SCOM: Disable Active Directory integration on an agent with PowerShell

Some companies use Active Directory integration for agent assignement in System Center Operations Manager. In some circumstances it can be that you have to remove the Active Directory integration from the agent (example: do not use AD integratrion on domain controllers or Exchange servers), perhaps if you have used software distribution without different options for special server classes or if you want to get rid of AD integration.

I have written a PowerShell script, that can be run on an agent to remove the AD integration and reenter the management group(s) as manual.

if ($object-is [Object])
#only change agent if active directory integration is enabled
#get all ad integrated management groups
$MGs=$object.GetManagementGroups() | where {$_.IsManagementGroupFromActiveDirectory -eq $True};
Foreach($MG in $MGs)


& net stop healthservice
& net start healthservice


Published by


* 1974, female, working as a IT Senior System Analyst in a chemical company. Main topics: System Center Operations Manager 2012/2016, System Center Orchestrator 2012/2016, ServiceNow. Twitter: @NatasciaHeil

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s