Archive | Orchestrator

Generate Active Directory group with Orchestrator when new Configuration Manager 2012 Application is created

This is an example on how to automate creation of Active Directory (AD) groups with Orchestrator based on the Applications that are created in System Center Configuration Manager (SCCM). The Runbook will also rename the AD group if the application is renamed in SCCM.

This is the first Runbook in a series of Runbooks that will automate creation and deletion of AD groups and Collections in SCCM based on SCCM application administration.

Prerequisites for this Runbooks are that the Integration Pack “Execute PowerShell Script” is installed on the Runbook server and that WinRM is enabled on the SCCM 2012 server.

The Runbook

Generate AD group with SCO when new SCCM 2012 Application is created1

The Runbook will connect to SCCM with WinRM and get all applications that exist in SCCM, except the ones that are in the state expired. It will then see if the group already exist at the activity “Get Groups that contains CM ID”. It does so by checking if the SCCM Package ID exist in any AD group name. If the group does not exist in AD it will create it with the activity “Create Group”.

If the group exist the activity “Get Groups with SAMAccountName” will be ran to see if the name is the same as before. If not the group will be renamed.

Runbook breakdown

Generate AD group with SCO when new SCCM 2012 Application is created2

Command: PS Script 01

Import-Module “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1”;
Set-Location P01:
Get-CMApplication | Select-Object -Property LocalizedDisplayName, PackageID, IsExpired | % {If ($_.IsExpired -eq $False) {$_.PackageID +”,”+ $_.LocalizedDisplayName}}

Generate AD group with SCO when new SCCM 2012 Application is created3 Generate AD group with SCO when new SCCM 2012 Application is created4 Generate AD group with SCO when new SCCM 2012 Application is created5 Generate AD group with SCO when new SCCM 2012 Application is created6 Generate AD group with SCO when new SCCM 2012 Application is created7 Generate AD group with SCO when new SCCM 2012 Application is created8 Generate AD group with SCO when new SCCM 2012 Application is created9 Generate AD group with SCO when new SCCM 2012 Application is created10

0

Send SCSM E-Mail with different sender (from) addresses

If there is a need to send E-Mail with different sender (from) addresses using Send E-Mail (http://gallery.technet.microsoft.com/Service-Manager-SendEmail-8171ba70) this could be the solution for you.

In the example Send E-Mail will be used as normal with the difference that it will not send the E-Mail with the workflow. Instead the workflow will load an Incident template and use Orchestrator for sending the E-Mail.

This is how the solution works

First start by importing the Management Pack Bundle for Send E-Mail. Then create some Message Types by edit the list Message Type that was created by the Send E-Mail Management Pack (MP).

When the Send E-Mail functionality is imported go on by extending the Incident class by adding a Boolean property called “SendEmailSent”. This property will hold the information if the E-Mail has been sent or not. Below is a figure that shows how it looks like at the Incident form.

Send SCSM E-Mail with different sender (from) addresses1

After the Incident class is extended an Incident template has to be created and the property, just created, “SendEmailSent” has to be put to False. Below is a figure that shows how it looks like at the Incident template.

Send SCSM E-Mail with different sender (from) addresses2

Then next step is to continue with the configuration of Send E-Mail by creating the workflows. When creating the Incident Event Workflow, as described in the Send E-Mail documentation, do not check the box for “Enable Notification” under “Select People to Notify”. Instead check the “Apply the following template” under “Select Incident Template” and point out the Incident template created earlier. This will load the property “SendEmailSent” to False when an E-Mail is sent by Send E-Mail.

 Below is figures that shows how it looks like at the Incident Event Workflow.

Send SCSM E-Mail with different sender (from) addresses3

Send SCSM E-Mail with different sender (from) addresses4

When the steps above are done continued to follow the Send E-Mail documentation and changed the XML parts in the MP and import it again.

Now all the parts in Service Manager are done and it is time to create a Runbook in Orchestrator.

The Runbook will look as this when done.

Send SCSM E-Mail with different sender (from) addresses5

This is how all the activities are configured.

Monitor Send Email Sent

Send SCSM E-Mail with different sender (from) addresses6

Get Message Type and Message Properties

Send SCSM E-Mail with different sender (from) addresses7

If Mail to address mail1@lab.se

Send SCSM E-Mail with different sender (from) addresses8

Get Affected User mail1 – For Inspiration on how to create this Runbook check the post: Get Affected User from Incident

Send SCSM E-Mail with different sender (from) addresses9

Mail to address mail1@lab.se

Send SCSM E-Mail with different sender (from) addresses10

Set Send Email Sent to True

Send SCSM E-Mail with different sender (from) addresses11

0

Locale and date formate prerequisites for using Orchestrator Integration Pack for Service Manager 2012

As a swede I often work with Swedish customers. And quite often I see that the locale and date format is configured for Sweden when using the Orchestrator Integration Pack for Service Manager 2012. This is just a reminder post that the supported configuration is to use ENU Locale and U.S. English date format.

For more information please read http://technet.microsoft.com/en-us/library/hh832008.aspx

Information copied from link above.
The Service Manager IP is supported for use only on computers set to use:
The ENU Locale
– The U.S. English date format (month/day/year)

2

Rename home folders for disabled Active Directory users with Orchestrator

This Orchestrator Runbooks displays an example on how to rename home folders for every disabled user in Active Directory. Every disabled user home folder will be renamed to “foldername_<todays date>” by these Runbooks.

The Runbooks will log to a text file but the recommendation is to log to a database instead if logging is needed.

To get the Runbooks working you will need to have the Active Directory PowerShell module installed on the Runbook server. The alternative way, and probably better, is to execute the PowerShell command on a remote server that have the Active Directory PowerShell module.

The Runbook also assumes that the home folder structure is very simple with the home folders named after the users SamAccountName (Ex: \\fileserver\home$\jonand).

To test this Runbooks you will need to change the “Variables” activity and the credentials in the activity “Map Homfolder Path” at the Runbook “1.2 Rename Folders”. You will also need to create a “c:\tmp” directory for the logs.

Runbook to find all disabled users in Active Directory

 Rename home folders for disabled Active Directory users1

Explanation of Runbook activities

Activity – Disabled Users
Import-Module ActiveDirectory
$DisabledUsers = Search-ADAccount -AccountDisabled
 
Activity – Get SamAccountName
$DistinguishedName = “{DisabledUsers from “Disable“{DisabledUsers from “d Users”}”
$DistinguishedNameSplitOne = $DistinguishedName.Split(“=”)
$DistinguishedNameSplitTwo = $DistinguishedNameSplitOne[1].Split(“,”)
$SamAccountName = $DistinguishedNameSplitTwo[0]

Rename home folders

  Rename home folders for disabled Active Directory users2

Explanation of Runbook activities

Activity – Check if Mapped Drive
$FolderExist = Test-Path -Path “{HomeFolderPath from “Variables”}”

Activity – Check if Folder Exist
$FolderExist = Test-Path -Path “{HomeFolderPath from “Variables”}\{HomeFolderName from “Initialize Data”}”

Activity – Rename Folder
Rename-Item “{HomeFolderPath from “Variables”}\{HomeFolderName from “Initialize Data”} {HomeFolderPath from “Variables”}\{HomeFolderName from “Initialize Data”}_{Format Result from “Format Date/Time”}”

Activity – Check if Rename Folder was Successful
$FolderExist = Test-Path -Path “{HomeFolderPath from “Variables”}\{HomeFolderName from “Initialize Data”}_{Format Result from “Format Date/Time”}”

Download Runbook: RenameHomeFoldersForDisabledUsers

0