Category: Authoring

DHCP Addendum pack

Leverage DHCP addendum to tune DHCP subnet monitoring.
Leverage DHCP addendum to tune DHCP subnet monitoring.

Leverage the ‘DHCP Addendum pack’.  Why?  DHCP manages IP ranges, particularly customer facing issues like VPN connectivity, VDI/AVD/appliance devices, as well as client workstations/laptops/GFE’s.  The DHCP management pack alerts when a subnet is nearing zero available IP’s before you have an outage.  This article will help you understand how the addendum’s new capabilities tune DNS monitoring to best practice.

 

QUICK DOWNLOAD(S)

2016+ HTTPS://GITHUB.COM/THEKEVINJUSTIN/DCHPAGNOSTIC

 

What capabilities does the ‘DHCP Addendum pack’ provide?

Two groups, one DHCP server group, and DHCP subscription group to configure notifications to SME for DHCP related classes

Overrides for common alerts, disable event collection rules

 

 

Utilize the DHCP Addendum

Download the DHCP Addendum on GitHub, to get alerts where manual intervention required.

 

Update XML

The pack greatly decreases alerts, and the XML authoring is an easy feat.  After you import the pack, find/replace is required for two pieces.

  • Discovery group regular expressions (RegEx)

##DHCPServerRegEx##

Find ##DHCPServerRegEx## and replace with your DNS server expressions.

Example server names: 12dc01, 19dc01,19dc02,19dc03, etc.

RegEx = (?i)12dc0|19dc0

Using PowerShell on SCOM management server (MS) to determine group GUIDs for replace in Overrides/Discoveries.
Using PowerShell on SCOM management server (MS) to determine group GUIDs for replace in Overrides/Discoveries.

 

  • Update group GUIDs, after installing this pack.

Find/replace the GUIDs, as they are unique to every SCOM management group, hard coding the group ID GUID is not possible.  We will be running Get-SCOMClassInstance to determine the group GUID’s applicable in the management group.

 

From PowerShell, on your SCOM management server, run get-SCOMClassInstance commands for the two groups added.

get-scomclassinstance -DisplayName “Microsoft Windows DHCP 2016+ Servers” | ft Id

get-scomclassinstance -DisplayName “Microsoft Windows DHCP 2016+ subscription components” | ft Id

 

Example

Leveraging Notepad++ to find/replace the group GUID with SCOM environment specific GUIDs

Find/Replace the GUID in the pack with the ID from the output above.

Example leveraging Notepad++ to find/replace the group GUID with SCOM environment specific GUIDs

Save pack

Import into SCOM & Enjoy!

OS Addendum packs

OS Addendum packs for Windows Server from 2012 forward
OS Addendum packs for Windows Server from 2012 forward

Download the ‘OS Addendum packs’ for new capabilities contains Event count logic monitor type, Disk cleanup, Group Policy, self-healing/reset monitors, as well as ‘eventLog full’ logic and reports.  Additional monitors reduce alert noise.  Examples of common alert scenarios are: StorPort storage errors, Group Policy 1096 identification and rebuild.  Disk Cleanup & EventLog service recovery, which includes Event Log file expansion and rollover.

 

Quick DownloadS

https://github.com/theKevinJustin/2012OSAddendum

https://github.com/theKevinJustin/2016ServerAgnostic

 

 

Tune ‘OS Addendum packs’ as needed

Update logical disk paths and retentions.  The default report contains quite a few common checks, including root folders broken out by path, highest to lowest GB’.  The workflow is scalable to add additional application paths, as well as file retention timeframes.  Workflow runs on a weekly basis to cleanup/archive log files, paths.  See Disk cleanup logic blog for more details.

' OS Addendum packs' contains Logical disk breakdown of root folders to list paths were files stored, highest to lowest
‘ OS Addendum packs’ contains Logical disk breakdown of root folders to list paths were files stored, highest to lowest

 

UpdateStorPortCountForRepeatedStorageErrors

StorPort storage errors typically cut lots of alerts with storage reads/writes.  The ‘count’ monitors decrease the alerts, and the daily alert report consolidates the warning alerts (critical by default).  If you’re seeing these alerts, the default should decrease overall alerts to near zero.  Tune as  needed for disk alerts, by updating MatchCount or TimerWait in Seconds (the x events in y time piece of the monitor logic)

Update StorPort Count for Repeated Storage read/write errors
Update StorPort Count for Repeated Storage read/write errors

Save file(s) and import

AD insight reports

Need to audit AD? Use AD insight reports pack!
Need to audit AD? Use AD insight reports pack!

Download the ‘AD insights pack’ for new capabilities to audit users, svc/MSA accounts, password last set, expiring, last login AD insights. Includes AD group audit alert capability.

 

Quick Download https://github.com/theKevinJustin/ADInsights/

 

 

AD audit

Time to provide key ‘AD insight reports’ into users and groups.  Delve into different AD audit capabilities for users and groups.  The pack also gathers DC Security events (rules), and lastly, on demand tasks for reports.

 

The question is what determines a problem?

Every domain admin has a different experience and perspective, whether cyber (hack) focused or not.  Audit standards differ, from HIPAA, SOX, CCRI, STIG, etc.

Pack examples:

Users – service account naming conventions, password change frequency, expired date/time configured.

Groups – Choose your OU structure to audit WA in DA, SA in DA, WA in SA etc.

NOTE: Take caution on the OU group audit, to limit the output, as events have a size limitation

 

Configure ‘AD insight reports’

Now we can configure the user pack for applicable standards, like password age, last set, or AppOwners.  The AppOwners is an array, so you can add whatever Application, system owners/teams in your organization.  The password datasource (DS) rule runs weekly.

Configure the Password Time, last set, month, week and AppOwners to build out actionable svc/msa accounts failing audit artifacts.
Configure the Password Time, last set, month, week and AppOwners to build out actionable svc/msa accounts failing audit artifacts.

 

Break out the regular expressions of whatever accounts each team uses, to tailor relevant data into the report alert.  Find/Replace (Control-H) might be more effective, as the DS/WA repeat the logic for the on-demand task report, vs. the rule and monitor.

App Owner relevant service accounts by SamAccountName
App Owner relevant service accounts by SamAccountName

 

Update patterns ID naming conventions

Tailor account names to environment to match ingested DC Security events.

Tailor the DC Security Events to account naming conventions
Tailor the DC Security Events to account naming conventions.

 

Configure OU to environment

Configure OU structure to audit based on domain canonical names, groups, DC, etc.

AD Group audit example
AD Group audit example

 

Save file(s) and import

Disk cleanup logic

Logical disk cleanup, most times is harder vs. smarter manual intervention required, why not smarter vs. harder?
Logical disk cleanup, most times is harder vs. smarter manual intervention required, why not smarter vs. harder?

‘Disk cleanup logic’ traditionally follows manual intervention.  Why would you want harder and manual?  This article will present options to clean up system and non-system disks, by leveraging largest root folder, API’s and more.  This is one step in the OS Addendum pack that needs explanation and can be tailored to applications where admins have regular manual cleanup actions.

 

Breakdown of Disk cleanup

We want to check system disks and non-system disks for different scenarios.  Figure out Disk free space, user profiles, largest folder on root of disk, IIS cleanup, and MECM/SCCM client cache clear API.  Second, utilize different behaviors depending on PowerShell version, application log(s) cleanup, and expand drive alerts when NO space after cleanup action.

Disk Free space

# Check Disk free space
#=====================
if ($Driveletter -eq “C” )
{
$CFreeSpace = gwmi win32_logicaldisk | ? { $_.DeviceID -eq “C:” }
$CFreeSpace.DeviceID
$CFreeSpace
  $DeviceDriveLetter = $CFreeSpace.DeviceID
$DeviceDriveLetter
# Check folder size after cleanup
#==========================
$BeforeSize = (Get-ChildItem “$DeviceDriveLetter” -Recurse | Measure-Object -Property Length -Sum ).sum
$Before = [math]::Round($BeforeSize/1GB,2)
    $DiskFreeSpace = [pscustomobject]@{
DeviceID = $DeviceDriveLetter
Size = [math]::Round($CFreeSpace.Size/1GB,2)
FreeSpace = [math]::Round($CFreeSpace.FreeSpace/1GB,2)
       }
$DiskFreeSpace
$SoftwareDistribution = (gci C:\windows\SoftwareDistribution | measure length -s).sum / 1Mb
# Debug
$SoftwareDistribution

 

Check Software Distribution for ConfigMgr/SCCM/MECM client

Checking software distribution path was an item for discussion where the folder was larger than 3GB, stemming from customer and field engineers  recommendations.

 

If ($DiskFreeSpace.FreeSpace -lt 15 )
{
# Audit Software Distribution
#==================================
If ( $SoftwareDistribution -lt “3000” )
{
Write-host “NO SME/SystemOwner/SysAdmin/Server Action required”
}

If ( $SoftwareDistribution -gt “3000” )
{
Write-host “SME/SystemOwner/SysAdmin/Server Action required, stopping Windows Update service, removing SoftwareDIstribution folder and restarting”
Get-Service -Name wuauserv | Stop-Service
Remove-Item -Path C:\Windows\SoftwareDistribution -Recurse
Get-Service -Name wuauserv | Start-Service
Write-host “Windows Update wuauserv service restarted after SoftwareDistribution directory removed”
}

 

Cleanup Application log folders

The nice part of this is you can reuse this by changing the path and deletion actions to tailor to customer environment.  The script comes in handy for VEEAM, SQL, IIS instances and log directory on multiple drives.

 

# Cleanup IIS log files
#=====================
#if ( Test-Path C:\inetpub\logs\LogFiles\W3SVC1 )
#{
## Years older than
#$HowOld = [DateTime]::Now.AddYears(-1)
#$RecentUse = [DateTime]::Now.AddDays(-90)
## Path to root folder
#$Path = “C:\inetpub\logs\LogFiles\W3SVC1\*.log”
## Deletion task
#get-childitem $Path -Recurse -Depth 1 -EA SilentlyContinue | where { $_.lastAccesstime -lt $RecentUse -and $_.CreationTime -lt $HowOld -and $_.LastWriteTime -lt $RecentUse } | remove-item -force -verbose
#}

Sample report alert output

Sample system disk cleanup report alert
Sample system disk cleanup report alert

Documentation

CleanMgr https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cleanmgr

Delete client cache the right way https://sccm-zone.com/deleting-the-sccm-cache-the-right-way-3c1de8dc4b48

MECM client cache cleanup PowerShell https://learn.microsoft.com/en-us/powershell/module/configurationmanager/invoke-cmclientaction?view=sccm-ps

SCCM Client Cache cleanup https://rzander.azurewebsites.net/sccm-config-item-to-cleanup-ccmcache/

Stack Overflow disk cleanup https://stackoverflow.com/questions/28852786/automate-process-of-disk-cleanup-cleanmgr-exe-without-user-intervention

PKI Addendum pack

The PKI addendum pack monitors PKI certificate hierarchy. Certificates can be a challenge, where we want to change focus to WHEN manual intervention is required.
The PKI addendum pack monitors PKI certificate hierarchy. Certificates can be a challenge, where we want to change focus to WHEN manual intervention is required.

The ‘PKI Addendum pack’ is a tricky pack, due to certificate hierarchy.  The decisions included are part of the three pillars – health, Security, Compliance, as well as alerting WHEN manual intervention required.

 

 

QUICK DOWNLOAD https://github.com/theKevinJustin/PKIAddendum

 

 

The PKI pack provides discoveries of the server certificate stores to then analyze certificates for validity, chain, and expiration.  The v1.4.3.0 release adds some task logic and script changes that helps discover more stores, trusted root, etc.

WHAT CAPABILITIES DOES THE ‘PKI ADDENDUM PACK’ PROVIDE?

Set timeframe for certificate per organizational standards.

Break out different expiration alerts based on internal/external certificate, or by AD Client Certificate enrollment templates (to build out the manual intervention required scenario when alerts are generated).

Create groups breaking out application self-signed, PKI certificates.

Separate RDP Auth, Domain Controller, Computer, and OCSP certificates.

 

If this sounds interesting, and you want to dabble in XML authoring…

Download the pack from GitHub to improve PKI monitoring on Windows Servers.

 

Additional screenshots of addendum components

Addendum pack creates multiple groups to break out various types of certificates that have different decisions/behaviors requiring unique timing

Groups

Addendum pack created groups to help admins get to the 'manual intervention' required alerting goal.
Addendum pack created groups to help admins get to the ‘manual intervention’ required alerting goal.

 

Discoveries

Leverage dynamic groups based on server name and EnhancedKeyUsageList (EKU) list

PKI dynamic group discoveries
PKI dynamic group discoveries

 

Overrides

Change PKI pack default discoveries, lifetime threshold expirations and more

Override PKI pack defaults
Override PKI pack defaults

 

DOCUMENTATION AND LINKS

Addendum requires the PKI Certificate MP release v1.4.3.0 download

Bob’s TopQuore blog

DNS2012R2 Addendum pack

Still running Server2012R2 servers with AD DCs with AD integrated DNS?
Still running Server2012R2 servers with AD DCs with AD integrated DNS?

In case you’re still running Windows Server 2012R2, here’s the ‘DNS2012R2 Addendum pack’ giving the same functionality as the version agnostic 2016+ addendum.  Why?  DNS is a translation method to convert names to IP’s.  Can you imagine if we wanted to connect to google via IP?  The number of workflows in the SCOM DNS pack (built by the DNS Product Group) makes for an astounding number of workflows running on your DC every minute.  Forward and reverse lookups are a good check, verifying DNS is functioning.  In a complex environment with 100’s of zones, SCOM becomes a utilization culprit for a DC’s primary missions – authenticate and resolve.  This article will help you understand how the pack will add new capabilities and tune DNS monitoring to best practice.

 

Quick Download HTTPS://GITHUB.COM/THEKEVINJUSTIN/DNSADDENDUM2012R2/

 

 

What capabilities does the ‘DNS Addendum pack’ provide?

Count logic monitors (i.e. x events in y time, and self heal)

Daily summary report of DNS alerts broken out

Daily alert closure workflow to close out DNS rules/monitor

DNS service(s) recovery automation

Synthetic internal/external nslookup monitor (scoped to PDC emulators versus ALL DNS servers

WMI validation alert recovery to prevent false positive alerts with weird one off scenarios – one example: Security tools randomly block WMI access.

 

Download the ‘DNS2012R2 Addendum pack’ on GitHub to improve AD Integrated (ADI) DNS monitoring on Windows Server 2016+ (version agnostic).

Save and Import pack, then update XML for group GUIDs

 

 

Update XML

First, update XML with the GUIDs from your management group.  Second, map the group DisplayName to find/replace the GUID for each group.

Get-SCOMClassInstance output for DNS2012R2 groups
Get-SCOMClassInstance output for DNS2012R2 groups

 

Third, using Notepad++ highlight the ContextInstance GUID and hit Control-H, and paste the group GUID then click Replace All.

Using Notepad++ highlight the ContextInstance GUID and hit Control-H, and paste the group GUID then click Replace All.
Using Notepad++ highlight the ContextInstance GUID and hit Control-H, and paste the group GUID then click Replace All.

Fourth – Rinse and repeat for the other three groups.

Lastly, save file, move to SCOM MS, and import!

 

Documentation and links

DNS Pack download

DNS2012R2 addendum blog including updates

GitHub Repository https://github.com/theKevinJustin/DNSAddendum2012R2/

 

DNS Addendum pack

nslookup to find out IP to name or name to IP resolution
nslookup to find out IP to name or name to IP resolution.

 

Simply put: Leverage the ‘DNS Addendum pack’.  Why?  DNS is a translation method to convert names to IP’s.  Can you imagine if we wanted to connect to google via IP?  The amount of workflows in the SCOM DNS pack (built by the DNS Product Group) makes for an astounding number of workflows running on your DC every minute.  Forward and reverse lookups are a good check, verifying DNS is functioning.  In a complex environment with 100’s of zones, SCOM becomes a utilization culprit for a DC’s primary missions – authenticate and resolve.  This article will help you understand how the pack will add new capabilities and tune DNS monitoring to best practice.

 

QUICK DOWNLOAD(S)

2016+ https://github.com/theKevinJustin/DNSAddendumAgnostic

 

 

What capabilities does the ‘DNS Addendum pack’ provide?

Count logic monitors (i.e. x events in y time, and self heal)

Daily summary report of DNS alerts broken out

DNS service(s) recovery automation

Daily alert closure workflow to close out DNS rules/monitor

Synthetic internal/external nslookup monitor (scoped to PDC emulators versus ALL DNS servers

WMI validation alert recovery to prevent false positive alerts with weird one off scenarios – one example: Security tools randomly block WMI access.

 

Download the DNS Addendum on GitHub and the PDF install guide, to improve AD Integrated (ADI) DNS monitoring on Windows Server 2016+ (version agnostic).

 

XML authoring

The pack greatly decreases alerts, workflows on your AD integrated DNS servers, and the XML authoring is an easy feat.  After you import the pack, find/replace is required for two pieces.

  • Group GUIDs update, after installing this pack.

Find/replace the GUIDs, as they are unique to every SCOM management group, hard coding the group ID GUID is not possible.

From PowerShell, on your SCOM management server, run these commands (after DNS Addendum installed)

Use get-scomclassinstance -DisplayName “GroupNameHere” | ft Id

DNS Addendum - update overrides for group GUID from SCOM management group

Find/Replace the GUID in the pack with the ID from the output above.

 

  • Discovery group regular expressions (RegEx)

##DNSServerRegEx##

Find ##DNSServerRegEx## and replace with your DNS server expressions.

Example server names: 16dns01, 19dc01,16dns02,19dc02,19dc03, etc.

RegEx = (?i)16dns0|19dc0

DNS Group discovery example of RegEx for find/replace
DNS Group discovery example of RegEx for find/replace

 

Save and Import & Enjoy!

MSSQL Addendum pack

 

Time to tune MSSQL alerts!
Time to tune MSSQL alerts!

The ‘MSSQL Addendum pack’ wouldn’t be possible without Brandon Pires contributions.  Brandon dealt with my many questions to better alert!  If you need more background, check the ‘why addendum pack’ post.

Quick Download(s)

2012+ https://github.com/theKevinJustin/MSSQLAddendum

 

Capabilities

The pack is based on the SQL engineering blog and program team making multiple updates per year for SQL monitoring.  The addendum creates two groups for dev/test and notification/subscription modeling.  Second, the overrides, man there are a bunch! aid consumption of real issues.   Lastly, most environments should be SQL 2016+, as the 2012R2 EOL/EOSL is quickly approaching in October!

MSSQL groups defined in the Addendum pack
MSSQL groups defined in the Addendum pack

MSSQL group discoveries require updates to be applicable to environment

 

Tailor addendum

First, the Addendum pack requires the MSSQL packs MUST be installed.  The addendum is based on the MSSQL 2016+ version agnostic is currently supported, as the 2012,2012R2 products are near end of support.

Find/Replace the variables as needed:

Example    ##TESTSERVER##|##DEVSERVER##

Save file

 

Overrides

Addendum pack contains discovery, monitor, and rule overrides to tune MSSQL to CSA (old PFE/CE/CSAe Microsoft Field engineer recommendations), to match the health model reducing critical ‘wake me up in the middle of the night’ alerts.

Partial snapshot of MSSQL overrides in the pack
Partial snapshot of MSSQL overrides in the pack

Import

Download pack, and save to your environment

Import into SCOM

Enjoy!

 

 

MSSQL Addendum references

MSSQL Engineering blog and old post here

SQL Releases TechCommunity here

Engineering team latest management pack, TechCommunity release v7.2.0.0

Import ‘gotcha’ importing new custom functionality blog

ADFS Addendum pack

Do you associate StarTrek when the word federation is used inside of federation services (ADFS)?
Do you associate StarTrek when the word federation is used inside of federation services (ADFS)?

To begin, the ‘ADFS addendum pack’ needs acknowledgement of the contributors who dealt with my many questions to better alert on AD issues!  My thanks to Jason Windisch for his help and expertise with Active Directory Federation Services (ADFS).  If you need more background, check the ‘why addendum pack’ post.  BTW, what do you associate with the word – Federation?

Quick Download(s)

2016+ https://github.com/theKevinJustin/ADFSAddendum

 

Overview of capabilities

The Active Directory Federation Services ‘ADFS Addendum pack’ configures ADFS group of related classes for notification/subscription modeling.  Second, the rules, service monitors, tasks, service recovery, alert cleanup, and summary reports aid consumption of real issues.  Third, if you have ADFS2012R2, I have an addendum pack, but coordination necessary to get the ADFS management packs MSI (not currently available).  Lastly, most environments should be 2016+, as the EOL/EOSL is quickly approaching in October!

ADFS Addendum pack creates ADFS Group AND discovery requiring server names applicable to environment.
ADFS Addendum pack creates ADFS Group AND discovery requiring server names applicable to environment.

ADFS Group discovery requires server names applicable to environment

 

Tailoring the pack(s) to your environment

First, the Active Directory Federation Services management packs MUST be installed for the ‘ADFS Addendum pack’ to load.  2016+ agnostic is currently supported, as the 2012,2012R2 products are near end of support.

Find/Replace the variables as needed

##ADFSSERVERNAME1##|##ADFSSERVERNAME1##|##LAB##

Save file

 

Workflows

First, the DataSources (DS) and WriteActions (WA) clean up alerts, create daily reports, where the WA are the on-demand tasks versions.

Data source (DS) scheduled workflows run weekdays between 0600-0700 local SCOM management server local time.  The summary and team reports (run during this time) summarize key insights.  NOTE: the Monday report gathers the last 72 hours, so administrators get a ‘what happened over the weekend’ view.  Tuesday-Friday reports are past 24 hours.  Lastly, the group policy report summarizing unique GPUpdate error output.

 

Monitoring

ADFS Monitoring components screenshot from Notepad++
ADFS Monitoring components screenshot from Notepad++

Addendum pack rules schedule data source execution, add on-demand tasks.   The service monitor, and Recovery tasks add service recovery automation to bring us to the ‘manual intervention required’ alerting.  There are a few monitor/rule overrides to match the health model.

 

Import

Download updated ‘ADFS addendum pack’ and save to your environment

Import into SCOM

Enjoy!

 

Documentation

ADFS 2016+ management pack download

ADDS addendum pack

Active Directory monitoring - definitely needs an addendum!
Active Directory monitoring – definitely needs an addendum!

To begin, the ‘ADDS addendum pack’ needs acknowledgement of the contributors who dealt with my many questions to better alert on AD issues!  My thanks to Bob Williams, Vance Cozier, Jason Windisch for their help and expertise with Active Directory (AD/ADDS).  If you need more background, check the why addendum pack post.

Quick Download(s)

2012 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADDS2012ADDENDUM/

2012R2 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADDS2012R2ADDENDUM/

2016+ https://github.com/theKevinJustin/ADDSAddendumAgnostic

 

Overview of capabilities

The Active Directory ADDS Addendum pack(s) change how Tier0 health, and Domain Admins consume alerts.  Then, AD product team re-wrote the packs back in 2016 to PowerShell workflows.  Many workflows measuring replication, health of your forest(s), at the cost of less alert noise than the 2008 packs.  Third, the addendums for 2012, 2012R2, and 2016+ version agnostic should help reduce alert ‘burden’.  Lastly, most environments should be 2016+, as the EOL/EOSL is quickly approaching in October!

 

Workflows

First, the DataSources (DS) and WriteActions (WA) clean up AD pack alerts, create daily reports, team, and AD pack summary alerts, where the WA are the on-demand tasks versions.

DataSources (DS) and WriteActions (WA) clean up AD pack alerts, create daily reports, team, and AD pack summary alerts, and the WA are the on-demand tasks versions of the DS
DataSources (DS) and WriteActions (WA) clean up AD pack alerts, create daily reports, team, and AD pack summary alerts, and the WA are the on-demand tasks versions of the DS

Data source (DS) scheduled workflows run weekdays between 0600-0700 local SCOM management server local time.  The summary and team reports (run during this time) summarize key insights.  NOTE: the Monday report gathers the last 72 hours, so administrators get a ‘what happened over the weekend’ view.  Tuesday-Friday reports are past 24 hours.  Lastly, the group policy report summarizing unique GPUpdate error output.

 

Monitoring

ADDS monitoring snapshot showing rules, tasks, recoveries with added capabilities
ADDS monitoring snapshot showing rules, tasks, recoveries with added capabilities

Addendum pack rules schedule data source execution, adding on-demand task alerts, including new group policy rule alerts.   The Recovery tasks add service recovery automation to bring us to the ‘manual intervention required’ alerting.  There are a few monitor/rule overrides to match the health model.  NOTE: The 2012R2 pack is missing the component alert, as there’s less than 2 months until the platform support ends.

The component alert is a new workflow that’s helped Tier0 admins.

Basically, this is a PowerShell workflow that checks SCOM alerts for multiple DC alerts to determine DC health.  I don’t change the AD critical service monitors, but simply summarize the alerts to tell you when intervention is required.

 

 

 

Tailoring the pack(s) to your environment

First, the Active Directory Domain Services management packs MUST be installed for the ‘ADDS Addendum pack'(s) to load.  The three versions currently supported have addendums, hopefully 2012,2012R2 are planned to be decommissioned in the short term.

 

Update the AD summary and team reports

The AD summary and team reports for specific Tier0 servers owned by Domain Administrators, AD Team (or any other aliases the SME’s may go by) group regular expressions.

In your favorite XML editor (mine is Notepad++), open the addendum pack(s), and find/replace for the following strings:

Look for the $ADDSServerAlerts

$ADDSServerAlerts = $ADDSReportAlerts | ? { ( $_.NetBiosComputerName -like “*A1*” ) `

 

Save pack

Import and enjoy!

 

Documentation

ADDS 2012+ management pack download