In SCOM there is no straight forward way to list all the groups of a given computer object. In last few days I worked extensively on SCOM and hit with this requirement of knowing the groups to which a computer account belongs. We can use some SQL queries to list the groups but I felt having a powershell code will be much more useful and wrote the below function.
You need to make sure that you are executing this script from SCOM operator shell. Otherwise it will fail as it is using SCOM PS cmdlets. We can make the script from a normal PS windows as well but that needs some more effort which I want to put in at later stage.
Another good thing with this script is, it fetches the nested groups as well.
Code:
function Get-GroupNames {
[cmdletbinding()]
param($computerFQDN)
$containmentRel = Get-RelationshipClass -name:’Microsoft.SystemCenter.InstanceGroupContainsEntities’
$computerClass = Get-MonitoringClass -name:”Microsoft.Windows.Computer”
$criteria = [string]::Format(“PrincipalName = ‘{0}'”,$computerFQDN)
try {
$computer = Get-MonitoringObject -monitoringClass:$computerClass -criteria:$criteria
$relatedObjects = $computer.GetMonitoringRelationshipObjectsWhereTarget($containmentRel,[Microsoft.EnterpriseManagement.Configuration.DerivedClassTraversalDepth]::Recursive,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::Recursive)
}
catch {
$_
write-host “An error occurred while querying groups of $computerFQDN”
}foreach($group in $relatedObjects)
{
[array]$Groups = $groups + $group.SourceMonitoringObject.DisplayName
}
if($groups) {
return $groups
} else {
write-host “No groups available for $computerFQDN”
}
}
Usage:
Get-GroupName -ComputerFQDN myserver1
Hope this helps….
Comments on this entry are closed.
I came across a nice post about listing members of SCOM group using powershell. Please refer to http://om2012.wordpress.com/2012/02/01/opsmgr-2007-powershell-list-group-members for more details.
Does this script work for both SCOM 2007 SP1 and SCOM 2007 R2 or just one/other?
I can’t get it two work in my SCOM 2007 SP1 environment. It keeps giving me the error:
Get-MonitoringObject : A property name in the ‘Criteria’ parameter is unknown.
At line:8 char:33
+ $computer = Get-MonitoringObject <<<< -monitoringClass:$computerClass -criteria:$criteria
+ CategoryInfo : InvalidArgument: (PrincipalName =…cas.pddi.local’:String) [Get-MonitoringObject],
ObjectNotFoundException
+ FullyQualifiedErrorId : InvalidParameter,Microsoft.EnterpriseManagement.OperationsManager.ClientShell.GetMon
itoringObjectCmdlet
You cannot call a method on a null-valued expression.
At line:9 char:72
+ $relatedObjects = $computer.GetMonitoringRelationshipObjectsWhereTarget <<<< ($containmentRel,[Microsoft.Enterpri
seManagement.Configuration.DerivedClassTraversalDepth]::Recursive,[Microsoft.EnterpriseManagement.Common.TraversalD
epth]::Recursive)
+ CategoryInfo : InvalidOperation: (GetMonitoringRe…ectsWhereTarget:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
An error occurred while querying groups of wilmonit01.americas.pddi.local
No groups available for wilmonit01.americas.pddi.local
Regards,
Sven
Sven,
Not sure if you fixed this yet, but you can use the following slight modification to get past your error..
/Snip
function Get-ScomGroupNames {
[cmdletbinding()]
param($computerFQDN)
$containmentRel = Get-RelationshipClass -name:’Microsoft.SystemCenter.InstanceGroupContainsEntities’
$computerClass = Get-MonitoringClass -name:”Microsoft.Windows.Computer”
$criteria = [string]::Format(“PrincipalName LIKE ‘{0}’”,$computerFQDN)
try {
write-host criteria is $criteria
$computer = Get-MonitoringObject -monitoringClass:$computerClass -criteria $criteria
$relatedObjects = $computer.GetMonitoringRelationshipObjectsWhereTarget($containmentRel,[Microsoft.EnterpriseManagement.Configuration.DerivedClassTraversalDepth]::Recursive,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::Recursive)
}
catch
{
$_
write-host “An error occurred while querying groups of $computerFQDN”
}
foreach($group in $relatedObjects)
{
[array]$Groups = $groups + $group.SourceMonitoringObject.DisplayName
}
if($groups)
{
return $groups
}
else
{
write-host “No groups available for $computerFQDN”
}
}
/end snip
Hi
I tried this in scom 2012 and it didnt work. Is there some changes I need to make for the script to work in scom 2012?
Here is a modified version that returns the groups a server belongs to and the subs that those groups are in:
param ($rootMS, $computerFQDN)
add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client” -ErrorVariable errSnapin ;
set-location “OperationsManagerMonitoring::” -ErrorVariable errSnapin ;
new-managementGroupConnection -ConnectionString:$rootMS -ErrorVariable errSnapin ;
set-location $rootMS -ErrorVariable errSnapin ;
$containmentRel = Get-RelationshipClass -name:’Microsoft.SystemCenter.InstanceGroupContainsEntities’
$computerClass = Get-MonitoringClass -name:”Microsoft.Windows.Computer”
$criteria = “PrincipalName='” + $computerFQDN + “‘”
$computer = Get-MonitoringObject -monitoringClass:$computerClass -criteria:$criteria
$relatedObjects = $computer.GetMonitoringRelationshipObjectsWhereTarget($containmentRel,[Microsoft.EnterpriseManagement.Configuration.DerivedClassTraversalDepth]::Recursive,[Microsoft.EnterpriseManagement.Common.TraversalDepth]::Recursive)
foreach($group in $relatedObjects)
{
#$group.SourceMonitoringObject.DisplayName
Write-Host “——————–”
Write-Host “Group:” $group.SourceMonitoringObject.DisplayName
Write-Host “Subs:”
Get-NotificationSubscription | Where-Object {$_.Configuration.MonitoringObjectGroupIds -Like $group.SourceMonitoringObject.Id} | Select DisplayName
[Array]$Groups = $groups + $group
}
Working on SCOM 2012R2:
## FQDN
$computerFQDN = “computerFQDN”
## Get SCOM object # MonitoringObject (Microsoft.EnterpriseManagement.Monitoring.PartialMonitoringObject)
$computer = Get-SCOMClassInstance -Class $computerClass | Where-Object {($_.FullName -eq $computerFQDN) -or ($_.Name -eq $computerFQDN)}
## Relationship classes
# Microsoft.SystemCenter.ComputerGroupContainsComputer – Group contains Computers – Groups that contain only computers
$relation1 = Get-SCOMRelationship -Name “Microsoft.SystemCenter.ComputerGroupContainsComputer”
# Microsoft.SystemCenter.InstanceGroupContainsEntities – Contains Entities – Relationship between an instance group and the entities that it contains
$relation2 = Get-SCOMRelationship -Name “Microsoft.SystemCenter.InstanceGroupContainsEntities”
## Get SCOM Groups
Get-SCOMRelationshipInstance -TargetInstance $computer | Where-Object {!$_.isDeleted -and
( ($_.RelationshipId -eq $relation1.Id) -or ($_.RelationshipId -eq $relation2.Id) )} `
| Sort-Object SourceObject | Out-GridView
Sorry, I forgot to add at the very beginning:
## Get Windows Computer class
$computerClass = Get-SCOMClass -Name “Microsoft.Windows.Computer”
Thx Hubo!! Works well.
John Bradshaw
Hi
is there a working version for SCOM2019 ?
thanks
The same approach should work for SCOM 2019 too. Any challenges you are seeing with that?