom requirement as shown in the following example:
Listing and exporting all SCOM monitors
This example demonstrates how to list and export all the available monitors in the specific management pack.
In the following example, we will extract all the monitors of the FileMonitor.Guru.Test.MP
custom management pack and store it in C:\SCOM\MP\MP.txt
:
Listing and exporting all SCOM overrides
The following example demonstrates how to list and export all the overrides for a specific management pack using PowerShell. The same example can be used to list overrides for any other management packs.
In the following example, we will list overrides for the FileMonitor.Guru.Test.MP
management pack. You can replace the value with your required management pack name:
Listing and exporting gray agents in SCOM
SCOM administrators need to list and troubleshoot gray agents in SCOM. You can access the Microsoft TechNet link https://technet.microsoft.com/en-in/library/hh212723.aspx for more details on gray agents. Here is a test code that will list all the gray agents and export the results in a text file. We can use this file as a reference for further troubleshooting or we can automate the troubleshooting process by feeding this file as an input to other code that will carry on the troubleshooting activities:
Finding management pack details for a particular alert
This is one of the common requirements that both SCOM administrators and management pack developers will be interested in: the details of the management pack responsible for a particular alert.
Here, we are trying to get the details of the alert that has File Transfer Error
in the name of the alert. We can use any wild characters of our choice to get the details of an alert for the management pack mapping we are interested in. Also, the code will fetch only the first alert with File Transfer Error
in its name:
The following code will list all the alerts generated a day before you run the script. You can make it according to your custom date just by changing the value that we add to the date (-1
in the current example) in the following script:
Backing up unsealed management packs
As SCOM administrators, we need to take backups of the unsealed management packs on a daily basis as part of the SCOM maintenance activities. We can use the TechNet link https://technet.microsoft.com/en-in/library/hh212794.aspx to get detailed information of the management pack, its parts, and types.
The following code demonstrates how to take a backup of all the unsealed management packs that use PowerShell:
Counting alerts created by a monitor
The following code will demonstrate how to count the number of alerts created by the monitor over the last five days. This can be used for reporting. We can change the time interval just by changing the -5
value in the following code. Also, this code will fetch only closed alerts (code 255
). We can change the following code as per the requirement:
Enabling specific SCOM monitors
This code demonstrates how to enable a specific monitor from a specific management pack. As we are aware, even after we import a new management pack with several monitors configured, it will not be effective until we enable the monitor. So, here is the sample code that will help you to enable the monitor through PowerShell.
Here, we will enable the TestClass.FileMonitor.TestMP.Monitor
monitor in the FileMonitor.TestMP.MP
management pack on the TestClass.FileMonitor.TestMP.CLS1
class:
Listing all updated management packs
The code here will get the list of all management packs updated in the last 24 hours. We can change this interval by changing the hours (24 in this example) in the following code to get the list of the management packs updated in the custom intervals:
Listing and exporting repeating SCOM alerts
As an SCOM administrator, you will be asked to provide a list of the top repeating alerts. The following example lists and exports the top 20 repeating alerts to a text file. We can change the count of 20 to a custom number by just changing the count in the following code:
Getting SCOM alerts specific to a computer
This code demonstrates how to get the alert list specific to a computer. We can change the value of $ComputerName
to list alerts from specific computer.
The following example lists the alerts generated from the Test Computer
machine:
Listing all unhealthy SCOM agents
The following code lists all the SCOM agents that are not healthy for various reasons. We can use this report as a reference for further troubleshooting:
This example demonstrates how to disable multiple rules matching a certain criteria from a particular management pack. One of the criteria selected here is to delete all the rules that match the rule name.
Here, we are trying to delete all the rules containing FileCount
in the name from the TestFile.TestMP.MP
management pack. You can change the values according to your requirements:
Listing all heartbeat failure machines
Heartbeat failure is one the most important alerts that should be prioritized and handled. The following code will get you the top 20 machines that are experiencing frequent heartbeat failure issues:
Listing all management server open alerts
One of the common requirements for the daily SCOM health check report is to list the alerts related to management servers. The following PowerShell code lists all the management server open alerts:
Listing management servers in the maintenance mode
It is always an important daily health check requirement to list all the management servers in the maintenance mode. The following code lists all the SCOM management servers in the maintenance mode. This code will simply print whether the management server is in the maintenance mode or not. We can alter it to make the output a part of any particular report:
Listing the health status of management servers
The following code demonstrates how to get the health status of management servers. The code will read the status of all management servers in the environment and display the status message. In an environment where all the management servers are healthy, the code will write a generic message that all the management servers are healthy. We can also generate the output in the form of a report:
Putting an IIS 7 application in the maintenance mode
The following example demonstrates how to put an IIS 7 application in maintenance mode. This can be used as a generic example to put any other required application in the maintenance mode:
In the preceding example, the IIS 7 application pool will be in the maintenance mode for 0.2 hours with the reason as PlannedOther
, and Test of MM for AppPool
as comments, all of which can be changed as per the requirements.
This chapter gave you an in-depth idea of how to use PowerShell with SCOM to perform various day-to-day activities. This should give administrators confidence to use PowerShell for their normal tasks. In this chapter, you saw how to use PowerShell scripts to get the work done easily in various scenarios without any human errors. During the first read, the code may look complex, but regular practice can ease the learning.
The easy way to start learning PowerShell with SCOM is to start using it. Try using the PowerShell cmdlets whenever possible, instead of going for the GUI methods. This covers most of the day-to-day activities we use on the SCOM console. Automating the regular tasks will always help to reduce time and human error.