SCOM PowerShell script for listing a User Role with it's Group Scope.
It returns all non-system* User Roles with a (sorted) list of groups from the Group Scope.
Stay tuned because i'm working on the 'Views' part.
Get-UserRole | Sort-Object DisplayName | foreach {If($_.IsSystem -ne $true){Write-Host "--" $_.DisplayName "--";If($_.Scope.MonitoringClasses -ne $null){$_.Scope.MonitoringClasses | foreach {Get-MonitoringClass -Id $_} | Sort-Object DisplayName | foreach {Write-Host " "$_.displayName}}else{$_.Scope.MonitoringObjects | foreach {Get-MonitoringObject -Id $_} | Sort-Object DisplayName | foreach {Write-Host " "$_.displayName}}}}
For better readability:Get-UserRole | Sort-Object DisplayName | foreach {
If($_.IsSystem -ne $true)
{
Write-Host "--" $_.DisplayName "--"
If($_.Scope.MonitoringClasses -ne $null){
$_.Scope.MonitoringClasses | foreach {Get-MonitoringClass -Id $_} | Sort-Object DisplayName | foreach {Write-Host " "$_.displayName}
} else {
$_.Scope.MonitoringObjects | foreach {Get-MonitoringObject -Id $_} | Sort-Object DisplayName | foreach {Write-Host " "$_.displayName}
}
}
}
For SCOM 2012
#SCOM 2012
Get-SCOMUserRole | Sort-Object DisplayName | foreach {
If($_.IsSystem -ne $true)
{
Write-Host "--" $_.DisplayName "--"
If($_.Scope.Objects -ne $null){
$_.Scope.Objects | foreach {Get-SCOMClass -Id $_} | Sort-Object DisplayName | foreach {Write-Host " "$_.displayName}
}
If ($_.Scope.Classes -ne $null) {
$_.Scope.Classes | foreach {Get-SCOMClass -Id $_ -Id $_} | Sort-Object DisplayName | foreach {Write-Host " "$_.displayName}
}
}
}
* = These roles are specified as System Roles:
Operations Manager Administrators
Operations Manager Advanced Operators
Operations Manager Authors
Operations Manager Operators
Operations Manager Read-Only Operators
Operations Manager Report Security Administrators
For exporting and importing complete user roles, see http://blogs.msdn.com/b/rslaten/archive/2008/11/03/exporting-and-importing-user-roles.aspx
5 reacties:
Can this be easily modified for the System Roles? I want to export all the Groups in the Groups Scope for each of my accounts under 'Operations Manager Operators'. This way I can easily see which SCOM groups each group can currently see.
@OdgeUK. The System Roles are created during setup. Those User Roles are (globally) scoped to all groups and that can't be changed. You probably want to list all your User Roles with a 'Operators' profile and a custom scope.
You could filter that at the beginning of the script. I don't have a 2007 environment at my disposal so I only know that this works with the code below for 2012:
Get-SCOMUserrole | Where { $_.ProfileDisplayName -eq "Operator"} | ....
To see what your options are with 2007:
Get-UserRole | ? { $_.DisplayName -match "YourUserRoleDisplayName" } | gm
Thanks for the reply! Yes, I'm looking to export all Custom User Roles (in my case, those created under 'Operators'), and return the Group Scope (which is custom for all of these). Views would be nice too! The problem I am having is that the script errors at:
$_.Scope.MonitoringObjects | foreach {Get-SCOMMonitoringObject -Id $_}
"GetScomClassIntance : Cannot validate argument on parameter 'Id'. The argument is null or empty."
If I just run Get-SCOMUserrole | Where { $_.ProfileDisplayName -eq "Operator"}
Or
Get-SCOMUserRole | Sort-Object DisplayName
It does return relevant User Roles from the system.
Strange?
@OdgeUK. I wrote the script for SCOM 2007. Just added the SCOM 2012 version.
So that's basically awesome. Thank you so much. Please let me know if you do one that captures the Views too. Amazing. Thanks again!
Post a Comment