SCOM 2012 – Comparing Deployed Agents vs. Active Directory Computer Objects (PowerShell)

It has been a moment since my last post, but I assume you know how everything goes crazy before Christmas. This time I would like to share a script which is very useful while implementing SCOM.

When you deploy agents you will be guided by the SCOM wizard and  at the server selection appear only those servers which don’t have an agent installed. Well, that’s pretty cool. But, HOW are you able to check quickly, which servers don’t have a SCOM agent installed after your initial deployment. If your company does not have a well implemented server deployment process or a server image integrated agent then you have a problem. Well, sure you could run a the wizard from time to time or write a script which automatically deploys the agent. BUT I like to have a tool in my tool box which just makes a brief check if there is anything at all to deploy. And this is the time for PowerShell which is a live and time saver in this very moment.

Let’s see what it is all about…

If you think about the logic for writing such a script it is pretty simple. First get a list with all agents deployed in SCOM. Then get a list with all Active Directory computer objects which meets your criteria. For example if you query Active Directory computer objects by running Get-ADComputer you will receive any computer object back, including clients, domain joined NetApp filers and also possible Active Directory integrated firewall objects. Well that’s not the way our list should look like and therefore we need to filter the Active Directory objects.

Script

Here the final script…

image

Just run the script and provide the SCOM server name and path/filename…

image

output out.txt

image

How does it work? First import both modules for OperationsManager and ActiveDirectory. For OperationsManager modules you need the SCOM console or just deploy the modules without SCOM console installation and for ActiveDirectory modules you need to install the modules using ServerManager.

Import-Module OperationsManager

Import-Module ActiveDirectory

Next we are going to create the connection to the SCOM management server…

New-SCOMManagementGroupConnection -ComputerName $scomservername

Then we query Active Directory for the computer objects and filter the objects only for Windows Servers containing the DNS names

$adcomputer = Get-ADComputer -filter  {(OperatingSystem -like “Windows Server*”)} | %{$_.DnsHostName}

The second list contains all server names of the SCOM agents deployed…

$scom = Get-SCOMAgent | %{$_.Name}

Finally we pipe through the Active Directory computer list and return all computer objects which are not in SCOM as agent deployed and write the result into a text file out.txt

$adcomputer | Where-Object {$scom -notcontains $_} | Out-File $filepath

Cool! Just a few lines of code and you have a list with agent-missing servers.

The coolness doesn’t stop here, just a small brain twister sample. For the last line you could just switch the list comparison. For example like this…

$scom | Where-Object {$adcomputer -notcontains $_} | Out-File $filepath

This example would compare the installed SCOM agent list against Active Directory. Huh? Because you filter the Active Directory list for “Windows Server*”. There could be the case that you also have SCOM agents deployed on Windows Storage servers or maybe you have still an agent in SCOM which is decommissioned (appears as a grey circle with check mark in SCOM) but the computer object is deleted in Active Directory. In these cases you will receive those computers listed.

I think it makes perfectly sense to check in both ways just to have some sort of control of your SCOM / Active Directory inventory.

Quick tip: With some minor adjustments Orchestrator could be used to schedule this as Runbook and send you a report on a daily basis if necessary :).

For your convenience I uploaded the few script lines to SkyDrive.

Happy PowerScom(ming)…

3 Comments

  1. This worked great. Will come very handy to me since we are doing install on test servers and production separately and in batches. This way i can run the PS script anytime and see what is pending. Thank you for the script.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s