SCOM: Disable Active Directory integration on an agent with PowerShell

Some companies use Active Directory integration for agent assignement in System Center Operations Manager. In some circumstances it can be that you have to remove the Active Directory integration from the agent (example: do not use AD integratrion on domain controllers or Exchange servers), perhaps if you have used software distribution without different options for special server classes or if you want to get rid of AD integration.

I have written a PowerShell script, that can be run on an agent to remove the AD integration and reenter the management group(s) as manual.

$object=New-Object-ComObject‘AgentConfigManager.MgmtSvcCfg’;
if ($object-is [Object])
{
#only change agent if active directory integration is enabled
if($object.GetActiveDirectoryIntegrationEnabled())
{
#get all ad integrated management groups
$MGs=$object.GetManagementGroups() | where {$_.IsManagementGroupFromActiveDirectory -eq $True};
$object.DisableActiveDirectoryIntegration();
$object.ReloadConfiguration();
Foreach($MG in $MGs)
{

$object.AddManagementGroup($MG.managementGroupName,$MG.ManagementServer,$MG.managementServerPort);
}
}

}
& net stop healthservice
& net start healthservice

Advertisements

Published by

SystemCentertipps

* 1974, female, working as a IT Senior System Analyst in a chemical company. Main topics: System Center Operations Manager 2012/2016, System Center Orchestrator 2012/2016, ServiceNow. Twitter: @NatasciaHeil

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s