So my lab is all setup. Now before starting to manage Objects (Computers, Users etc. ) we need to discover them.
Note - To manage ConfiMgr using PowerShell one needs the ConfigrationManger Module (this is available after you install Admin Console on a Client/ Server) loaded in the session, which can be done in two ways:
AD System Discovery [Logfile : Adsysdis.log ]
I found out that the Set-CMDiscovery Cmdlet does have a parameter named -ActiveDirectoryContainer but it throws an error when you use that so I went ahead and did it using CIM Cmdlets ;)
Note that the schedule in which discovery is running in my Environment are very short durations...it's just my Lab environment you shouldn't do that in a Production as it could be overwhelming for the Site Servers to process the discovery data.
Code is below:
Below is one of the Screenshots...not putting every screen up now. You can verify it in your environment. Play with the Script code a bit and you would explore what various values do.
AD User Discovery [Logfile : Adusrdis.log ]
Based on pretty much what is done with the AD Sys Discovery the PowerShell code is similar. Code is below
Network [LogFile : NetDisc.log ] & HeartBeat Discovery [ LogFile : InventoryAgent.log (Client Side)]
Code below:
Now, this past week was interesting as I was reading the ConfigMgr SDK to figure out most of the things like setting AD Container for User/ System discovery but in the end it was lot of experimenting that made it work.
Also after you make changes to the Discovery methods, they won't reflect until you restarted the Component Manager service on the SCCM Server. This took me little time to figure out. Once you do this the relevant log files will spawn up or have the relevant entries about the run.
I must say I had my share of fun figuring things out...am hoping for more learning in next few weeks when I dive deep into the ConfigMgr SDK ;)
If you want to read more on Discovery in ConfigMgr, you can browse to this link.
For this post am trying to automate things done in this post at Windows-Noob.
Note - To manage ConfiMgr using PowerShell one needs the ConfigrationManger Module (this is available after you install Admin Console on a Client/ Server) loaded in the session, which can be done in two ways:
- You can open a PowerShell session and import the ConfigurationManager module.
- Using ConfigMgr Admin Console you get an option to connect using PowerShell which essentially does the same thing done in above step.
Import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1"
Note: To run all the CM Cmdlets your location needs to be set to the CMSite and properties you reference are case sensitive. Below is the Screenshot showing that :
Now see the Property Reference thing I was referring to:
[I tried Implicit Remoting but the the PSDrive for the CMSite won't load on the PSSession while importing the Module.]
Step1 : Enable Discovery Methods
The Cmdlet used to work with configuring Discovery methods is:
AD Forest Discovery [LogFile - ADForestDisc.log] : With ConfigMgr 2012 this is a new discover methods added which discovers AD Sites, Subnets and domains and gives an option to automatically create Boundaries based on it.
Set-CMDiscoveryMethod
If you go and have a look at the Online help page for the cmdlet you will see that the parameter set names and the parameters are really very descriptive.
AD Forest Discovery [LogFile - ADForestDisc.log] : With ConfigMgr 2012 this is a new discover methods added which discovers AD Sites, Subnets and domains and gives an option to automatically create Boundaries based on it.
To enable it using PowerShell and run it ASAP the code is below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region Active Directory Forest Discovery | |
| #create a Schedule Token | |
| $Schedule = New-CMSchedule -RecurInterval Days -RecurCount 7 | |
| #Enable the Active Directory Forest Discovery | |
| Set-CMDiscoveryMethod -ActiveDirectoryForestDiscovery -SiteCode DEX -Enabled:$true -PollingSchedule $Schedule -EnableActiveDirectorySiteBoundaryCreation:$true -EnableSubnetBoundaryCreation:$true | |
| #To run AD Forest Disovery now | |
| Invoke-CMForestDiscovery -SiteCode DEX -Verbose | |
| #endregion Active Directory Forest Discovery |
So after this hit refresh on the ConfigMgr console and the changes reflect.
AD Group Discovery [Logfile - Adsgdis.log] :
BTW run this discovery method after you have run the AD System and User discovery as it creates partial DDR for the Computers and Users part of the Groups. Read more here.
I did hit a little bump while trying to configure this discovery, at first was able to configure all options properly except the one to set Discovery Scopes. Later on was able to do that after digging deep into the ConfigMgr SDK , trying out things via GUI to analyze them and found out that it is way easy to do in PowerShell by just issuing few CIM calls :)
Below is the code :
The Screenshots after running the above cmdlet:
AD Group Discovery [Logfile - Adsgdis.log] :
BTW run this discovery method after you have run the AD System and User discovery as it creates partial DDR for the Computers and Users part of the Groups. Read more here.
I did hit a little bump while trying to configure this discovery, at first was able to configure all options properly except the one to set Discovery Scopes. Later on was able to do that after digging deep into the ConfigMgr SDK , trying out things via GUI to analyze them and found out that it is way easy to do in PowerShell by just issuing few CIM calls :)
Below is the code :
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region AD Group Discovery | |
| #set the Discovery Scopes | |
| $GroupDiscovery = get-ciminstance -classname SMS_SCI_Component -filter 'componentname ="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT"' | |
| $ADContainerProp = $GroupDiscovery.PropLists | where {$_.PropertyListName -eq "AD Containers" } | |
| $ADContainerProp.Values = "dex test",0,0,1 #Name, Type Setting (Location [0] or Group [1]),Recursive,don't know what this does | |
| #need to add new Embedded Property to the Props specifying the Search Base...we can overwrite the already existing one too. | |
| $NewProp = New-CimInstance -ClientOnly -Namespace "root/sms/site_dex" -ClassName SMS_EmbeddedPropertyList -Property @{PropertyListName="Search Bases:dex test";Values=[string[]]"LDAP://DC=dexter,DC=com"} | |
| $GroupDiscovery.PropLists += $NewProp | |
| #set the Changes back to the CIM Instance | |
| get-ciminstance -classname SMS_SCI_Component -filter 'componentname ="SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT"' | Set-CimInstance -Property @{PropLists=$GroupDiscovery.PropLists} | |
| #Use the Cmdlet to configure rest of the options | |
| Set-CMDiscoveryMethod -SiteCode DEX -ActiveDirectoryGroupDiscovery -Enabled $true -EnableDeltaDiscovery $true -DeltaDiscoveryIntervalMinutes 5 -EnableFilteringExpiredLogon $true -TimeSinceLastLogonDays 90 -EnableFilteringExpiredPassword $true -TimeSinceLastPasswordUpdateDays 90 -DiscoverDistributionGroupsMembership $true | |
| #need to restart the Component Manager Service ..to reflect the changes | |
| (Get-Service SMS_SITE_COMPONENT_MANAGER -ComputerName dexsccm).stop() | |
| Start-Sleep -Seconds 10 | |
| (Get-Service SMS_SITE_COMPONENT_MANAGER -ComputerName dexsccm).start() | |
| #endregion AD Group Discovery | |
The Screenshots after running the above cmdlet:
AD System Discovery [Logfile : Adsysdis.log ]
I found out that the Set-CMDiscovery Cmdlet does have a parameter named -ActiveDirectoryContainer but it throws an error when you use that so I went ahead and did it using CIM Cmdlets ;)
Note that the schedule in which discovery is running in my Environment are very short durations...it's just my Lab environment you shouldn't do that in a Production as it could be overwhelming for the Site Servers to process the discovery data.
Code is below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region AD System Discovery | |
| #Set the System Discovery | |
| $Schedule = New-CMSchedule -Start "2014/02/13 20:20:00" -RecurInterval minutes -RecurCount 10 | |
| Set-CMDiscoveryMethod -SiteCode DEX -ActiveDirectorySystemDiscovery -Enabled $true -EnableFilteringExpiredLogon $true -TimeSinceLastLogonDays 90 -EnableFilteringExpiredPassword $true -TimeSinceLastPasswordUpdateDays 90 -PollingSchedule $Schedule | |
| #To set the AD Containers | |
| $Sysdiscovery = get-ciminstance -classname SMS_SCI_Component -filter 'componentname ="sms_ad_system_discovery_agent"' | |
| $ADContainerProp =$Sysdiscovery.PropLists | where {$_.PropertyListName -eq "AD Containers" } | |
| $ADContainerProp.Values = "LDAP://CN=System,DC=Dexter,DC=Com",1,1 # Ldap path of the Container, Recursive search, Discover objects within groups | |
| #set the changes back to the CIM Instance | |
| Get-CimInstance -classname SMS_SCI_Component -filter 'componentname ="sms_ad_system_discovery_agent"' | Set-CimInstance -Property @{PropLists=$Sysdiscovery.PropLists} | |
| #need to restart the Service | |
| (Get-Service SMS_SITE_COMPONENT_MANAGER -ComputerName dexsccm).stop() | |
| Start-Sleep -Seconds 10 | |
| (Get-Service SMS_SITE_COMPONENT_MANAGER -ComputerName dexsccm).start() | |
| #endregion AD System Discovery | |
Below is one of the Screenshots...not putting every screen up now. You can verify it in your environment. Play with the Script code a bit and you would explore what various values do.
AD User Discovery [Logfile : Adusrdis.log ]
Based on pretty much what is done with the AD Sys Discovery the PowerShell code is similar. Code is below
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region AD User Discovery | |
| $UserDiscovery = get-ciminstance -classname SMS_SCI_Component -filter 'componentname ="SMS_AD_USER_DISCOVERY_AGENT"' | |
| $ADContainerProp =$UserDiscovery.PropLists | where {$_.PropertyListName -eq "AD Containers" } | |
| #Play with thr Values here a bit and see what gets reflected in the ConfigMgr Console | |
| $ADContainerProp.Values = "LDAP://CN=Users,DC=Dexter,DC=Com",0,0 | |
| Get-CimInstance -classname SMS_SCI_Component -filter 'componentname ="SMS_AD_USER_DISCOVERY_AGENT"' | Set-CimInstance -Property @{PropLists=$UserDiscovery.PropLists} | |
| $Schedule = New-CMSchedule -Start "2014/02/15 12:00:10" -RecurInterval Minutes -RecurCount 10 | |
| Set-CMDiscoveryMethod -ActiveDirectoryUserDiscovery -SiteCode DEX -Enabled $true -PollingSchedule $Schedule -EnableDeltaDiscovery $true -DeltaDiscoveryIntervalMinutes 10 | |
| #need to restart the Service | |
| (Get-Service SMS_SITE_COMPONENT_MANAGER -ComputerName dexsccm).stop() | |
| Start-Sleep -Seconds 10 | |
| (Get-Service SMS_SITE_COMPONENT_MANAGER -ComputerName dexsccm).start() | |
| #endregion AD User Discovery | |
Network [LogFile : NetDisc.log ] & HeartBeat Discovery [ LogFile : InventoryAgent.log (Client Side)]
Code below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region HeartBeat Discovery | |
| $Schedule = New-CMSchedule -Start "2014/02/16 10:30:00" -DurationInterval Minutes -DurationCount 10 | |
| Set-CMDiscoveryMethod -Heartbeat -SiteCode DEX -Enabled $True -PollingSchedule $Schedule | |
| #endregion HeartBeat Discovery | |
| #region Network Discovery | |
| Set-CMDiscoveryMethod -NetworkDiscovery -SiteCode DEX -NetworkDiscoveryType Topology -Enabled $true | |
| #endregion Network Discovery |
Now, this past week was interesting as I was reading the ConfigMgr SDK to figure out most of the things like setting AD Container for User/ System discovery but in the end it was lot of experimenting that made it work.
Also after you make changes to the Discovery methods, they won't reflect until you restarted the Component Manager service on the SCCM Server. This took me little time to figure out. Once you do this the relevant log files will spawn up or have the relevant entries about the run.
I must say I had my share of fun figuring things out...am hoping for more learning in next few weeks when I dive deep into the ConfigMgr SDK ;)