Orchestrator: Get FQDN activity

Sometimes you need to get the FQDN of a computer within a runbook for the following activity (example: SCOM – Start Maintenance Mode). Most activities provide only the Netbios name (example: Get Computer IP/Status).

I have a simple Run Program activity that utilizes PowerShell to get that information.



It runs on the computer for which you would like to get the FQDN.

cmd.exe /c | c:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe –c “[System.Net.Dns]::GetHostEntry(‘%Netbios computername from previous activity%‘).hostname”

In the following activity you only need to use the Pure Output from “Get FQDN”, which is now the FQDN of the computer.

You can also use the Run .Net  Script activity, that runs on the Runbook server. getfqdn 

Then you only need to select PowerShell as the script language and enter $FQDN=[System.Net.Dns]::GetHostEntry(‘%Netbios computername from previous activity%‘).hostname as script. Publish the variable FQDN in Published Data and you can use this variable in the next activity.

SCOM: Disable Active Directory integration on an agent with PowerShell

Some companies use Active Directory integration for agent assignement in System Center Operations Manager. In some circumstances it can be that you have to remove the Active Directory integration from the agent (example: do not use AD integratrion on domain controllers or Exchange servers), perhaps if you have used software distribution without different options for special server classes or if you want to get rid of AD integration.

I have written a PowerShell script, that can be run on an agent to remove the AD integration and reenter the management group(s) as manual.

if ($object-is [Object])
#only change agent if active directory integration is enabled
#get all ad integrated management groups
$MGs=$object.GetManagementGroups() | where {$_.IsManagementGroupFromActiveDirectory -eq $True};
Foreach($MG in $MGs)


& net stop healthservice
& net start healthservice

SCOM2007/2012: Momadadmin change

The companies which use AD integration for assigning agents to the correct servers in SCOM use the tool momadadmin.exe which is provided with the Operations Manager source files  to prepare active directory for agent assignement.

There is a small change in how the commandline needs to look like compared between SCOM 2007 R2 and SCOM 2012 RTM.

SCOM 2007 R2:

Usage: MomADAdmin ManagementGroupName MOMAdminSecurityGroup {RootManagementServe
r | RunAsAccount} Domain
Also look at: System Center Operations Manager 2007 Unleashed page 387.

SCOM 2012:

Usage: MomADAdmin ManagementGroupName MOMAdminSecurityGroup RunAsAccount Domain
Also look at: http://technet.microsoft.com/en-us/library/hh212738.aspx

A lot people perhaps used the root management server in the past to assign permissions to the OperationsManager folder in AD. In SCOM 2012 you can only enter a RunAsAccount to assign permissions to the OperationsManager folder in AD. So select the appropriate account – if you do not use the server action account then enter the account which you have defined in the “Active Directory Based Agent Assignment Account” profile.

If you upgrade from SCOM 2007 R2 to SCOM 2012 RTM then remember to check the permissions in the OperationsManager folder in AD or recreate the folder with momadadmin so that correct permissions are set.

Orchestrator 2012: Undo Runbook Checkout

I recently had an issue with a Runbook, that I checked out in th Runbook Designer. The problem was that I had to reboot the machine where the Runbook Designer was running on. The result was, that the Runbook Designer lost the current session and I could not see the Runbook anymore in the designer after the restart.

It was a really long Runbook and I didn’t wanted to recreate it. So how can I undo the checkout now without having the Runbook in the Runbook Designer?

I checked directly in the Orchestrator database.

     FROM [Orchestrator].[dbo].[POLICIES]
  where Name  = ‘Check server access’

Here is the result:

UniqueID Name CheckOutUser CheckOutTime CheckOutLocation
A6541640-14AD-4AE5-86F5-2C3416152E35 Check server access S-1-5-21-57989841-1960408961-725345543-2108 00:02.0 abcdefg

You can see that the fields ChechOutUser, CheckOutTime and CheckOutLocation have entries. CheckedIn Runbooks have the value NULL in these fields.

So I opened up the table with Edit mode and replaced the entries in the three CheckOut* fields with NULL.

Now I reloaded the Runbook Designer and my missing Runbook was there again.

SCOM 2012: Approve pending agents through PowerShell

If you install your SCOM 2012 agents manually or through a software deployment service like SCCM then you probably have set the approve pending management setting. With this you can decide when the agent is ready to get added to SCOM.

I recently had an agent that was not populating correctly in the pending management view in SCOM. It showed up one time shortly, but when I tried to approve it, I got an error and the system was gone. I even could not see the error correctly because it was directly gone after it appeared. It was really strange, I checked everything (DNS, ports, logs, reinstalled agent), but all looked normal. As if only the approval was missing.

You can check which agents are in pending management with this SQL query (run on OperationsManager database):
select * from agentpendingaction

One thing helped to solve the problem. That was PowerShell.

The cmdlet Get-SCOMPendingManagement provides you all agents which are in pending management and with Approve-SCOMPendingManagement you can approve the agent you need to.

So open the Operations Manager Shell and enter:
Get-SCOMPendingManagement | where {$_.AgentName -eq “ServernameFQDN“} | Approve-SCOMPendingManagement