• AddToDistList Tool - Adding a computer to the Distribution list on a RunAs Account

    Some weeks ago I saw a question about how to use PowerShell for the ApproveCredentialForDistribution method. This Method Approves a secure credential for distribution to a list of MonitoringObject objects or PartialMonitoringObject objects. Calling this method adds the specified list to the already existing approved list in the system.

    You use this method when you add a computer to the Run As Account.

    clip_image002[4]

    clip_image002

     

    But what if you want to add not one but much more Computers to a Distribution List? In the OpsMgr Console you need to select each computer one-by-one and add the computer to the list. Would not it be cool if we could use PowerShell or some commandtool to create a script to do it automatically for us?

    On the Technet System Center Forum website there is also a discussion about this topic. So I looked at the method on MSDN and tried to get this working in PowerShell. But till now I’ve not been able to get this working in PowerShell Sad smile So I created a Console App in Visual Studio 2010 which seems to work ok. I’ll add the source code so you can have a look how I  created the Console App. I also used nConsoler, which helped with the parsing of arguments in the console application. And finally I used ILMerge to merge the nConsoler dll in a single .NET assembly.

    Program.cs:

    using System;
    using System.Text;
    using Microsoft.EnterpriseManagement;
    using Microsoft.EnterpriseManagement.Configuration;
    using Microsoft.EnterpriseManagement.ConnectorFramework;
    using Microsoft.EnterpriseManagement.Monitoring;
    using Microsoft.EnterpriseManagement.Monitoring.Security;
    using System.Collections.Generic;
    using System.Collections.ObjectModel;
    using System.Diagnostics;
    using System.Xml;
    using System.Security;
    using Microsoft.EnterpriseManagement.Administration;
    using NConsoler; //http://nconsoler.csharpus.com/
    
    namespace OpsMgrApproveCredentialForDistribution
    {
        class Program
        {
            static void Main(string[] args)
            {
                //NConsoler
                Consolery.Run(typeof(Program), args);
            }
    
            [Action]
            public static void DoWork(
                [Required(Description="Enter RMS Server name")]
                string RMS,
                [Required(Description="Enter RunAs Account Name")]
                string RunAsAccount,
                [Required(Description = "Enter FQDN OpsMgr Agent\n" +
                    "\nExample: AddToDistList.exe opsmgrrms.contoso.com om_sql_mon opsmgragent.contoso.com" +
                    "\nAdding a computer to the Distribution list on a RunAs Account application for OpsMgr 2007" +
                    "\nemailname@hotmail.com\n" +
                    "\nProvided 'AS IS' without warranty of any kind")]
                string OpsMgrAgent)
            {            
                Console.WriteLine("OpsMgrApproveCredentialForDistribution - Version 1.3 - Compiled March 5, 2011");
                Console.WriteLine("http://blogs.technet.com/stefan_stranger");
    
    
                    // Connect to the sdk service on the RMS
                    //ManagementGroup localManagementGroup = new ManagementGroup(strRMS);
                    ManagementGroup localManagementGroup = ConnectMG(RMS);
                    if (localManagementGroup == null)
                    {
                        Console.WriteLine("Failed to connect to Root Management Server " + RMS);
    
                    }
                    else
                    {
                        MonitoringSecureDataCriteria runAsAccountCriteria;
                        ReadOnlyCollection<MonitoringSecureData> runAsAccounts;
    
                        Console.WriteLine("RunAs Account Username:" + RunAsAccount);
    
                        runAsAccountCriteria = new MonitoringSecureDataCriteria("UserName LIKE " + "'" + RunAsAccount + "'");
                        runAsAccounts = localManagementGroup.GetMonitoringSecureData(runAsAccountCriteria);
    
                        if (runAsAccounts.Count == 0)
                            throw new InvalidOperationException("Error! RunAs Account not found: " + RunAsAccount);
    
                        MonitoringSecureData account = runAsAccounts[0];
                        List<MonitoringObject> list = new List<MonitoringObject>();
    
                        // Fully qualified name of the agent-managed computer.
                        ManagementGroupAdministration admin = localManagementGroup.GetAdministration();
    
                        string query = "Name = '" + OpsMgrAgent + "'";
                        AgentManagedComputerCriteria agentCriteria =
                            new AgentManagedComputerCriteria(query);
                        ReadOnlyCollection<AgentManagedComputer> agents =
                            admin.GetAgentManagedComputers(agentCriteria);
                        if (agents.Count != 1)
                            throw new InvalidOperationException("Error! OpsMgr Agent not found: " + OpsMgrAgent);
    
    
                        //Add OpsMgr Agent to list
                        list.Add(agents[0].HostedHealthService);
                        localManagementGroup.ApproveCredentialForDistribution((ISecuredData)account, list);
                        Console.WriteLine("OpsMgr Agent " + OpsMgrAgent + " added to distribution list");
                }
            
    
       }
    
            private static ManagementGroup ConnectMG()
            {
                throw new NotImplementedException();
            }
    
            //Connect to SDK Service on Root Management Server
            private static ManagementGroup ConnectMG(String RMS)
            {
                Console.WriteLine("Connect to Root Management Server:" + RMS);
                try
                {
                    ManagementGroupConnectionSettings connectionSettings = new ManagementGroupConnectionSettings(RMS);
                    ManagementGroup localManagementGroup = ManagementGroup.Connect(connectionSettings);
                    if (!localManagementGroup.IsConnected)
                    {
                        throw new InvalidOperationException("Not connected to an SDK Service.");
                    }
                    Console.WriteLine("Connected to Management Group {0}", localManagementGroup.Name);
                    return localManagementGroup;
                }
                catch (Exception exception)
                {
                    Console.WriteLine("\nConnection failed. " + exception.Message);
                    if (exception.InnerException != null)
                    {
                        Console.WriteLine(exception.InnerException.Message);
                        return null;                    
                    }
                }
                    return null;
                    
            }
            
        }
    }
     
    Ok let’s have a look how it works. 
    Scenario:
    We will be adding the OpsMgr Agent OpsMgrDC01.stranger.local to the SQL MP Monitoring Account Run As Account. (yes this is just an example there is no SQL running on my Domain Controller) Winking smile
    Current Config SQL MP Monitoring Run As Account:
    imageimage
     
    Step 1: Install AddToDistList console application on machine where OpsConsole is installed.
    Just copy the AddToDistList.exe to a folder of your choice.
    image
     
    Step 2. Open the AddToDistList.exe from command prompt.
    image

    As you see it needs 3 parameters:

    • RMS Name
    • RunAs Account Name (domain account name)
    • FQDN OpsMgr Agent

     

    When we want to add the OpsMgrDC01.stranger.local OpsMgr Agent to the SQL MP Monitoring Account Run As Account we need to run the following:

    AddToDistList.exe opsmgrrms.stranger.local om_sql_mon opsmgrdc01.stranger.local

    image

    Let’s check if the opsmgrdc01 agent is added to the distribution list.

    Yes! It worked Smile

    image

     

    Now you could create a script that pull’s the names of the computers that need to be added to the Distribution List from a text file and call’s the AddToDistList console application.

    Download AddToDistList.exe

    Download SourceCode

    Disclamer:

    This is provided as a sample, no support is implied. Provided 'AS IS' without warranty of any kind. I wrote it for me initially.I'm not a developer, and don't profess to be either; just to set your expectations Smile

    Tested on OpsMgr 2007 R2.

  • What is the impact of the OpsMgr Web Console on the RMS?

    This week I had a conversation with a customer who wanted to offer their admins OpsMgr Web Consoles instead of the “normal” fat-client OpsMgr Consoles. Most customers think that the Web Console would have less impact on the RSM as the “normal” fat-client.

    But when we look in the Operations Manager 2007 Performance and Scalability Guide and look at what impacts the performance of the RMS we read:

    Factors that influence the load on the root management server include:

    • Number of Agents in the management group. Because the root management server must compute the configuration for all agents in the management group, increasing the number of agents increases the amount of memory required by the root management server, regardless of how much operational data the agents send, such as alerts, events, performance data, etc.
    • Rate of instance space changes. The instance space is the data that Operations Manager maintains to describe all of the monitored computers, services, and applications in the management group. When this data changes frequently, additional resources are needed by the root management server to compute configuration updates for the affected agents. The rate of instance space changes increases as you import additional Management Packs into your management group. Adding new agents to the management group also temporarily increases the rate of instance space changes. Seeing a consistently high rate of instance space changes might indicate that the Management Packs you imported need tuning to send discovery data less frequently.
    • Number of Operations Consoles and other SDK clients running simultaneously. Examples of other SDK clients include the Web console and many third-party tools that interface with Operations Manager. Because the SDK Service is hosted on the root management server, each additional connection uses memory and CPU.

    And because the Web Console is a SDK Client just like the “normal” OpsMgr Console, you could conclude that the Web Console has the same impact on the RMS as the “normal” OpsMgr Console. But what happens when you use the Web Console in OpsMgr 2007 R2? The R2 Web Console opens the connection, then caches the connection instance in the Session on the server and reuses for all subsequent requests. The connection is not closed explicitly. As said earlier the Web Console uses the same API calls as the “normal” OpsMgr Console.

    The major difference between the Web Console and the OpsMgr Console is the OpsMgr Console local cache. So you could say the Web Console has more impact on the RMS just because it queries the RMS each time that data is needed, versus the OpsMgr Console looking in the local cache first.

    You can configure the Web Console settings via the web.config file. My colleague Micheal Pearson has written a blogarticle about which settings can be configured. You could limit the rows in your Alert Views or State views, but this is done on the Web Server hosting the OpsMgr Web Console. Still all data is queried via the SDK on the databases. The web.config settings controls the rendering, that is how much data is transferred from the web server to the client.

    Hope this clarifies the difference between the Web Console and OpsMgr Console and their impact on the RMS. I want to thank Michael Pearson and Alexander Netrebchenko for helping with topic.

  • 2011 Scripting Games

    2011 Scripting Games

     

     

     

     

     

     

     

    Grab this badge here!

    Last year I participated for the first time in the Scripting Games and it was a great experience because I was the lucky winner of PowerShell ASP software from n/Software. But now it’s your chance to participate in the 2011 Scripting Games.

    The 2011 Scripting Games begin on April 4, 2011 and run through April 15, 2011. What is the Scripting Games, you may ask? Well simply put, the Scripting Games are the premier learning event of the year for IT Pro’s and others who wish to master Windows PowerShell. Comprising 10 events, a registered contestant has seven days to create a solution to a scenario driven problem and post their code to a MVP maintained script repository for evaluation by a panel of internationally recognized judges. Daily leaderboards and prize drawings help to maintain the suspense throughout the two-week international event.

    During the 2011 Scripting Games hundreds of contestants will submit thousands of scripts that will be reviewed by dozens of judges. Hundreds of thousands of spectators from all around the world will view the games themselves. Last year, participants from more than 100 countries participated in the Scripting Games. With an emphasis on real world scripting scenarios and problems, the scripts will be of immediate value to both the participants and to the spectators.

    Preparation for the 2011 Scripting Games is already underway, with a learning guide, step-by-step tutorials, videos and other resources being generated on a daily basis. The 2011 Scripting Games all in one page is the portal for the games themselves. The 2010 Scripting Games all in one page is still available, as are the events from the 2009 Scripting Games.