Le blog technique

Toutes les astuces #tech des collaborateurs de PI Services.

#openblogPI

Voir tous les articles

Retrouvez les articles à la une

AD Connect : La commande interdite ou comment mettre en pause les synchronisations

par | 25 Sep 2020 | , ,

Dans certains cas de figure nous avons besoin de mettre en pause les synchronisations entre Active Directory et son Azure AD (par exemple: une montée de version du client AD Connect, une modification des droits d’accès du compte de synchro, modification des règles de synchronisation…).

Dans l’ensemble rien de bien compliqué mais dans les faits… L’utilisation de la mauvaise cmdlet Powershell peut vous mettre dans l’embarras si ce n’est plus.

En effet pour stopper les cycles de synchronisation entre l’Active Directory et Azure AD plusieurs commandes sont possibles.

La commande A NE PAS UTILISER

Set-MsolDirSyncEnabled -EnableDirSync $false

Cette commande ne doit pas être utilisée, en cas d’utilisation vous devrez attendre 72 heures avant de pouvoir rétablir le service!!!!

 

La commande utilisable

Set-ADSyncScheduler -SyncCycleEnabled $false

Une fois votre opération réalisée, vous pourrez réactiver les synchronisations en utilisant la commande ci-dessous.

Set-ADSyncScheduler -SyncCycleEnabled $true

 

Bonne modification sur vos configurations.

 

SCOM – Script – Exemple d’inventaire avec les classes « Principales ».

par | 10 Sep 2020 | , , ,

L’idée du script ci-dessous est de proposer une forme d’inventaire des applications couvertes par une infra SCOM, en utilisant une liste, a maintenir, des principales classes d’objets tel que  ‘Active Directory Domain Controller Computer Role’  ou encore ‘IIS Server Role’.

Il est donc necessaire de maintenir un minimum dans le temps, le contenu de $ClassList, et la correspondance faites entre les pattern de nom de classes et les application correspondantes.

SCOM_Inventory_with_Main_Classes.ps1 (12,71 kb)

 

### SCOM INVENTORY USING APPLICATION MAIN CLASS ###


#Parameters
Param(
$MS= "MyMS.MyDomain",
$cred = $(Get-Credential "MyDomain\")
)


# List of all 'Top' Classes for which we need to get instances
$ClassList=(
# ACTIVE DIRECTORY
'Active Directory Domain Controller Computer Role',` # ACTIVE DIRECTORY
'Certificate Service',  # ACTIVE DIRECTORY CERTIFICATE SERVICES
'Federation Server',    # ACTIVE DIRECTORY FEDERATION SERVICES 

# CITRIX
'Managed Citrix Presentation Server',  # CITRIX


# EXCHANGE
'Microsoft Exchange 2010 Server', # EXCHANGE
'Exchange 2007 Server Role', # EXCHANGE
'Exchange 2013 Server', # EXCHANGE

# LYNC/SKYPE
'LS Server Role', # LYNC/SKYPE

# SHAREPOINT
'SharePoint Server', # SHAREPOINT

# SQL
'SQL Server 2008 DB Engine', # SQL (SQL 2008)
'SQL Server 2012 DB Engine', # SQL (SQL 2012)
'SQL Server 2014 DB Engine', # SQL (SQL 2014)
'SQL Server 2016 DB Engine', # SQL (SQL 2016)
'MSSQL on Windows: DB Engine', # SQL (SQL 2017+)

# SQL SSIS
'SQL Server 2014 Integration Services', # SQL SSIS (SQL 2014)
'SQL Server 2016 Integration Services', # SQL SSIS (SQL 2016)
'MSSQL on Windows Integration Services: Local Instance', # SQL SSIS (SQL 2017+)

# SQL SSAS
'SSAS 2008 Instance', # SQL SSAS (SQL 2008)
'SSAS 2012 Instance', # SQL SSAS (SQL 2012)
'SSAS 2014 Instance', # SQL SSAS (SQL 2014)
'SSAS 2016 Instance', # SQL SSAS (SQL 2016)
'MSSQL Analysis Services: Generic Instance', # SQL SSAS (SQL 2017+)

# SQL SSRS
'Microsoft SQL Server 2008 Reporting Services (Native Mode)', # SQL SSRS (SQL 2008)
'Microsoft SQL Server 2012 Reporting Services (Native Mode)', # SQL SSRS (SQL 2012)
'Microsoft SQL Server 2014 Reporting Services (Native Mode)', # SQL SSRS (SQL 2014)
'Microsoft SQL Server 2016 Reporting Services (Native Mode)', # SQL SSRS (SQL 2016)
'MSSQL Reporting Services: Instance (Native Mode)' , # SQL SSRS (SQL 2017)

# WINDOWS CLUSTER NODES
'Cluster Node', # WINDOWS CLUSTER

# IIS
'IIS Server Role', # IIS

# WINDOWS PRINT SERVER
'Print Services Role', # WINDOWS PRINT SERVER

# WINDOWS DNS
'Windows DNS Server', # WINDOWS DNS

# WSUS
'WSUS 3.0 Server', # WSUS
'Microsoft Windows Server Update Services 2012 R2', # WSUS
'Microsoft Windows Server Update Services 2016' # WSUS


  
)


#Import of SCOM module
try
{
Import-Module -Name OperationsManager -ErrorAction stop
}
catch
{
write-host -ForegroundColor red "Error during import of SCOM Module"
}

#Connection to $MS management server
New-SCOMManagementGroupConnection -ComputerName $MS -Credential $cred



# Create an empty tableau
$Finaltableau = @()


# Get All Instances for each class
foreach ($classname in $ClassList)
{

    
    $class = Get-SCOMClass -DisplayName $classname

    # If class is found we can go on  
    If($class)
    {
    


                $instances += Get-SCOMClassInstance -Class $class -ErrorAction SilentlyContinue



                foreach ($inst in $instances)
                {

                $obj = New-Object psobject


                    switch -Regex ($classname)
                    {
                    # ACTIVE DIRECTORY
                    "Active Directory Domain Controller Computer Role"  
                                            {

                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "ACTIVE DIRECTORY"
                                            }
    
    
                    # ACTIVE DIRECTORY CERTIFICATE SERVICES
                    "Certificate Service"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.displayname
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "ACTIVE DIRECTORY CERTIFICATE SERVICES"
                                            }


                    # ACTIVE DIRECTORY FEDERATION SERVICES
                    "Federation Server"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.displayname
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "ACTIVE DIRECTORY FEDERATION SERVICES"
                                            }


                    # CITRIX
                    ".*Citrix.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.displayname
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "CITRIX"
                                            }

                    
                    
                    # EXCHANGE
                    ".*Exchange.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.displayname
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "EXCHANGE"
                                            }          
                    
                    
                    # LYNC/SKYPE
                    ".*LS Server.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "LYNC/SKYPE"
                                            }          



                    # SHAREPOINT
                    ".*sharepoint.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "SHAREPOINT"
                                            }          




                    # SQL DB ENGINE
                    "SQL Server.*DB Engine"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "SQL"
                                            }          



                    
                    "MSSQL on Windows: DB Engine"
   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.'[Microsoft.SQLServer.Windows.DBEngine].PrincipalName'.value
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "SQL"
                                            }          





                    # SQL BI
                    ".*(SQL Server.*Integration Services|Analysis Services|Reporting Services|SSAS).*"
                       
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "SQL BI"
                                            }          


                    
                    "MSSQL on Windows Integration Services: Local Instance"
                                            
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.'[Microsoft.SQLServer.IS.Windows.LocalInstance].PrincipalName'.value
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "SQL BI"
                                            }      






                    # WINDOWS CLUSTER
                    ".*Cluster Node.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.DisplayName
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "WINDOWS CLUSTER"
                                            }          




                    # IIS
                    ".*IIS Server Role.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "IIS"
                                            }          




                    # WINDOWS PRINT SERVER
                    ".*Print Services Role.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "WINDOWS PRINT SERVER"
                                            }          




                    # WINDOWS DNS
                    ".*Windows DNS Server.*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "WINDOWS DNS"
                                            }          




                    # WSUS
                    ".*(Windows Server Update|WSUS).*"   
                                            {
                                            $obj | Add-Member -Name "COMPUTER" -membertype Noteproperty -Value $inst.Path
                                            $obj | Add-Member -Name "CLASS" -membertype Noteproperty -Value $classname
                                            $obj | Add-Member -Name "MAIN ROLE" -membertype Noteproperty -Value "WSUS"
                                            }          



                    }



                $Finaltableau += $obj

                }

    }


    Else
    {
    $ClassError = "'$classname' class was not found`n"
     
    }



# Clear of $instances variable for each $classname loop
Clear-Variable instances

}



# Display Final Result
$Finaltableau



# Display If some class was not found
If ($ClassError)
{
Write-Host -F Red "SOME CLASSES WAS NOT FOUND:`n$ClassError"
}

 

 

SCOM – Script de mode maintenance depuis une liste

par | 17 Août 2020 | , ,

Le script ci-dessous est une version un peu avancée avec des fonctions de log et de vérification.

SetInstanceFromFileInMM.txt (5,99 kb)

 

# SET MULTIPLE CLASS INSTANCE FROM LIST, IN MAINTENANCE MODE.

#Parametres
Param(
$ClassName="Microsoft.Windows.Computer", # Name of Class (Not DisplayName to avoid system language differences) 
$MS= "MyMS.Mydomain.com", # Target Management Server
$cred = $(Get-Credential),
$HostFilePath="C:\HostMM.txt", # List of Host to put in Maintenance Mode
$Duration="10", # Duration in minutes (min: 5 minutes)
$LogPath = "C:\MMlog.txt" # Path of Log file
)



function Write-Log 
{ 
    [CmdletBinding()] 
    Param 
    ( 
        [Parameter(Mandatory=$true, 
                   ValueFromPipelineByPropertyName=$true)] 
        [ValidateNotNullOrEmpty()] 
        [Alias("LogContent")] 
        [string]$Message, 
 
        [Parameter(Mandatory=$false)] 
        [Alias('LogPath')] 
        [string]$Path=$LogPath, 
         
        [Parameter(Mandatory=$false)] 
        [ValidateSet("Error","Warn","Info")] 
        [string]$Level="Info", 
         
        [Parameter(Mandatory=$false)] 
        [switch]$NoClobber 
    ) 
 
    Begin 
    { 
        # Set VerbosePreference to Continue so that verbose messages are displayed. 
        $VerbosePreference = 'Continue' 
    } 
    Process 
    { 
         
        # If the file already exists and NoClobber was specified, do not write to the log. 
        if ((Test-Path $Path) -AND $NoClobber) { 
            Write-Error "Log file $Path already exists, and you specified NoClobber. Either delete the file or specify a different name." 
            Return 
            } 
 
        # If attempting to write to a log file in a folder/path that doesn't exist create the file including the path. 
        elseif (!(Test-Path $Path)) { 
            Write-Verbose "Creating $Path." 
            $NewLogFile = New-Item $Path -Force -ItemType File 
            } 
 
        else { 
            # Nothing to see here yet. 
            } 
 
        # Format Date for our Log File 
        $FormattedDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 
 
        # Write message to error, warning, or verbose pipeline and specify $LevelText 
        switch ($Level) { 
            'Error' { 
                Write-Error $Message 
                $LevelText = 'ERROR:' 
                } 
            'Warn' { 
                Write-Warning $Message 
                $LevelText = 'WARNING:' 
                } 
            'Info' { 
                Write-Verbose $Message 
                $LevelText = 'INFO:' 
                } 
            } 
         
        # Write log entry to $Path 
        "$FormattedDate $LevelText $Message" | Out-File -FilePath $Path -Append 
    } 
    End 
    { 
    } 
}


# Initiate Log File
$message = "------ START OF MAINTENANCE MODE LOG ------`n`n"
Write-Log -Message $message -Path $LogPath -Level Info -ErrorAction SilentlyContinue


#Check that Host list file exist
if (!(Test-Path -Path $HostFilePath))
    {
    $message = "Unable to find Host list file`n"
    write-host -ForegroundColor red $message
    Write-Log -Message $message -Path $LogPath -Level Error -ErrorAction SilentlyContinue
    exit 1
    }


# Store content of file
$HostList = Get-Content -Path $HostFilePath


#Import of SCOM module
try
{
Import-Module -Name OperationsManager -ErrorAction stop
}
catch
{
$message = "Error during import of SCOM PS module`n"
write-host -ForegroundColor red $message
Write-Log -Message $message -Path $LogPath -Level Error -ErrorAction SilentlyContinue
exit 1
}


#Connection to management server $MS
try
{
New-SCOMManagementGroupConnection -ComputerName $MS -Credential $cred
}
catch
{
$message = "Error during connection to $MS`n"
write-host -ForegroundColor red $message
Write-Log -Message $message -Path $LogPath -Level Error -ErrorAction SilentlyContinue
exit 1
}
 

# Set Start/End Time upon Duration 
$startTime = [DateTime]::Now
$endTime = $startTime.AddMinutes($Duration)


# Get the class
$Class = Get-SCOMClass | where-object {$_.Name -eq $ClassName} -ErrorAction Stop

If ($Class -eq $null)
    {
    $message = "Unable to find `"$ClassName`" Class`n"
    write-host -ForegroundColor red $message
    Write-Log -Message $message -Path $LogPath -Level Error -ErrorAction SilentlyContinue
    exit 1
    }



# Get the instances where displayname match content of $HostList
$Instances = Get-SCOMClassInstance -Class $Class | Where-Object {`
$_.Displayname -in $HostList 
} -ErrorAction Stop

If ($Instances -eq $null)
    {
    $message = "Unable to find instances of `"$ClassName`" Class`n"
    write-host -ForegroundColor red $message
    Write-Log -Message $message -Path $LogPath -Level Error -ErrorAction SilentlyContinue
    exit 1
    }



# Put in Maintenance Mode
$message = "Putting following instances in Maintenance Mode for $Duration minutes...:`n $($Instances | foreach {"$_;`n"})"
write-host $message
Write-Log -Message $message -Path $LogPath -Level Info -ErrorAction SilentlyContinue

    
$Instances | foreach {`
    try
    {
    $message = "`nSetting Maintenance Mode on `"$_`"..."
    write-host $message
    Write-Log -Message $message -Path $LogPath -Level Info -ErrorAction SilentlyContinue
    Start-SCOMMaintenanceMode -Instance $_ -Reason "PlannedOther" -EndTime $endTime -Comment "MM of $_" -ErrorAction Stop
    }
    catch
    {
    $message = "Error setting Maintenance Mode on `"$_`""
    write-host -ForegroundColor red $message
    Write-Log -Message $message -Path $LogPath -Level Error -ErrorAction SilentlyContinue
    }
}
    

# Check and log Maintenance Mode
$message = "Checking Maintenance Mode..."
Write-Log -Message $message -Path $LogPath -Level Info -ErrorAction SilentlyContinue

$Instances | foreach {`
$message = Get-SCOMMaintenanceMode -Instance $_ | foreach {"COMMENT: $($_.Comments) -- START:$($_.StartTime) -- END:$($_.ScheduledEndTime) -- REASON:$($_.Reason) -- USER:$($_.User)`n" } 
Write-Log -Message $message -Path $LogPath -Level Info -ErrorAction SilentlyContinue

}

 

Derniers articles

Catégories

Archives

Auteurs/Autrices