SMUG Presentation February 3rd 2009: Administrative uses of Powershell in OpsMgr 2007

The following are examples I demonstrated to show how easy and powerful PowerShell is to use with Operations Manager 2007.

Powershell House Keeping:
=========================
Update-Gac.ps1 only has to be run once per machine.

Speeding Up Powershell Startup - Update-Gac.ps1

 

Powershell's execution Policy is Restricted by Default. The setting that will allow scripts to run is Unrestricted.

To set the execution policy to unrestricted:
--------------------------------------------
Set-ExecutionPolicy unrestricted

To set the execution policy back to restricted:
-----------------------------------------------
Set-ExecutionPolicy Restricted

To check the current execution policy:
---------------------------------------
Get-ExecutionPolicy

 

Get-Agent Examples:
===================

To get the properties you can play with in Powershell use the GM -membertype property
--------------------------------------------------------------------------------------
get-agent | get-member -membertype property

Get a list of agents and their current health state:
-----------------------------------------------------
get-agent | sort-object computername | select-object computername, Healthstate | format-table -auto

Display proxy settings for all agents:
----------------------------------------
get-agent | ft name,proxyingenabled

Check the proxying on servers with SCCM in the name:
----------------------------------------------------
get-agent | where {$_.computerName -match 'SCCM'} | ft name,proxyingenabled

to set the proxying enabled on servers with the SCCM in the name is a small three lined operation (Brian Wrens Blog):
--------------------------------------------------------------------------------------

$agents = get-agent | where {$_.computerName -match 'SCCM'}
$agents | foreach {$_.ProxyingEnabled = $true}
$agents | foreach {$_.ApplyChanges()}

To get a list of computers that report to this management server
-----------------------------------------------------------------
get-agent | ft *displayname

To get a list of agent managed machines and their IP Address associated with the specified management server
--------------------------------------------------------------------------------------------------------------
get-agent | ft displayname, IPAddress

To get the computer name and who installed that agent on a computer with the ip address of "1.1.1.1"
-----------------------------------------------------------------------------------------------------
get-agent | where-object {$_.IPAddress -eq "1.1.1.1"} | format-list -property, displayname, InstalledBy

To get a list of computers whose names start with "EX*" associated with the specified management server:
---------------------------------------------------------------------------------------------------------
get-agent | where-object {$_.DisplayName -like "EX*"} | format-list -property, displayname

Get-ManagementPack and Export-ManagementPack
=============================================

Export all management packs in a management group:
---------------------------------------------------
get-managementPack | export-managementPack -path D:\MPDUMP\

Important Note about SCOM get data cmdlets:
===========================================

**Criteria Is Case Sensitive with all the get data SCOM cmdlets like Get-Alert, Get-Event, Get-PerformanceCounter, Get-PerformanceCounterValue!!

Notice the case used with the criteria below:
>(get-alert -criteria 'SeveritY = ''0''').count
Get-Alert : A property name in the 'Criteria' parameter is unknown.
At line:1 char:11
+ (get-alert  <<<< -criteria 'SeveritY = ''0''').count
PS Monitoring:\SCOMRMS001
>(get-alert -criteria 'Severity = ''0''').count
8627
PS Monitoring:\SCOMRMS001

**Using criteria with SCOM get data cmdlets applies the filter on the back end and will not use local resources. The where-object cmdlet will use local resources, so try not to use it.

GET-ALERT Examples:
===================

To get the properties you can play with in powershell using the Get-Alert cmdlet use the GM -membertype property
----------------------------------------------------------------------------------------------------------------------------------------------------
get-alert | get-member -membertype property

To show all alerts for Computer NOCDC01
----------------------------------------------------
get-alert -criteria 'NetbiosComputerName = ''NOCDC01'''

That showed too many alerts so let’s pipe the output to the export-csv cmdlet.
-------------------------------------------------------------------------------------------------------
get-alert -criteria 'NetbiosComputerName = ''NOCDC01'''| export-csv c:\alert.csv

To show all Resolved alerts for computer NOCDC01
----------------------------------------------------------------
get-alert -criteria 'NetbiosComputerName = ''NOCDC01'' AND ResolutionState = ''255'''

Quick counts of alerts and alert types:
====================================

count of all Informational alerts
----------------------------------------
(get-alert -criteria 'Severity = ''0''').count

count of all Warning alerts
----------------------------
(get-alert -criteria 'Severity = ''1''').count

To get a count of all Critical alerts
--------------------------------------
(get-alert -criteria 'Severity = ''2''').count

To get a count of all new alerts:
------------------------------------------
(get-alert -criteria 'ResolutionState = ''0''').count

To get a count of all new information alerts
-------------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''0''').count

To get a count of all new Warning Alerts:
-----------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''1''').count

To get a count of all new Critical Alerts:
-----------------------------------------------------
(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2''').count

A few examples of string wild card with Get-Alert
==================================================

Get a count of all alerts whose names start with AD.
------------------------------------------------------------------
get-alert -criteria 'Name Like ''AD%''' | measure-object

Get a count of how many alert names that have the string SQL in them.
-------------------------------------------------------------------------------------------
get-alert -criteria 'Name Like ''%SQL%'''| measure-object

Get open alerts whose alert names start with Agent proxying:
-------------------------------------------------------------------------------
get-alert -criteria 'Name Like ''Agent proxying%'' AND ResolutionState = ''0'''
or
get-alert -criteria 'Name Like ''Script%'' AND ResolutionState = ''0'''
or
(get-alert -criteria 'Name Like ''Script%'' AND ResolutionState = ''0''').count

Useful one liners if you use the SCCM and SQL MPS:
===================================================

Get a count of Alerts whose name is Auto Close Flag
------------------------------------------------------------------
(get-alert -criteria 'Name = ''Auto Close Flag''').count

Get a list of netbios computer names that have alerts named Auto Close Flag and get the name of the database that has that property enabled.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
get-alert -criteria 'Name = ''Auto Close Flag''' | ft -property Netbioscomputername, Monitoringobjectname

Get a list of netbios computer names that have alerts named Auto Shrink Flag and get the name of the database that has that property enabled.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
get-alert -criteria 'Name = ''Auto Shrink Flag''' | ft -property Netbios

Other Folks get-alert one liners:

Pete Zeger's Operations Manager 2007 Top Alerts Report

http://www.systemcenterforum.org/powershell-tip-operations-manager-2007-top-alerts-report-part-1/
--------------------------------------------------------------------------------------------------

get-alert | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

walk thru of the one-liner:
Get-alert - Returns all alerts

Group-object - Returns the list with a count of the number of times the alert by a particular name occurs

Sort - To sort the list of alerts in descending order by count.

Select-Object - Allows us to remove the group column that obscures the display of the full alert name AND allows us to use the -first parameter to return only the top X alerts (top 5 in our example).

Format-table - with the -auto flag to left justify and remove the unnecessary space.

Keep in mind that the above one liner is for all alerts, both new and resolved.
So I modified Pete’s one liner to include only new alerts in the ‘report’.
To get a report of Top New Alerts just add the Get-Alert criteria for Resolutionstate = 0 like below:

Operations Manager 2007 Top Open Alerts Report:
----------------------------------------------------------------
get-alert -criteria ‘ResolutionState = ”0”’ | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

Then to get the top closed alerts (change the criteria for resolution state to 255):
---------------------------------------------------------------------------------------------------------
get-alert -criteria `ResolutionState = "255"' | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

Top 5 computers with new alerts.
-------------------------------------------
get-alert -criteria 'ResolutionState = ''0''' | Group-Object PrincipalName |Sort -desc Count | select-Object -first 5 Count, Name | Format-table -auto

Top 5 computers with resolved alerts:
------------------------------------------------
get-alert -criteria 'ResolutionState = ''255''' | Group-Object PrincipalName |Sort -desc Count | select-Object -first 5 Count, Name | Format-table -auto

Get top 5 new critical alerts by count:
-------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2''' | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto

what alerts are open and created by a monitor
------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''True'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

what alerts are open and created by a rule
------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''False'''|Group-Object Name |Sort -desc Count | select-Object Count, Name |Format-Table -auto

Get alert information and slap it into a csv file:
------------------------------------------------------------
get-alert  | select-object NetbiosComputerName, Description, Severity | Export-Csv -path “c:\alerts.csv“

RESOLVE-ALERT:
===============

using get-alerts cmdlet you can pipe specific alerts to the resolve-alerts cmdlet, and set options to close the alerts with:
----------------------------------------------------------------------------------------------------------------------------------------------------------
get-alert -criteria 'LastModified >= ''4/6/2008'' AND ResolutionState = ''0'' AND Category = ''Alert'''| resolve-alert -comment "Chuck Norris resolved these alerts with his fists of fury!!!!" | out-null

Close all open alerts that were generated by a Rule:
------------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''False'''| resolve-alert -comment "Closing rule generated alerts" | out-null

Close all open alerts that were generated by a monitor:
-----------------------------------------------------------------------
get-alert -criteria 'ResolutionState = ''0'' AND IsMonitorAlert = ''True'''| resolve-alert -comment "Closing Monitor generated alerts" | out-null

Reset health for a monitor called "Manual monitor" on all objects of the class "Contoso.MyCustomClass" currently in an Error state (Brian Wrens Blog)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
$mon = get-monitor | where {$_.displayName -eq 'Manual monitor'}
$mc = get-monitoringClass -name Contoso.MyCustomClass
$mc | get-monitoringObject | where {$_.HealthState -eq 'Error'} | foreach {$_.ResetMonitoringState($mon)}

GetMonitorThresholds script can be downloaded from Brian Wrens Blog):
---------------------------------------------------------------------------------------------
getmonitorthresholds.ps1 | where {$_.target -match 'sql'}

 

Resources:
===========

SCOM Blogs

Pete Zerger MVP Blog: http://www.systemcenterforum.org/

Jeremy D. Pavleck MVP Blog: http://pavleck.net/

Brian Wren MS Blog: http://blogs.technet.com/brainwren/default.aspx

System Center Operations Manager Command Shell Blog: http://blogs.msdn.com/scshell/

 

Powershell Blogs:

Marco Shaw MVP Blog: http://marcoshaw.blogspot.com

The Microsoft news group: microsoft.public.opsmgr.powershell

http://powershellcommunity.org/

http://powerscripting.wordpress.com/ podcast of what is going on in the world of powershell.

Comments

No Comments