Thursday, December 9, 2010

SCOM: Find Specific Members in User Roles (PowerShell)

Last week I was doing some User Role testing with a test account of mine. Normally I always use Active Directory groups for adding and removing members of a user role.
But for quick testing with some views I added my test account directly to several user roles.

I wanted to know in which user roles my test account was added.
Beneath is a PowerShell script to find members of a user role which name contains the given search criteria. The name is usually a (AD) User Account or Group, like Admin1234@domain.local or DOMAIN\Admin123.

#Find member of userrole which contains a specific text
#The search criteria is case-sensitive

$searchtext = "Admin"
Get-Userrole | Sort DisplayName | % { $userrole = $_.DisplayName;$_.Users | % { If($_.Contains("$searchtext")){ Write-Host -foregroundcolor yellow $userrole;Write-Host " $_"} }}

Wednesday, December 8, 2010

SCOM: Get Nested Group Members (Powershell)

When you create nested groups in SCOM you have to use workarounds to view the actual group members of a specific type, e.g. Windows Computer. Using 'View Members' only returns the nested groups and not the contained objects.

One of the ways to view the actual members of a group, is to create a 'State View'.
As a "filter" you then change the class type to show the data related to the type you want to see and then you select the group for scoping the returned data.

So in short terms, to view the nested group members
- Create a state view
- Change "Show data related to" to a class like 'Windows Computer'
- Change "Show data contained in a specific group" to the group of which you want the members.

But, there's quicker way to achieve this. Using Powershell you can retrieve the members of a nested group in a couple of seconds. I found out about 'Recursive' using the SCOM SDK.

$group = Get-MonitoringObject | Where { $_.DisplayName -eq "YourGroupName"}
$MonitoringClass = Get-MonitoringClass -Name "Microsoft.Windows.Computer"
$group.GetRelatedMonitoringObjects($MonitoringClass,"Recursive") | Select DisplayName