Hear ye hear ye

See the nice warm toasty updated packs

Fresh off the press, right to your door, just in time for that gift for your special someone! Time for new updates to keep you ever-green’d, up to date, fixes, etc. ;-P

Holman updated his SCOM.Management pack for SCOM2022 UR2

Github https://github.com/thekevinholman/SCOM.Management

Addendum packs updated

Multiple packs with multiple updates. Removed debug detail for DS/WA (Data Source/Write Action workflows) Health Explorer outputs, simplified mgmt pack recovery tasks for single WA script.

Active Directory Certificate Services (ADCS) version agnostic 2016+ addendum https://github.com/theKevinJustin/ADCS2016-Addendum 2012 here See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/18/adcs-addendum-packs/

Active Directory Domain Services addendum https://github.com/theKevinJustin/ADDSAddendumAgnostic

See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/18/adds-addendum-pack/

Active Directory Federation Services addendum https://github.com/theKevinJustin/ADFSAddendum See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/18/adfs-addendum-pack/

FileServices Agnostic addendum https://github.com/theKevinJustin/FileServicesAddendum See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/31/file-services-addendum/

MCM/MEM/MECM/SCCM Configuration Manager addendum https://github.com/theKevinJustin/MECMSCCMAddendum See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/30/mecm-sccm-addendum-pack/

PKI certificate monitoring addendum https://github.com/theKevinJustin/PKIAddendum See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/24/pki-addendum-pack/

Proactive NOSC DailyTasks reports addendum https://github.com/theKevinJustin/ProactiveNOSCDailyTasks See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/15/proactive-daily-reports/

SCOM Core addendum https://github.com/theKevinJustin/SCOMCoreAddendum See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/30/scomcore-addendum-pack/

Top Process workflows tied to monitors in Tier1 https://github.com/theKevinJustin/TopProcessTier1 See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/15/proactive-daily-reports/

Tier0 https://github.com/theKevinJustin/TopProcess

Windows Server 2012/2012R2 Operating System Addendum https://github.com/theKevinJustin/2012OSAddendum See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/28/os-addendum-packs/

Windows Server 2016+ version agnostic Operating System Addendum https://github.com/theKevinJustin/2016ServerAgnostic See the blog post for capabilities here https://kevinjustin.com/blog/2023/08/28/os-addendum-packs/

Enjoy!

STIGs for SCOM FIPS compliance on Windows

What does your mind link to with the FIPS acronym? FIPS makes me think of the movie Greyhound where Tom Hanks says LT Flipper, instead of Fippler, all that said being ZERO to do with resolving ‘STIGs for SCOM FIPS compliance on Windows’

The biggest hurdle to ‘STIGs for SCOM FIPS compliance on Windows’, is obtaining the files. The current bundled SCOM ISO’s since 2012 SP1 do NOT contain the gacutil, and cryptography DLL files, to resolve STIG V-220942 (win10), V-226335 (Server 2012/2012R2), V-73701 (Server 2016), V-93511 (Server 2019), V-254480 (Server 2022). As much as we want to resolve FIPS ‘STIGS for SCOM FIPS compliance for Windows Server’, gotta start with the finding relevant files. My thanks to Nathan Gau, Tyson Paul, and Aakash Basavaraj, for their involvement and clarification.

Install DLL for STIGs for SCOM FIPS compliance on Windows

Time to mitigate!

Let’s begin to fix the SCOM Web Console role servers (possibly SQL SSRS and PowerBI Report Server included) for resolving multiple ‘STIGs for SCOM FIPS compliance for Windows Server’. Blog post applies to multiple STIG(s) including STIGs V-220942, V-226335, V-73701, V-93511, V-254480

Download files

Whether from blog download link, or if you have the old ISO’s to obtain the DLL, and server ISO for gacutil , or myvisualstudio.com link

Download SCOM ISO from my.visualstudio.com/Downloads?q=operations

If you downloaded from my.visualstudio.com, extract from ISO.

Copy files to IIS role servers (SCOM web console, SSRS, or PowerBI report Servers) to setup files for FIPS compliance.

Download the DLL to the SCOM default folder –

Best practice is SCOM Default folder on non-system disk @

D:\Program Files\System Center\Operations Manager\Server

Update the registry on relevant servers

Registry key update is required to mitigate ‘STIGs for SCOM FIPS compliance on Windows’.

STIG states to create Enabled Key with a value of 1 in HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\

Verification via RegEdit (registry editor)

Display of regedit for the FIPS enabled key

PowerShell Verification:

$RegPath = “HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy”

[string]$FIPSEnabled = (Get-ItemProperty -Path $RegPath -Name Enabled).Enabled

if ( $FIPSEnabled -eq 0 ) {write-host “FIPS disabled” }

Example Output

PS C:\> $RegPath = “HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy”

PS C:\> [string]$FIPSEnabled = (Get-ItemProperty -Path $RegPath -Name Enabled).Enabled

PS C:\> $FIPSEnabled

PS C:\> if ( $FIPSEnabled -eq 0 ) {write-host “FIPS disabled” }

FIPS disabled

PowerShell to set the registry key:

Blog link

$registryPath = “HKCU:\Software\ScriptingGuys\Scripts”

$Name = “Version”

$value = “1”

New-ItemProperty -Path $registryPath -Name $name -Value $value `

-PropertyType DWORD -Force | Out-Null

Reboot web console servers to verify web console functionality!

This concludes resolving ‘STIGs for SCOM FIPS compliance for Windows Server’

Relevant links and documentation of ‘STIGs for SCOM FIPS compliance on Windows’

Download from blog here (Link https://kevinjustin.com/downloads/FIPS/SCOM-FIPS-dll-and-gacutil.zip)

Nathan Gau’s blog here

VisualStudio download for SCOM ISO’s here

STIG V-220942 for Windows 10

STIG V-226335 for Windows Server 2012/2012R2

STIG V-73701 for Windows Server 2016

STIG V-93511 for Windows Server 2019

STIG V-254480 for Windows Server 2022

NIST reference for hash functions https://csrc.nist.gov/projects/hash-functions

TechNet migrated forum post here

Tenable link for Server 2016 here

NIST policy for Windows Server2019 https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf

Windows runs per FIPS 140-2 Section 4.9 https://learn.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Researching further, Microsoft certified server2016,2019 per learn articles.

Server 2016 https://learn.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation

Server 2019 https://learn.microsoft.com/en-us/compliance/regulatory/offering-fips-140-2

To Counter the STIG https://www.howtogeek.com/245859/why-you-shouldnt-enable-fips-compliant-encryption-on-windows/

WebConsole APM hotfix for SCOM2012R2 and above

Vaccination Record - SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above — Vaccination Record

SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above, time for another SCOM shot! Don’t forget your vaccination card 🙂

Let’s get started. Time to fix the vulnerability for ‘SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above’. Read the support article, and assess what versions you have in your sandbox and production. Once assessed, it’s time to test/implement/verify the fix applied.

Support article

https://support.microsoft.com/en-us/topic/update-for-idor-vulnerability-in-system-center-operations-manager-kb5006871-0e3a513a-ad80-4830-8984-2fc5a40ee7f7

SCOM WebConsole Hotfix links

(support.microsoft.com articles)

Specific support article for SCOM2019 UR3 Hotfix

SCOM2019 UR3 Hotfix support.microsoft.com article link

Specific support article for SCOM2016 UR10 Hotfix

SCOM2016 UR10 Hotfix support.microsoft.com article link

Specific support article for SCOM2012R2 UR14 Hotfix

SCOM2016 UR10 Hotfix support.microsoft.com article link

# Download (same EXE has all 3 SCOM versions)

https://download.microsoft.com/download/3/e/e/3eec1274-64d5-4285-84b9-c50800eb2dd2/KB5006871.EXE

Hotfix updates two paths on SCOM management server with the WebConsole role

Paths updated

(don’t forget to add File Version property to your display)

NOTE Drive letter depends on where you installed SCOM (typically D:)

SCOM2019 paths

D:\Program Files\Microsoft System Center\Operations Manager\WebConsole\AppDiagnostics\Web\bin

D:\Program Files\Microsoft System Center\Operations Manager\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin

SCOM2016 paths

D:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole\AppDiagnostics\Web\bin

D:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin

Screenshot of paths

AppDiagnostics File Path - SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above — AppDiagnostics File Path

AppDiagnostics AppAdvisor File Path - SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above — AppDiagnostics AppAdvisor File Path

Just in case you forgot how to add properties in Windows Explorer…

In the columns (Name, Date modified, etc,) right click > More

Add file property - SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above — Add file property

Hit F to move down to the F named details > hit check box for ‘File Version’ or click on File Version and hit space bar

Click on OK

Add file property File Version - SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above — Add file property File Version

Sort by ‘Date Modified’ Column

Verify File Version - SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above — Verify File Version

File versions AFTER installing hotfix

Depending on which SCOM version you’re running, the path stays pretty much the same, and you want to verify that files were updated for the ‘SCOM hotfix released for WebConsole/APM’

SCOM2019

UR3 = 10.19.10505.0 > Hotfix file version = 10.19.10550.0

SCOM2016

UR10 = 7.2.12324 > Hotfix file version = 7.2.12335.0

Standard UR10 files are 8.0.10918.0

Voila > SCOM hotfix complete

Notify your Security team you’ve patched, because sometimes the scanner software isn’t accurately updated (where Security needs to open a case with their vendor!)

Complete: Patched environment for ‘SCOM WebConsole/APM on SCOM2012R2 and above’

Service Map – Setting up SCOM management group

It’s time to get my SCOM MG running Service Map

Nothing like seeing what an application actually does, mapping ports a server is using, and who the server talks to!

From the docs site – https://docs.microsoft.com/en-us/azure/monitoring/monitoring-service-map-scom

Download Management Pack

Let’s start with the pack download

Download Management Pack

Install Management pack

Choose your preference

PowerShell (as admin)

Import-SCOMManagementPack -FullName “S:\monadmin\backup\$date”

In case you need help – TechNet article

Lab Example

Import-SCOMManagementPack -FullName “S:\MonAdmin\SCOM\Management packs\Service Map – Blue Stripe for SCOM – OMS\v1.0.0.6\Microsoft.SystemCenter.ServiceMap.mpb”

Import via SCOM Console

Configure the Service Map integration

In SCOM Console, click on Administration Tab

Navigate to the Operations Management Suite, and expand for the Service Map selection

Click ‘Add workspace’

Paste in your Tenant ID, Application ID, and Service Principal Key that you set up prior

Click Next

Verify Workspace Information
Click Next

Two options – if you don’t have any Windows Computer based groups in your MG, skip down to Server Selection

If there are Machine Groups to add, click ‘Add/Remove’

Click Next to select individual servers

Click Add

Click OK to close window

Click Next to move to next window

NOTE

Speed to fetch information is based on a rule see docs site
In the Server Selection window, you configure the Service Map Servers Group with the servers that you want to sync between Operations Manager and Service Map. Click Add/Remove Servers.

For the integration to build a distributed application diagram for a server, the server must be:

Managed by Operations Manager
Managed by Service Map
Listed in the Service Map Servers Group

From <https://docs.microsoft.com/en-us/azure/monitoring/monitoring-service-map-scom>

Setup proxy if needed

Click Add Workspace

Use Service Map

Time to Use the tool – https://docs.microsoft.com/en-us/azure/monitoring/monitoring-service-map

Verifying Servers specified in Service Map

Verify group

SCOM Console > Authoring Tab > Groups

Look for > Service Map

View Group members or look at Explicit tab

Troubleshooting

On Management Server (MS), Operations Manager Event log

PowerShell

get-eventlog -logname “Operations Manager” -newest 25

# This command will help if you get stuck on the workspace

get-eventlog -logname “Operations Manager” -Source “Operations Manager” -newest 25 | ? {$_.eventID -eq 6400 } |fl

GUI

Filter by Error,Warning

Install Azure Log Analytics Service Map Dependency Agent

To make all this work, sometimes, it seems like a slot machine, deposit your quarter, and hope you hit the jackpot!

So to get started, you probably have a list of computers where you have the MMA agent, and want to install Service Map to see how and who the computers are talking (to)

Click on Log Analytics

Click on your Subscription

Click on Service Map

Click on the Download link for Windows or Linux

Save file

Take saved file and copy to computer

GUI method

If you want a PowerShell method, Daniel Orneling has a great blog and Gallery TechNet script that will help

Docs site link has more details

Execute the InstallDependencyAgent-Windows.exe

Answer yes for UAC elevation

Click I Agree

Click Finish

Verify Agent installed

NOTE: If installing for SCOM, it's based on the Rule 'Microsoft.SystemCenter.ServiceMapImport.Rule'

https://docs.microsoft.com/en-us/azure/monitoring/monitoring-service-map-scom#configure-rules-and-overrides

PowerShell

get-eventlog -logname “Operations Manager” -Source “HealthService” -newest 25 | ? {$_.eventID -eq
1201 } |fl

get-service MicrosoftDependencyAgent

Event Viewer

Azure Log Analytics Service Map Planning and Pre-reqs

My grandfather said two things:

An ounce of prevention is worth a pound of manure

Death and taxes are part of life

Planning out a deployment is a good thing.

My best friend would say “No one plans to fail, they just fail to plan”

This will be a multi-part blog – breaking out the high level steps, and my experience getting the solution set up.

What do we need for Service Map?

Azure connectivity
- Setup Log Analytics workspace on MMA/SCOM agent article
- Troubleshooting onboarding issues KB,
  - Check for Events in Operations Manager event logs blog
Computers in scope for visualization
- What computers (Windows or Linux)
- Pricing FAQ
Dependency agent installed on computers
- Configure
Azure Service Principal
- (think of it as an SSH shared key ID/password for Azure Apps to communicate)
- Docs article

High level steps

Overview blog
Install the MMA agent blog
Install the dependency agent blog
Configure Azure Service Principal blog
Configure Service Map on SCOM blog

SQL MP bloat

Updated 25 Feb 2023

Ever wish alerts were like a wad of cash?

The more you solve, the more you make!

How about performance counter data?

The SQL management packs are awesome for visualizations, and provide a bunch of data.

Tim McFadden pointed out SQL Performance counters https://www.scom2k7.com/crazy-db-performance-collection-rules-in-the-sql-mps/

His blog brings up SQL MP Disk Latency performance counters.

His blog got me thinking about SQL DB and DB file design, where multiple DB files are on the same Drive, causes duplicate performance counters (SCOM workflows) on the agent, and will typically be one of the culprits for HealthService restarts.

SQL MP creates performance counters (per DB file, group, instance, engine)

Let’s start with how I figured out why all my money goes into storage.

Start in the SCOM console

Click on the Reporting Tab

Click on the ‘System Center Core Monitoring Reports’ folder

Double click on the Data Volume by Management Pack

View of SCOM report from console reporting tab

Select the timeframe (from, to)

Click Run

Reporting Data

I have 2 2016 DB’s and 1 2014 (SCVMM) database server monitored, and it’s 50% of my data volume!

Another example – had the DW shutdown for days

Did you know there are 60+ perf counter rules in 2012 alone, and nearly 200 in 2016?

How about an OFF pack, a management pack that turns off all the performance counter rules?

The monitors still exist for health, just no pretty performance graph, should you look.

Github repo link

Check out the Gallery post for download

TechNet gallery download

Zip file contains

OFF MP’s for 2008,2012,2014,2016
XLS sheets to allow you to go to the SQL team and ask them what performance counters they use

SCOM Maintenance Mode PowerShell

My thanks to Matt Taylor and Kevin Holman, Ralph Kyttle, and John Kavanagh for their guidance!

Updated 24 Jun 2022

Read on if these apply
Trying to start, update, or end SCOM MM

Get alerts when MM is updated
PowerShell only in your shop!
SCORCH in play but need to convert runbooks to straight PowerShell

Ran into issues using Set-SCOMMaintenanceMode, as the cmdlet doesn’t put ALL the recursive classes under Windows Computer

Background

Set-SCOMMaintenanceMode cmdlet is actually “by design.” ☹

Start-SCOMMaintenanceMode assumes you want recursive action when you start maintenance mode….

Pick a Windows Computer and it places the Windows Computer object (AND all contained objects) into MM.

Computer in MM

All contained objects in MM

However, the problem is that Set-SCOMMaintenancemode does not have an understanding of recursiveness.

Command changes the MM entry for the Windows Computer, but NOT all the contained objects. So they retain the original setting.

Health explorer looks like this, resulting in unwanted alerts

Details

NOTE these $Time and DateTime Method are dependent on the delay between running the commands
If you start MM, and wait 5 minutes, then update, the total MM duration will be ~20 minutes

Maintenance Mode options and examples

# Setup variables for MM

# Example 1 Windows Computer

$server = “Servername.FQDN”

$instance = (get-scomclass -DisplayName “Windows Computer” |Get-SCOMClassInstance | where { $_.DisplayName -eq $server } )

# Set time for 6 minutes

$Time = (Get-Date).addMinutes(6)

Start-SCOMMaintenanceMode -Instance $Instance -EndTime $Time -Comment “Starting Maintenance Mode.” -Reason “PlannedOther”

# Example 2

# Business needs require Windows Operating System monitoring to occur while Application is in maintenance

# My Example is Defender, could be SQL, MSMQ, Lync, Skype, or your custom class created for your application

$Class = (get-scomclass)
$Class | ? { $_.Name -like “*Defender*” } | fl DisplayName,Name
$Class | ? { $_.Name -like “*Defender*” } | fl DisplayName,Name

DisplayName : Protected Endpoint
Name : Microsoft.WindowsDefender.ProtectedServer

DisplayName : Protected Candidate
Name : Microsoft.WindowsDefender.ProtectedServerCandidate

DisplayName : Unprotected Endpoint
Name : Microsoft.WindowsDefender.UnprotectedServer

DisplayName : Microsoft Windows Defender Class
Name : Microsoft.Windows.Defender.Class

# Choose the class needed

$server = “Servername.FQDN”

$instance = ( $Class | ? { $_.Name -like “Microsoft.Windows.Defender*” } |Get-SCOMClassInstance | ? { $_.DisplayName -eq $server } )

# Verify Instance variable

$instance

PS C:\Users\scomadmin> $instance

HealthState     InMaintenanceMode DisplayName
———–     —————– ———–
Success               False        WFM.testlab.net

# Don’t forget to add time variable

$Time = (Get-Date).addMinutes(6)

# Start maintenance mode

Start-SCOMMaintenanceMode -Instance $Instance -EndTime $Time -Comment “Starting Maintenance Mode.” -Reason “PlannedOther”

Start, Update, End and Verify Maintenance mode syntax

# Start MM via PoSH cmdlet

Start-SCOMMaintenanceMode -Instance $Instance -EndTime $Time -Comment “Starting Maintenance Mode.” -Reason “PlannedOther”

# Start MM using method vs. PowerShell cmdlet

Note Recursive in $WCobj.ScheduleMaintenanceMode

$windowsComment=”PlannedOther”
$windowReason=”PlannedOther”
$windowsComment=”Testing Maintenance Mode”
$windowDuration=15

$server= “wfm.testlab.net”
$instance = (get-scomclass -DisplayName “Windows Computer” |Get-SCOMClassInstance | ? { $_.DisplayName -eq $server } )
$instance.ScheduleMaintenanceMode([datetime]::Now.touniversaltime(),([datetime]::Now).addminutes($windowDuration).touniversaltime(), “$windowReason”, “$windowsComment” , “Recursive”)

# Drop Recursive if you don’t want it (but can’t imagine why you would!)

# Update MM

# Make sure you’ve put object in MM

$server= “wfm.testlab.net”
$instance = (get-scomclass -DisplayName “Windows Computer” |Get-SCOMClassInstance | ? { $_.DisplayName -eq $server } )

# 15 minutes in the future
$instance.UpdateMaintenanceMode([System.datetime]::Now.touniversaltime().addminutes(15),[Microsoft.EnterpriseManagement.Monitoring.MaintenanceModeReason]::PlannedOther,[System.string]::”Adding 15 minutes to the end time.”,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::Recursive);

# Stop MM

# Make sure you’ve put object in MM

# Immediate
$instance.StopMaintenanceMode([System.DateTime]::Now.ToUniversalTime());

My thanks to Jan Nevaril

$server.StopMaintenanceMode([System.DateTime]::Now.ToUniversalTime(),“Recursive”)

Verification steps

# Verify MM

get-scommaintenancemode -ComputerName $instance.Name|fl MonitoringObjectId,StartTime,ScheduledEndTime

NOTE This will error if you’ve stopped maintenance

Example

PS C:\Users\scomadmin> get-scommaintenancemode -ComputerName $instance.Name
get-scommaintenancemode : The Data Access service is either not running or not yet initialized. Check the event log
for more information.
At line:1 char:1
+ get-scommaintenancemode -ComputerName $instance.Name
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Syste…anceModeCommand:GetSCMaintenanceModeCommand) [Get-S
COMMaintenanceMode], ServiceNotRunningException
+ FullyQualifiedErrorId : ExecutionError,Microsoft.SystemCenter.OperationsManagerV10.Commands.GetSCMaintenanceMode
Command

# Validate MM through Operations Manager Event ID’s 1215 and 1216 logged

get-eventlog -LogName “Operations Manager” | ? { $_.EventID -eq 1215 -OR $_.EventID -eq 1216 } |fl EventID,TimeGenerated,Message

# Alternate command to check latest 100 events

get-eventlog -LogName “Operations Manager” -newest 100 | ? { $_.EventID -eq 1215 -OR $_.EventID -eq 1216 } |fl EventID,TimeGenerated,Message

# Error if object NOT in MM

Cannot find an overload for “UpdateMaintenanceMode” and the argument count: “1”.

At line:1 char:1

+ $WCobj.UpdateMaintenanceMode(([System.datetime]::Now).addminutes(15). …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodException

+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

PS C:\Windows\system32>

Testing System datetime

PS C:\Windows\system32> [System.datetime]::Now.addminutes(15)

Thursday, August 24, 2017 9:18:04 AM

PS C:\Windows\system32> ([System.datetime]::Now.addminutes(15)).touniversaltime()

Thursday, August 24, 2017 2:18:16 PM

References

2012 PowerShell cmdlets https://docs.microsoft.com/en-us/previous-versions/system-center/hh920227(v=sc.20)

2016 PowerShell cmdlets https://docs.microsoft.com/en-us/powershell/module/operationsmanager/?view=systemcenter-ps-2016

2019 PowerShell cmdlets https://docs.microsoft.com/en-us/powershell/module/operationsmanager/?view=systemcenter-ps-2019

SDK

Ralph Kyttle Blog https://blogs.technet.microsoft.com/ralphkyttle/2014/11/10/scom-2012-r2-use-powershell-to-end-an-active-maintenance-mode/

DateTime Methods https://docs.microsoft.com/en-us/dotnet/api/system.datetime

SCOM 2019 Maintenance Mode
https://docs.microsoft.com/en-us/system-center/scom/manage-maintenance-mode-overview?view=sc-om-2019

MSDN MaintenanceModeReason Method https://docs.microsoft.com/en-us/previous-versions/system-center/developer/bb465591(v=msdn.10)

MSDN StopMaintenanceMode Method

UpdateMaintenanceMode Method https://docs.microsoft.com/en-us/previous-versions/system-center/developer/bb424495(v=msdn.10)

MM deluxe custom script https://gist.github.com/stegenfeldt/b3f044aa77894ed80d82f8849a48035b