Hi Kevin, geat post. Just a query - can this dynamic membership model based on AD OU's be used in conjuction with your post on the SQL MP RunAs accounts configuration. I'm looking at Scenario 5 which is the more complex version where we have a mix of Internally maintained SQL and 3rd Party maintained. Our SQL dba is primaritly interested in the internal ones (which are in a specific OU) and therefor I was going to base a Runas account around that group membership and then possibly configure a secont SQL RunAs for the 3rd party manged SQL which will likely have different SQL security/hardening aplied. So If I can target a group which is based on OU menbership this will be very useful. Anh advice much appreciated...Cheers...
14 Nov 2013 1:39 PM
From above forgot to add - if it IS possible, then does the distribution still need to be manually refreshed (and associated profiles) as the OU membership will be chnaging over time as new SQL servers come in and old are decommissioned?...
Dan Sheehan
14 Nov 2013 6:39 PM
I am struggling with how to implement this in our enviornment and am hoping you can help.
My team uses a shared SCOM enviornment where we have two servers groups, stored in the same custom management pack, that are used for different alerting purposes. One group is for 7x24 alerting where we want to get paged at all hours of the night for those servers, and the other group is for non-7x24 alerting where we only want alerts during certain times of the day. The caveat is that we only want specific servers in our 7x24 group and are trying to use a combination of dynamic membership AND computers not in the non-7x24 group.
Here is our syntax:
<MembershipRules>
<MembershipRule>
<MonitoringClass>$MPElement[Name="A304a3f11ff204a26baf2d8c642711598!System.Entity"]$</MonitoringClass>
<RelationshipClass>$MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary7585010!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$</RelationshipClass>
<Expression>
<And>
<Expression>
<NotContained>
<MonitoringClass>$MPElement[Name="UINameSpace090f65ab906f41188efc4d71f59ac31c.Group"]$</MonitoringClass>
</NotContained>
</Expression>
<Expression>
<Or>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="A304a3f11ff204a26baf2d8c642711598!System.Entity"]/DisplayName$</Property>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>SRVSITE1</Pattern>
</RegExExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<Property>$MPElement[Name="A304a3f11ff204a26baf2d8c642711598!System.Entity"]/DisplayName$</Property>
</ValueExpression>
<Operator>ContainsSubstring</Operator>
<Pattern>SRVSITE9</Pattern>
</RegExExpression>
</Expression>
</Or>
</Expression>
</And>
</Expression>
</MembershipRule>
</MembershipRules>
Dan Sheehan
14 Nov 2013 6:40 PM
The names above have been genercised to show that we only want certain servers in the 7x24 group, even if they are not in the non-7x24 group, and not all servers in our enviornment. I thought the syntax of "not in the group" AND "any one of these OR conditions" would work but even after an hour+ the 7x24 group shows 0 members. When I reimport the old management pack it goes back to showing all of the servers the way it did previously.
I think either you can't do what I am trying to do, I shouldn't be storing both groups in the same management pack, or I am not using the syntax correctly. Can you please let me know what you think we should to get this working?
22 Jan 2014 2:48 PM
hi there, while it might be an old post, I just wanted to comment that in the wizard creation the last step is "Excluded members". So to re-take the steps from the example: -create first the group with the lab computers, the group name is "Lab computers" -create the group with the production server, with all servers, "production servers group" -on the last steps, Excluded members, in the first field "Search for:" look for the name of the group to exclude, so "Lab computers" - clic "Search" with the filter empty -the previously created group should appear in the available items list with it's UINameSpace ID -add it to the selected objects and you are done. I am not a big fan of editing the XML when I can do otherwise :) but if you check the xml created that was should match the one made manually. Regards, Eric
Scott Babcock
7 Feb 2014 9:11 PM
In response to Dan above. You should have both groups in the same management pack for this to work. When using a group for exclusion (non 7x24) you must make sure that you are using the OR group instead of the AND group function. Looking at your management pack XML that you posted it seems that the NotContained expression is in the wrong spot. I put together a full write up on using 7x24 and non 7x24 to exclude a group of objects from another group of objects
Zach
13 May 2014 4:48 PM
Hi Kevin, I know this is an old post, but I was able to successfully implement this. I want to add another group to the "NotContained" but keep getting failures when adding another UIName. Do you have any tips for me to add another UIName?
Thanks
Philip
10 Sep 2014 2:56 AM
@Eric Bonin - I was struggling to exclude with XML mod and had no issues doing via the GUI option you highlighted. Thanks!