Hello every one,
I’ll not post anymore on leveilleur.net website, I just created a new blog, specialized in System Center technologies and Microsoft powershell.
The new website is vNext.be, I hope to see you there ! 
Christopher Keyaert
Hello All,
First thing, the documentation on VI Toolkit :
http://communities.vmware.com/docs/DOC-4210
If you want to connect to more than one virtual center at the same time, here the starting code :
1 2 3 4 5 6 7 | $vcs = @() $vcs += connect-viserver <vc 1> $vcs += connect-viserver </vc><vc 2> # You could add many as you need... # Command example : Snapshot all VMs across all VirtualCenter servers. get-vm -server $vcs | new-snapshot |
Be carrefull, the command GET-VM $VCS will not return the same values than GET-VM.
If you use GET-VM, you will receive the VM List only for the Virtucal Center that you connect last. If you want the get all the VM of your different virutal centers, you absolutly need to add the parameter -server $vcs to you command. In a general way, don’t forget to add -server $vcs to every command than you use with the VI Toolkit.
Dear All,
Here a new little powershell script that creates an event 6970 in the event viewer when there is more than X accounts locked in less than Y minutes. Now, you just have to create a new rule in SCOM that collect event with the ID6970 and schedule that script to run every 10 minutes.
Thanks to that you can be alert when there is an attack attempt to your Active Directory.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | ######################################################## #Get the number of lock account in less than 10 minutes ######################################################## ########################### # Param ########################### $LockedSince = 10 #Minutes $NumberofLockedAccount = 50 # ########################### # FUNCTIONS ########################### ########################### # SCRIPT ########################### $objDomain = New-Object System.DirectoryServices.DirectoryEntry $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 1000 $objSearcher.Filter = "(&(objectClass=User)(lockoutTime>=1))" $colProplist = "name","samaccountname","lockoutTime" foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i) | out-null} $colResults = $objSearcher.FindAll() $cpt = 0 $result = $null $result2 = $null foreach ($objResult in $colResults) { $domainname = $objDomain.name $samaccountname = $objResult.Properties.samaccountname $user = [ADSI]"WinNT://$domainname/$samaccountname" $ADS_UF_LOCKOUT = 0x00000010 #$objResult.Properties if(($user.UserFlags.Value -band $ADS_UF_LOCKOUT) -eq $ADS_UF_LOCKOUT) { $Sam = $objResult.Properties.samaccountname $Name = $objResult.Properties.name [String]$LockTime = $objResult.Properties.lockouttime [datetime] $LockTime = [datetime]::FromFileTime($LockTime) #We want all the account locked in the last 24h $DayDate = Get-Date $DayDateBefore = $DayDate.AddMinutes(-$LockedSince) if(($LockTime -gt $DayDateBefore) -and ($LockTime -lt $DayDate)) { Write-Host "************" Write-Host "User : $sam" Write-Host "Name : $name" Write-Host "LockTime : $lockTime" Write-Host "************" Write-Host "" $result2 += "************`r" $result2 += "User : $sam`r" $result2 += "Name : $name`r" $result2 += "LockTime : $lockTime`r" $result2 += "************`r" $result2 += "`r" $cpt += 1 } } } Write-Host "************" Write-Host "There is $cpt account(s) locked in the last $LockedSince minutes" Write-Host "************" $result += "************`r" $result += "There is $cpt account(s) locked in the last $LockedSince minutes`r" $result += "************`r" $result += $result2 if($cpt -ge $NumberofLockedAccount) { Write-Host "" Write-Host "Limit reached, /!\ ALERT /!\" Write-Host "" $infoevent=[System.Diagnostics.EventLogEntryType]::Error } else{ $infoevent=[System.Diagnostics.EventLogEntryType]::Information } ############################ #Var for the event creation ############################ $evt = new-object System.Diagnostics.EventLog("Application") $evt.Source = "AD-SCOM" $evt.MachineName = "." $evt.WriteEntry($result,$infoevent,6970) |
Hello everyone,
Some weeks ago, I had to deploy SCOM Agent on more than 350 windows servers at the time. For that, I wrote a PowerShell Script where you just have to give a server list in input and the name of your RMS/MS . And that’s it, the script is performing the agent installation for you. A CSV file will be generated as output with the agent installation status of each servers.
Concerning the right management, you have to ensure that the Default Action Account using on the server that you will use for deploying the agents (MS normally), has administrative right on the servers that you want to add in SCOM. For that, and the duration of the deployment only, use a Domain Admin Account as the Run As Account of your MS/RMS.
The script :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | ########################### # Autor : Christopher Keyaert # Version : 1.0 # Date : 28 DEC 2009 ########################## #Getting the credential of the user #$creds = Get-Credential ########################### #Param ########################## $RMS = #don't forget to use the FQN RMS001.contoso.local $MS = #don't forget to use the FQN MS001.contoso.local $myFile = "D:\Dep\myfile.txt" #List of Servers $ResultPath = "D:\Dep" #Folder for path output Start-Transcript -path "$ResultPath\Transcript$(get-date -uformat '%Y-%m-%d_%Hh%Ms%S').log" $MaintenanceModeEnable = $false $MaintenanceModeDuration = 10 * 1440 # 1440 minutes per day $comment = 'Global Deployment' $reason = 'PlannedOther' ###################### #Functions ##################### function SetToMaintenanceMode($rootMS,$computerPrincipalName,$minutes,$comment,$reason) { $computerPrincipalName = $computerPrincipalName + ".dir.ucb-group.com" $computerClass = get-monitoringclass -name:Microsoft.Windows.Computer $healthServiceClass = get-monitoringclass -name:Microsoft.SystemCenter.HealthService $healthServiceWatcherClass = get-monitoringclass -name:Microsoft.SystemCenter.HealthServiceWatcher $computerCriteria = "PrincipalName='" + $computerPrincipalName + "'" $computer = get-monitoringobject -monitoringclass:$computerClass -criteria:$computerCriteria $healthServices = $computer.GetRelatedMonitoringObjects($healthServiceClass) $healthService = $healthServices[0] $healthServiceCriteria = "HealthServiceName='" + $computerPrincipalName + "'" $healthServiceWatcher = get-monitoringobject -monitoringclass:$healthServiceWatcherClass -criteria:$healthServiceCriteria $startTime = [System.DateTime]::Now $endTime = $startTime.AddMinutes($minutes) Write-host " " "Putting " + $computerPrincipalName + " into maintenance mode" New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -monitoringObject:$computer -comment:$comment -Reason:$reason "Putting the associated health service into maintenance mode" New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -monitoringObject:$healthService -comment:$comment -Reason:$reason "Putting the associated health service watcher into maintenance mode" New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -monitoringObject:$healthServiceWatcher -comment:$comment -Reason:$reason Write-host " " } ################################# #Init the connection to SCOM srv ################################# if(-not (Get-pssnapin | Where-Object {$_.Name -eq "Microsoft.EnterpriseManagement.OperationsManager.Client"})) { Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client } new-managementGroupConnection -ConnectionString:$RMS Set-Location "OperationsManagerMonitoring::" -ErrorVariable errSnapin ; Set-Location $RMS -ErrorVariable errSnapin ; ########################## #Agent installation ########################## #Creating the computers list $ComputersList = @() $ComputersList = Get-Content $myFile #Define a WindowsDiscoveryConfiguration $discoConfig = New-WindowsDiscoveryConfiguration –ComputerName: $ComputersList –PerformVerification: $true -ComputerType: "Server" #–ActionAccountCredential: $creds #Start the discovery process. $managementServer = Get-ManagementServer | Where-Object {$_.PrincipalName -like "*$MS*"} $discoResult = Start-Discovery –ManagementServer: $managementServer –WindowsDiscoveryConfiguration: $discoConfig #Check that the discovery process discovered the Windows computers you specified. $discoResult.CustomMonitoringObjects if($discoResult.CustomMonitoringObjects -ne $null) { Write-Host "Agent installation in progress..." Write-Host "" Install-Agent –ManagementServer $managementServer –AgentManagedComputer $discoResult.CustomMonitoringObjects Write-host "Installation Finished, waiting for 60 secondes" Start-Sleep -s 60 } else{ Write-Host "No servers discovered" } #################################################################### #We have to check if all the agent has been well installed + Maintenance mode ##################################################################### Write-Host "" Write-Host "Installation Checking" Write-Host "" $InstallArray = @() foreach($srv in $ComputersList) { $Value = $null $Value = Get-agent | Where-Object {$_.ComputerName -like "*$srv*"} if($Value -ne $null) { Write-Host "$srv - Agent installed " $InstallTime = $Value.InstallTime $HealthState = $Value.HealthState $AgentInstalled = $true #Write-Host "Activation of the Maintenance Mode" #Put the server in Maintenance Mode if($MaintenanceModeEnable -eq $true){SetToMaintenanceMode $RMS $srv $MaintenanceModeDuration $comment $reason} } else{ Write-Host "$srv - Agent not installed" $AgentInstalled = $false $InstallTime = "" $HealthState = "" } $obj = New-Object PSObject $obj | Add-Member Noteproperty -Name "Name" -Value $srv $obj | Add-Member Noteproperty -Name "AgentInstall" -Value $AgentInstalled $obj | Add-Member Noteproperty -Name "InstallTime" -Value $InstallTime $obj | Add-Member Noteproperty -Name "HealthState" -Value $HealthState $InstallArray += $obj } Write-Host "" Write-Host "Save the Result File" $InstallArray | Export-Csv "$ResultPath\$(get-date -uformat '%Y-%m-%d_%Hh%Ms%S').csv" Stop-Transcript |
Voici une vidéo en Français expliquant les différences entre SCOM 2007 et SCOM 2007 R2 :
