Monday, February 17, 2014

PowerShell + SCCM 2012 R2 : Discovery

So my lab is all setup. Now before starting to manage Objects (Computers, Users etc. ) we need to discover them.

If you want to read more on Discovery in ConfigMgr, you can browse to this link.

For this post am trying to automate things done in this post at Windows-Noob.

Note - To manage ConfiMgr using PowerShell one needs the ConfigrationManger Module (this is available after you install Admin Console on a Client/ Server) loaded in the session, which can be done in two ways:

  1. You can open a PowerShell session and import the ConfigurationManager module.
  2. Import-Module -Name "$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1"
  3. Using ConfigMgr Admin Console you get an option to connect using PowerShell which essentially does the same thing done in above step.




Note: To run all the CM Cmdlets your location needs to be set to the CMSite and properties you reference are case sensitive. Below is the Screenshot showing that :


Now see the Property Reference thing I was referring to:



[I tried Implicit Remoting but the the PSDrive for the CMSite won't load on the PSSession while importing the Module.]

Step1 : Enable Discovery Methods

The Cmdlet used to work with configuring Discovery methods is:
Set-CMDiscoveryMethod
If you go and have a look at the Online help page for the cmdlet you will see that the parameter set names and the parameters are really very descriptive.

AD Forest Discovery [LogFile - ADForestDisc.log] : With ConfigMgr 2012 this is a new discover methods added which discovers AD Sites, Subnets and domains and gives an option to automatically create Boundaries based on it.

To enable it using PowerShell and run it ASAP the code is below:

So after this hit refresh on the ConfigMgr console and the changes reflect.

AD Group Discovery [Logfile - Adsgdis.log] :
BTW run this discovery method after you have run the AD System and User discovery as it creates partial DDR for the Computers and Users part of the Groups. Read more here.

I did hit a little bump while trying to configure this discovery, at first was able to configure all options properly except the one to set Discovery Scopes. Later on was able to do that after digging deep into the ConfigMgr SDK , trying out things via GUI to analyze them and found out that it is way easy to do in PowerShell by just issuing few CIM calls :)


Below is the code :



The Screenshots after running the above cmdlet:


               


AD System Discovery [Logfile : Adsysdis.log ]

I found out that the Set-CMDiscovery Cmdlet does have a parameter named -ActiveDirectoryContainer  but it throws an error when you use that so I went ahead and did it using CIM Cmdlets ;)

Note that the schedule in which discovery is running in my Environment are very short durations...it's just my Lab environment you shouldn't do that in a Production as it could be overwhelming for the Site Servers to process the discovery data.

Code is below:



Below is one of the Screenshots...not putting every screen up now. You can verify it in your environment. Play with the Script code a bit and you would explore what various values do.


AD User Discovery [Logfile : Adusrdis.log ]
Based on pretty much what is done with the AD Sys Discovery the PowerShell code is similar. Code is below


Network [LogFile : NetDisc.log ] & HeartBeat Discovery [ LogFile : InventoryAgent.log  (Client Side)]

Code below:


Now, this past week was interesting as I was reading the ConfigMgr SDK to figure out most of the things like setting AD Container for User/ System discovery but in the end it was lot of experimenting that made it work.

Also after you make changes to the Discovery methods, they won't reflect until you restarted the Component Manager service on the SCCM Server. This took me little time to figure out. Once you do this the relevant log files will spawn up or have the relevant entries about the run.

I must say I had my share of fun figuring things out...am hoping for more learning in next few weeks when I dive deep into  the ConfigMgr SDK ;)

11 comments:

  1. I've been searching, but I can't find a method for retrieving the discovery data using PowerShell. Is there a way to do so?

    ReplyDelete
    Replies
    1. What discovery data are you trying to retrieve ?
      If I am not wrong the DDR files get generated and dropped into appropriate folders for ConfigMgr to process.

      Delete
    2. We're collecting the DisplayName from user accounts and I'm trying to find a good way to use that for our employee that will be adding user accounts to collections.

      Where do I find the DDR files?

      Delete
    3. I guess no need to look for DDRs then, once the Users have been discovered they can be discovered using the appropriate WMI Class, Take a look at the ConfigMgr SDK.
      It should have that information.

      Delete
    4. Let me know, how that goes :)

      Delete
  2. Nice post. It's one of the few on the web regarding automation of discovery. Question - Have you looked at setup for an untrusted forest? Specifically, what have you found regarding the automation of adding new forests and the respective discovery accounts?

    ReplyDelete
    Replies
    1. Hey Greg,

      I have never tried that but we can get in touch and work on it.
      How does that sound ? There is a contact me form at the end of the blog.

      Deepak

      Delete
    2. Deepak,

      Thanks for the offer to help. I think I've worked it out with a great deal of help from SMSProv.log. The trick was running the ImportGlobalUserAccount method to turn the local account into a global account. I kept getting stuck trying to use the SMS_SC_Reservered_SDK class to create the global account. (If other folks are having this problem, stop. You can't do it.) For reference, here's my powershell code sequence to add discovery for a new untrusted forest. You will need similar code for User, System and Group discovery, but insted of updating the site definition table, I believe you'll want to update the SMS_SCI_Component table. But I'm still working that out...

      Greg

      # create new forest
      $NewForest = $([WMIClass] "\\xxxxxxxx\ROOT\SMS\Site_xxx:SMS_ADForest").CreateInstance();
      $NewForest.Account = "JUNK10\NOUSER10";
      $NewForest.Description = "JUNK10\NOUSER10";
      $NewForest.EnableDiscovery = 1;
      $NewForest.ForestFQDN = "junk10.local";
      $NewForest.PublishingPath = "";
      $NewForest.Put();

      # add account to site definition
      $ns = "ROOT\SMS\Site_xxx"
      $sitedef = gwmi -Namespace $ns -Class SMS_SCI_SiteDefinition;
      $sitedef.get();
      $NewAccount = $([WMIClass]"\\xxxxxxxx\ROOT\SMS\Site_xxx:SMS_EmbeddedProperty").CreateInstance();
      $NewAccount.ItemType = "";
      $NewAccount.PropertyName = "GlobalAccount:JUNK10\NOUSER10";
      $NewAccount.Value = "0";
      $NewAccount.Value1 = "JUNK10\NOUSER10";
      $NewAccount.Value2 = "plaintext";
      $NewAccount = [System.Management.ManagementBaseObject] $NewAccount;
      $sitedef.props += $NewAccount
      $sitedef.Put()

      # create encrypted password
      $pwclass = [WMIClass]"\\xxxxxxxx\ROOT\SMS\Site_xxx:SMS_Site"
      $param = $pwclass.GetMethodParameters("ImportGlobalUserAccountEx")
      $param.UserName = "JUNK10\NOUSER10"
      $param.Password = "plaintext"
      $pw = $pwclass.InvokeMethod("ImportGlobalUserAccountEx",$param,$null)



      Delete
    3. Thanks for sharing that Greg,
      Hope it helps someone.

      Delete
  3. i need to extract all the settings in the discovery methods anyone had to do that is there a power shell script

    ReplyDelete